Transparency and information obligations

for customers, suppliers, contractual partners and interested parties of Ray Sono AG

This document informs you about the processing of your personal data by Ray Sono AG and the rights to which you are entitled under data protection law.

 

Responsible organisation and data protection

Address: Ray Sono AG, Tumblingerstrasse 32, 80337 Munich, Germany

Contact information: https://www.raysono.com | Tel. +49 89 746 46-0 | hello@raysono.com

Contact data protection: datenschutz@raysono.com

 

Categories/origin of data

We process the following personal data as part of the contractual relationship and for the initiation of the contract:


For business customers:

  • Contact details (e.g. first and last names of the current and, if applicable, previous contact persons as well as name affixes, company name and address of the customer (employer), address of the freelancer, telephone number with extension, mobile phone number, business e-mail address)
  • Job-related data (e.g. function in the company, department)
  • Date of birth
  • Gender
  • If applicable, bank details (also first name/surname of the account holder as part of a SEPA direct debit mandate)
  • If applicable, preferred payment system, information on creditworthiness and credit behaviour 

 

We generally receive your personal data from you as part of the contract initiation process or during the ongoing contractual relationship. Exceptionally, your personal data may also be collected from other sources in certain constellations. This includes occasion-related enquiries about relevant information from credit agencies, in particular about creditworthiness and credit behaviour.

Ray Sono AG uses products from Microsoft Corporation, among others, in its IT environment. The following categories of data may be processed in the course of using the IT systems:

  • Functional data (data essential for the provision of services)
  • Content data (content-related data that is processed as part of the services)
  • Diagnostic & log data (technically logged data required for maintenance, troubleshooting and occasionally for further development)

 

These data categories are collected systemically directly from you. We will be happy to provide you with further information on data processing in specific IT systems on request.

We process the following personal data as part of our online meetings using Microsoft Teams:

  • Communication data (e.g. your email address, if you provide this personal data)
  • Log files, protocol data
  • Metadata (e.g. IP address, time of participation, etc.)
  • Profile data (e.g. your user name, if you provide this yourself)

 

We would like to point out that further data processing, for example in connection with accessing the MS Teams website and/or installing the MS Teams app, is not our responsibility.

Microsoft reserves the right to process customer data for its own business purposes. We have no influence on this data processing by Microsoft. To the extent that Microsoft Teams processes personal data in connection with its business purposes, Microsoft is an independent controller for these data processing activities and as such is responsible for compliance with all applicable data protection regulations. If you require information about the processing by Microsoft, please refer to the relevant Microsoft statement.

Purposes and legal basis of data processing

When processing your personal data, the provisions of the GDPR, the BDSG and other relevant legal provisions are always complied with.

Your personal data will be processed exclusively for the implementation of pre-contractual measures (e.g. for the preparation of offers for products or services) and for the fulfilment of contractual obligations (e.g. for the implementation of our service, the supplier contract or for order/order/payment processing) (Art. 6 para. 1 lit. b GDPR) or if there is a legal obligation to process (e.g. due to tax law requirements) (Art. 6 para. 1 lit. c GDPR). The personal data was originally collected for these purposes.

 

Your consent to data processing can of course also constitute a data protection authorisation provision (Art. 6 para. 1 lit. a GDPR). Before granting consent, we will inform you about the purpose of the data processing and about your right of cancellation in accordance with Art. 7 para. 3 GDPR. If the consent also relates to the processing of special categories of personal data in accordance with Art. 9 GDPR, we will expressly inform you of this in advance.

Ray Sono AG is also interested in maintaining the customer relationship with you and sending you information and offers about our products/services by e-mail. We therefore process your data in order to send you corresponding information and offers (Art. 6 para. 1 lit. f GDPR).

Your personal data will only be processed for the detection of criminal acts under the conditions of Art. 10 GDPR.

 

Storage duration of the data

As soon as your data is no longer required for the above-mentioned purposes or you have withdrawn your consent, it will be deleted by us. Data will only be stored beyond the end of the contractual relationship in cases where we are obliged or authorised to do so. Regulations that oblige us to retain data can be found, for example, in the German Commercial Code or the German Fiscal Code. This may result in a retention period of up to ten years.
Statutory limitation periods must also be observed.

 

Recipients of the data/categories of recipients

In our company, we ensure that only those departments and persons who need your data to fulfil our contractual and legal obligations receive it.

In certain cases, service providers support our specialist departments in the fulfilment of their tasks. The necessary data protection contracts have been concluded with all service providers.

In addition, we are required by law to transmit certain information to public authorities, such as Tax authorities, law enforcement agencies and customs authorities.

Third country transfer/intention to transfer to a third country

Data is only transferred to third countries (outside the European Union or the European Economic Area) if this is necessary or legally required for the fulfilment of the contractual or supplier relationship, or if you have given us your consent to do so.

When selecting service providers, we endeavour to use European service providers (service providers within the European Economic Area). However, this is not always possible - for example, in the case of Microsoft. If service providers from third countries are used, care is taken to ensure that the configuration is as restrictive as possible.

(In the case of Microsoft, for example, data processing in Europe is agreed. In addition, the configuration is restricted by IT experts and individual processing operations are agreed with the data protection officer).  

 

Rights of data subjects

Your rights as a data subject are normalised in Art. 15 - 22  GDPR.

This includes:

  • The right of access (Art. 15 GDPR)
  • The right to rectification (Art. 16 GDPR)
  • The right to erasure (Art. 17 GDPR)
  • The right to restriction of processing (Art. 18 GDPR)
  • The right to object to processing (Art. 21 GDPR)
  • The right to data portability (Art. 20 GDPR)

 

To assert these rights, please contact: datenschutz@raysono.com. The same applies if you have any questions about data processing in our company or wish to withdraw your consent. You can also lodge a complaint against data processing with a data protection supervisory authority.

 

If we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.

 

If we process your personal data for the purpose of direct marketing, you have the right to object without giving reasons; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

 

Obligation to provide data

You are obliged to provide certain personal data in order to enter into or fulfil a contractual relationship. This is necessary for the establishment, execution and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. It is not possible to fulfil the contract without providing this data.

 

Automated individual case decisions

We do not use purely automated processing to reach a decision.