Data categories, sources, and origin

Which data we process is determined by the respective context. This depends, for example, on whether you place an order online or enter an inquiry using our contact form, or whether you send us an application or submit a complaint.

Please note that we may also provide information for special processing situations in other suitable places, e.g. when uploading application documents or when a contact request is made.

Applicant Portal (Art. 6 para. 1 lit. a, b GDPR)

We always treat your personal data confidentially and use it only to process your application, e.g. for arranging interviews, identifying suitable alternative areas of work, and other purposes related to the application as part of the personnel selection process.

Through technical and organisational measures, we ensure that during the application process, only the responsible employees of the HR department and the respective department have access to your personal data.

Operator of the Applicant Portal

Our applicant portal is operated by Personio GmbH, a company based in Germany, which offers personnel administration and applicant management software (https://www.personio.de/impressum/). The data transmitted as part of your application is transferred via TLS encryption and stored in a database. Personio is only the operator of the applicant portal and in this context is a processor according to Art. 28 GDPR. The basis for processing by Personio in this regard is a contract for commissioned processing between us and Personio.

In the course of providing the applicant portal, personal data is transferred to Personio GmbH. This is access data (IP addresses, access times, operating system, browsers used, crash reports, etc.). The transmission of this data is technically necessary to ensure the functionality of the applicant portal. Personio deletes the access data after 7 days.

Applicant Pool

The application form contains a separate data release declaration that allows your application to continue to be stored, even if you receive a rejection for the position you have applied to. If you consent to this, there is a possibility that we will include you in the pool of applicants and contact you again for suitable positions that match your profile.

We take technical and organisational measures to ensure that only those persons who participate directly in the selection process and require the data for this purpose have access to your data.

Your application will be stored for a maximum of 24 months if it is included in the applicant pool or forwarded, after which we will anonymise and delete your data in accordance with data protection regulations.

Of course, you will not suffer any disadvantages if you do agree to inclusion in the applicant pool.

In no case will we make an exclusively automated decision about a job placement.

Also with respect to the applicant pool, Ray Sono always ensures the secure and confidential treatment of your data and uses appropriate state-of-the-art technical and organisational measures to protect your data in accordance with applicable law.

Data Storage

Your data will be stored at Ray Sono for the above-mentioned purpose until the application process is completed and any legal deadlines in this regard have expired. Ray Sono will anonymise your data immediately after the expiration of these periods, at the latest after 6 months, unless the above-noted provisions regarding the applicant pool apply.

Data Subject Rights

Of course, the previously mentioned data subject rights and complaint options remain open to you. (see above: Your rights as a data subject).

Advertising Purposes for Existing Customers (Art. 6 para. 1 lit. f GDPR)

Ray Sono AG is interested in maintaining the customer relationship with you and to send you information and offers about our products / services. We thus process your data so that we can send you relevant information and offers by e-mail.

If you do not want us to do this, you can object at any time to the use of your personal data for the purpose of direct advertising; this also applies to profiling insofar as it relates to direct advertising. If you object to this, we will no longer process your data for this purpose.

You can file an objection free of charge and without a special form. You do not have to provide any reason. You should preferably call us at +49 89 746 46-0, send a written objection to hello@raysono.com or by postal mail to Ray Sono AG, Tumblingerstraße 32, 80337 Munich.

Data protection notice on participation in webinars and related recording options/advertising consent (Art. 6 para. 1 lit. a GDPR)

You have the opportunity to participate in our webinars voluntarily. As part of the registration process, we collect personal data such as your title, your first and last name, your e-mail address and your company. To participate in the webinar, you consent to Ray Sono AG storing this data and using it for marketing purposes.

If you have not yet given your consent, this will be done using the double opt-in procedure: After your registration, you will receive a confirmation e-mail asking you to click on a link to confirm that you wish to receive information about future webinars and other events by e-mail.

The webinar will be recorded for marketing purposes of Ray Sono AG. During the webinar, your name and profile picture may be recorded in Chat/F&A. However, in order to protect your privacy, these will be removed when the recordings are processed further.

We strictly adhere to the principle of data minimisation and data avoidance. For technical reasons and for legal protection, your IP address is also processed during the registration process.

You can revoke your consent at any time without giving reasons. You can inform us of your cancellation directly by e-mail to datenschutz@raysono.com or by post to Ray Sono AG, Tumblingerstraße 32, 80337 Munich. With the revocation, the further processing of your personal data also ends.

Cookies (Art. 6 para. 1 lit. a, f GDPR, § 25 para. 1, 2 TDDDG)

Our website uses so-called cookies. They serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your end device and saved (locally) by your browser. Cookies only contain pseudonymous, usually even anonymous data. Some cookies remain in place for the duration of a browser session (so-called session cookies), others are stored for longer periods (so-called persistent cookies, e.g. consent settings). The latter are automatically deleted after the specified time (usually 6 months). In addition to our own cookies, we also use cookies that are controlled by third-party providers. These use the information contained in the cookies, e.g. to show you content or to record the pages you have visited.

Due to our legitimate interest (Art. 6 para. 1 lit. f GDPR), we set technically necessary cookies, which are absolutely necessary for the operation of the website and to ensure its functionality. Furthermore, we use cookies without your consent if their sole purpose is to store or access information stored in the terminal device for the transmission of messages or if they are absolutely necessary to provide the service you have expressly requested, § 25 para. 2 TDDDG.

Subject to your consent, other cookies are used to enable us or third parties to analyse how our services are used, for example. This allows us to customise the content according to user needs. Cookies also enable us to measure the effectiveness of a particular advert and to place it, for example, depending on the thematic interests of the user. The legal basis for this is your express consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG).

You can revoke your consent at any time via our consent banner with effect for the future and change the cookie settings. Please note that changes must be made separately for each end device.

Change your consent via the cookie information

If you have accounts with the third-party providers we use and are logged in there, your data may be linked to the respective account. You can avoid such a combination by not giving or revoking your consent to the cookies in question or by logging out of the respective third-party providers in advance.

Most browsers accept cookies automatically. You can also deactivate, restrict or delete cookies on your end device manually via your browser settings or with the help of software. If you deactivate the setting of cookies, you will not be able to use our website to its full extent or only to a limited extent.

Please also note our information in the section of the respective service that uses cookies.

User Profiles / Web Tracking Methods

Use of Google Analytics

We use the tracking tool Google Analytics from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: "Google") on our website. If you are a resident of the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the data controller responsible for your data that are collected in these procedures.This tool collects, stores and systematically analyses the interactions of visitors to our website using cookies and JavaScript functions. The following data is collected: anonymised IP address (only three bytes are collected), the website accessed via Google ID, the previously accessed website, time spent on the websites, and the frequency of visits to the websites.Your data are transmitted to Google and processed there for Google's own purposes. If you have a Google account, Google may also merge the data obtained from Google Analytics tracking. A third-country transfer takes place. Cf.: Third-country transfer/intent to transfer. Based on the GDPR, we have concluded a corresponding order processing agreement with Google.We use this tool to collect information about the use of our website and, based on this data, to be able to design and optimise our website in line with requirements.Usage profiles are created from this data across all websites.The tool is used based on your consent according to Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG. You can withdraw your consent at any time by clicking here:

Change your consent via the cookie information

The objection is valid only for the device and the web browser on which it was set. Please repeat the process on all devices if desired. If you delete the opt-out cookie, you will be asked again for your consent for data transfer.

Furthermore, you can download a browser add-in for the deactivation of Google Analytics here: https://tools.google.com/dlpage/gaoptout?hl=de . This add-in is provided by Google for popular browser versions.

Data Storage Period

The data obtained via this procedure is deleted as soon as it is no longer required for our purposes. In our case, this is the case after 14 months.

Google Tag Manager (GTM)

We use the Google Tag Manager Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website.

The Tag Manager is used to manage functions of the Google Analytics tracking tool and the Google AdManager advertising service. Initially, the Google Tag Manager also controls your user decision (consent) via the so-called consent mode. This adapts the behaviour of the Google tools to your consent to this processing according to Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG.

Your user decision is read out via corresponding scripts and cookies. Unless you have consented to the use of Google Analytics or Google AdManager, the Google Tag Manager prevents the collection by these tools. In doing so, the following data is collected: time stamp, user agent, referring URL, boolean information about consent status, random number generated each time the page loads, information about the consent management platform used by the website owner (e.g. developer ID). For technical reasons, the IP address, device information, browser information and URL are also transmitted to Google when the corresponding script is called up.

Your data will be transmitted to Google. Third-country transmission takes place.

We use the Google Tag Manager to store and implement your consent status and to control our Google tools (Google Analytics and Google AdManager).

The use of Google Tag Manager is based on our legitimate interest according to Art. 6 (1) lit. f GDPR, § 25 para. 1 TDDDG. The data processing is technically necessary to implement your consent for the Google Analytics and Google AdManager tools.

Your personal data is not stored by the Google Tag Manager after the respective session in the context of the consent mode. The Google Analytics and Google AdManager tools controlled by the Google Tag Manager are stored only for the duration of the period you consent to in the respective sections.

Facebook Pixel

Our website also uses the “Facebook Pixel” of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”). With its help, we can track the actions of users after they have seen or clicked on a Facebook ad. This allows us to track the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Meta, about which we are informing you about our present state of knowledge. According to Facebook's data usage policy, Facebook can associate this data with your Facebook account and use it for its own advertising purposes. You can allow Meta and its partners to place ads on and off Facebook. Furthermore, Facebook may store a cookie on your computer for these purposes.The use of the Facebook pixel is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG. You can revoke your consent at any time here:

Change your consent via the cookie information

The data obtained via this procedure is deleted as soon as it is no longer required for our purposes. In our case, this is the case after 180 days.You can find Facebook's privacy policy at https://www.facebook.com/about/privacy/updateYour deactivation option: https://www.facebook.com/policies/cookies/

YouTube Platform and Google AdManager (formerly Doubleclick)

We embed videos from the YouTube platform on our website. YouTube is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To embed YouTube videos, we use the technical procedure known as framing. Framing is the process of simply inserting an HTML link provided by YouTube into the code of a website to create a playback frame on a third-party site, which allows the video stored on YouTube servers to be played.

We use the framing codes generated by YouTube in the so-called “extended data protection mode”. According to information on the YouTube platform, the cookie activity and the data collection initiated by it are linked only to usage of the video playback function itself. This prevents any collection of data through the mere use of a website that features framed content.

When you visit the website on which videos from the YouTube platform are embedded, a connection to the YouTube servers is established. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

After activating a YouTube video, further data processing operations may be triggered over which we have no influence.

The use of YouTube is in the interest of an appealing presentation of our online offers. The processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. YouTube videos are deactivated by default and only start when you interact with the video.

You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=en.

Google AdManager (formerly Doubleclick)

We use Google Ad Manager, a web advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), on our website. The tool displays advertisements (text ads, banners, etc.) and stores your interaction with the ads. This is done by cookies, pixels and scripts integrated by Google Inc. The stored information can be recorded, collected, and evaluated by Google Inc. or third parties.

In addition, Google Ad Manager may also use so-called (re)marketing tags (invisible graphics, also known as "web beacons") to collect information. Through their use, for example, visitor traffic on the website can be recorded and evaluated.

The basis for the processing of your personal data is your consent, the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR, § 25 para. 1 TDDDG.

Google Ad Manager processes and stores your data in the USA. Google is obliged by corresponding contractual regulations to comply with the data protection standards and the level of data protection in the EU. Data processing or storage in third countries may also take place based on your consent (Art. 49 para. 1 sentence 1 lit. a GDPR), in which case you will be informed of this separately when obtaining your consent.

Google uses the information obtained in this way to carry out an evaluation of your usage behaviour with regard to the Google Ad Manager ads. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. If you are registered with a Google service, Google may associate your visit with your account. To prevent this, you must first log out of your Google account.

You can prevent the storage of data by using the plug-ins provided by Google under the following link: https://www.google.com/settings/ads/plugin install.

Details about which data Google makes available to us for evaluation and where this data comes from can be found via the following link: https://support.google.com/analytics/answer/2799357?hl=de#where

Furthermore, you can revoke your consent at any time for the future. To do this, simply open our Consent banner and deselect the corresponding setting. Please note that the change in the Consent Banner settings must be made individually for each end device.

Change your consent via the cookie notices

Google is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Automated Individual Case Decisions

We do not use automated processing to arrive at any decisions

Children and Online Offers

Persons under the age of 16 may not transmit personal data to us or provide a declaration of consent without the consent of their legal guardian. We encourage parents and guardians to actively participate in their children's online activities and interests.

Copyright

The content of these pages has been carefully edited and reviewed. However, Ray Sono AG does not guarantee the timeliness, accuracy, completeness, or quality of the information provided. Liability claims against Ray Sono AG regarding damage caused by using any information provided, including any kind of information which is incomplete or incorrect, will thus be rejected unless it can be proven that Ray Sono AG acted with intent or gross negligence. Ray Sono AG expressly reserves the right to change, supplement, delete, or cease publication of parts or the entire site without prior notice.

Security principles

To protect the data we store about our employees/customers/suppliers from accidental or intentional manipulation, loss, destruction, or access by unauthorised persons, we take appropriate technical and organisational measures. We continuously review these security levels in cooperation with security experts and adapt them to new security standards.

Notes on Data Protection in Social Media

Ray Sono AG maintains a social media presence on Facebook, Instagram, LinkedIn, Xing, Kununu, and YouTube. To the extent that we can control how your data is processed, we ensure compliance with the applicable data protection regulations.

The following section contains the most important information on data protection law as it relates to our web presences.

Name and Address of the Persons Responsible for the Operation

In addition to Ray Sono AG, the following companies are responsible for the company websites within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations:

• Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

• Kununu (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)

• YouTube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)

However, you yourself are responsible for the use of these platforms and their functions. This particularly applies to the use of interactive functions (e.g. commenting, sharing, rating).

We would also like to point out that your data may be processed outside the European Union. The corresponding contract required under data protection law has been concluded.

Purpose and Legal Basis

We ourselves maintain our fan pages to communicate with page visitors and inform them about our offers.

In addition, we collect data for statistical purposes to further develop and optimise our content and make our offers more attractive. The data we need for this purpose (e.g. total number of page views, page activity and data provided by visitors, interactions) is processed by the social networks and provided to us. We have no influence on the generation and presentation.

In addition, your personal data is processed by social media providers for market research and advertising purposes. It is possible, for example, that usage profiles are created based on your usage behaviour and resulting interests. This can result in the placement of ads matching your interests – both inside and outside the platforms. Cookies are usually stored on your computer for this purpose. Regardless of this, data that is not collected directly on your end devices may also be stored in your usage profiles. The storage and analysis also take place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

The processing of your personal data by Ray Sono AG is based on our legitimate interests in effective information and communication pursuant to Art. 6 para. 1 lit. f. GDPR.

If you are asked for consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis for this processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.

Your Rights / Option to Object

If you are a member of a social network and do not want the network to collect data about you via our presence and link it to your stored membership data with the respective network, you must

• log out of the respective network before visiting our fan page,

• delete the cookies present on your device and

• exit and restart your browser.

After logging in again, however, you will once more be recognisable to the network as a specific user.

For a detailed description of the respective processing and the options to object (opt-out), please refer to the information linked below:

Facebook: Data protection statement: https://www.facebook.com/about/privacy/ Opt-Out: https://www.facebook.com/settings?tab=ads and https://www.youronlinechoices.com

Instagram: Data protection statement: https://help.instagram.com/519522125107875 Opt-Out: http://www.networkadvertising.org/managing/opt_out.asp and https://www.youronlinechoices.com

LinkedIn: Data protection statement: https://www.linkedin.com/legal/privacy-policy Opt-Out: https://www.linkedin.com/legal/cookie-policy and https://www.youronlinechoices.com

Kununu: Data protection statement: https://privacy.xing.com/de/datenschutzerklaerung Opt-Out: http://www.youronlinechoices.com

YouTube: Data protection statement: https://policies.google.com/privacy Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=de and http://www.youronlinechoices.com

Overall, you are already entitled to the rights described above regarding the processing of your personal data.

However, since Ray Sono AG does not have complete access to your personal data, you should contact the social media providers directly if you wish to assert your rights, as they each access the personal data of their users and can take appropriate measures and provide information.

If you still need help, we would be happy to provide you with support. Please contact hello@raysono.com.