Privacy policy
We take data protection seriously.
Your trust is important to us, which is why we protect your privacy when processing personal data. So that you can get an overview of our data protection declaration, we will explain below how your personal data is processed and protected.
I. Person responsible
The internet portal www.sunjoyonline.eu is operated by the
Sunjoy Gartenmöbel
SunWay Europe GmbH
Wrangelstrasse 100
10997 Berlin
(hereinafter “SunWay”, “we” or “us”).
SunWay is responsible for processing your personal data within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
If you have any questions about data protection, you can contact our data protection officer at any time. This can be reached using the following contact details:
Shana Surdo
Wrangelstrasse 100
10997 Berlin
Email: dennis@sunwayeurope.com
II. No sharing of your personal data
SunWay remains the controller of your personal data at all times. Your data will only be passed on if necessary for our service and only on the basis of legal permission:
• if you have consented to the transmission of your data in accordance with Art. 6 Para. 1 lit. a GDPR,
• if this is necessary to fulfill the contract in accordance with Art. 6 Para. 1 lit. b GDPR (this includes, for example, data transfers to payment and logistics service providers, transporters and suppliers if they supply you directly), or
• if this is necessary to fulfill a legal obligation in accordance with Article 6 (1) (c) GDPR, or
• due to our legitimate interest or the legitimate interest of a third party in accordance with Article 6 Para. 1 lit. f GDPR (this includes, for example, data transfers as part of the assignment of claims or to credit agencies for the purpose of credit checks).
III. General information
1. Personal data
Personal data is data about you personally. In particular, we process the following personal data (“collectively: “data”):
• Your name, your address, your email address, your gender, your telephone number, your encrypted password for the customer account and, if applicable, your date of birth,
• Your order details, the products you purchased, the services you used, payment information, your preferences regarding product types,
• Your data that arises when you use our online offering,
• Data that we receive in certain cases from our service providers (e.g. from credit agencies or payment service providers)
• Information regarding your first interactions on our website (e.g. the date of your first registration)
• Data about your behavior in connection with surfing our website (e.g. clicking on a product)
• Data about your behavior in connection with actions in our newsletter (e.g. clicking on a link in the newsletter)
• Login data (date and time when you logged in to our website)
2. Purposes of processing
We only process your data if you have consented to this (Art. 6 Para. 1 lit. a) GDPR), we have a legitimate interest in the processing (Art. 6 Para. 1 lit. f GDPR), we need it to fulfill the contract with you in accordance with Art. 6 Para. 1 b) GDPR, or this is necessary to fulfill a legal obligation (Art. 6 Para. 1 lit. c GDPR) in order to provide you with this to offer the best possible shopping experience on our website.
Specifically, this means that we process personal data in the following cases:
• when you visit our website (section IV),
• if you set up a user account with us (Section V.)
• when you order from us (Section VI).
• to contact us (Section VII),
• for advertising purposes (section VIII),
• if we use cookies (Section IX)
If we also want to collect and process data from you, we will inform you separately before collection and processing, including the explanation of the legal basis, and, if necessary, obtain your consent.
At no time do we process special categories of personal data (such as health data).
3. Storage period & deletion
In principle, we only store your data for as long as it is necessary for the respective purpose of processing, as required by law (e.g. according to commercial and tax law) or until you inform us that your customer account should be deleted.
Your customer data (first name, last name, middle name, name changes, postal address) will remain stored with us as long as you have an active member account or you ask for this data to be deleted beforehand.
We store your order data, invoices and related information for ten years, as required by law.
We store data about your behavior in connection with surfing on our website (e.g. clicking on a product), data about your behavior in connection with promotions in our newsletter (e.g. clicking on a link in the newsletter) and login data (date and time when you logged in to our website) for up to 25 months after it was collected in order to improve your shopping experience. The data collected is then anonymized in such a way that it can no longer be assigned to you as a person.
IV. Data processing when visiting our website
When you visit our website, the provider of our website collects and stores the following information in so-called server log files, which your browser automatically transmits to us:
• the IP address of your Internet service provider,
• the website from which you visit us and the websites that you visit on our site
• Information about the browser and operating system used
• If applicable, your email address that you use to register on our website
• Identification numbers that we store on your device. We can use this identification number to recognize your device on the website. Technically, these identification numbers are stored in so-called cookies or eTags.
This information is absolutely necessary for the technical transmission of the website and secure server operation. When you visit our website, we assign you an individual customer ID, which we only combine with your email address for forensic reasons if an error occurs on the website. The server log files are stored for 365 days and then deleted.
Processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on our legitimate interest in improving the stability and functionality of our website.
V. Data processing when setting up a user account
To set up your personal user account, we need an email address and a password you have chosen. The email address serves as the access identifier for the user account. After successful registration, you will automatically receive a confirmation by email. You can also store your personal information in your user account and use it to shop conveniently on our website. The information can be updated at any time in the personal area of the user account (“My Account”). We use this data, among other things, to process orders, offer payment options and process payments and any refunds.
We would like to use the “Stay logged in” function to make your visit to our website as pleasant as possible. This feature allows you to use our services without having to log in again each time. Technically speaking, a cookie is stored on your device so that you do not have to log in again on subsequent visits to our website. This function is not available to you if you have deactivated this cookie when determining your cookie settings or if you have deleted the cookie in your browser settings after logging out of our website. We also recommend that you do not use the “stay logged in” feature if the computer is used by multiple users. The legal basis for the associated data processing is Article 6 Paragraph 1 b) GDPR (fulfillment of the contract).
VI. Data processing to process your order
If you order something from us, the processing of your data serves to conclude and execute the contract as well as to process your order including payment and delivery. We will delete your personal data processed in the context of orders at the latest after the statutory retention requirements have expired.
1. Choice of payment method
After choosing the payment method, you will be asked for the data required to use the respective payment service provider. This payment information is forwarded directly to the respective payment service provider and is not stored by us. We store the billing and (if applicable different) delivery address information you provide in your user account so that you do not have to enter it again the next time you make a purchase. You can change this information at any time in the future.
If you do not agree with the payment method(s) offered to you, you can inform us in writing by letter or email to service@sunjoyonline.eu. We will then review the decision again taking into account your point of view.
2. Credit card payment
When you pay by credit card, we receive the so-called payment ID and the last four digits of your credit card number from our payment provider. This serves us to authenticate and assign your order and therefore for your security. The personal data necessary to carry out the payment is collected directly by the payment service provider. The legal basis for the above data processing is Art. 6 Para. 1 b) GDPR (fulfillment of contracts for the implementation and processing of contracts) and Art. 6 Para. 1 f) GDPR (balancing of interests, based on our interest in offering you a secure credit card payment option).
3. Purchase on account
In order to be able to offer you purchase on account, you will be asked during the ordering process to consent to the transfer of the data required to process the payment and an identity and credit check to Billpay GmbH. If you give your consent, your data (first and last name, street, house number, zip code, city, date of birth, telephone number) as well as the data related to your order will be transmitted to Billpay GmbH.
For the purpose of its own identity and creditworthiness check, Billpay GmbH or partner companies commissioned by Billpay GmbH transmit data to credit reporting agencies (credit agencies) and receive information from them and, if necessary, creditworthiness information based on mathematical and statistical methods, the calculation of which includes, among other things, address data. Detailed information on this and the credit agencies used can be found in the data protection regulations of Billpay GmbH: https://www.billpay.de/de/datenschutz-de/.
Furthermore, Billpay GmbH may use third-party tools to detect and prevent fraud. Data obtained using these tools may be stored encrypted by third parties so that they can only be read by Billpay GmbH. This data will only be used if you select the purchase on account payment method, otherwise the data will automatically expire after 30 minutes.
The legal basis for the credit check described above is Art. 6 Para. 1 f) GDPR (balancing of interests, based on SunWay's interest in not suffering payment defaults).
Reasons why a purchase on account cannot be offered may include, among other things, that the delivery and billing address are different, a packing station or a parcel depot was specified as the billing and/or delivery address, or there are payment difficulties with previous orders.
4. PayPal
If you choose the payment method “PayPal”, your personal data (first and last name, delivery address, email address, telephone number, the amount to be paid and the IP address) will be sent to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg so that you can authorize the payment to us via PayPal. For this you need a PayPal account. With this payment method you can pay with one click without having to log in to PayPal with all your data every time you make a purchase. The legal basis for this is Art. 6 (1) 1 lit. b GDPR.
PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. The legal basis for the associated data processing is Art. 6 Para. 1 lit. b GDPR, i.e. the processing of your data is necessary to fulfill the agreement regarding payment for your purchase via PayPal. The data transmitted to PayPal may be transmitted by PayPal to credit reporting agencies. This transmission serves to check identity and creditworthiness. Further information about data protection at PayPal can be found on the PayPal website at https://www.paypal.com/de/webapps/mpp/ua/privacy-full. The legal basis for the associated data processing is Art. 6 Para. 1 lit. f GDPR (balancing of interests, based on our interest in offering you effective and secure payment options and in this context preventing cases of fraud).
5. Instant transfer
Payments via instant transfer are made via Payment Network AG, Fußbergstr. 1, 82131 Gauting (entered in the commercial register of the Munich District Court under HRB 161963, board: Christoph Klein, Dr. Jens Lütcke, Georg Schardt).
6. Direct debit
If you choose the SEPA direct debit payment method, you will be asked to provide us with your account number and sort code or your IBAN and BIC. By submitting this data, you give SunWay a SEPA mandate to collect the corresponding invoice amount from the account you specified. You can revoke the SEPA mandate at any time in text form (e.g. email). The direct debit amount will be collected from five (5) working days after completing the order process. With the order confirmation we will inform you again about the time at which the direct debit amount will be debited (advance information). The deadline for providing advance information before debiting is shortened to five (5) working days. You must reimburse SunWay for the costs of a chargeback that arise due to insufficient account funds, incorrect bank details or an unjustified objection to the debit on your part, to the extent that you are responsible for them.
7. Securing your order
In order to avoid payment defaults, we check common fraud patterns and anomalies. For this purpose, order and payment data (e.g. address, item, payment method) and device information (e.g. device, browser) are processed. The legal basis is Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in protection against misuse.
Further information about the payment methods offered can be found in our General Terms and Conditions (GTC).
VII. Data processing when contacting us
You have various options for contacting us. You can contact our customer service:
• by telephone,
• by letter,
• by email,
• via contact form, or
In order to be able to process your request, we collect your name, your email address, your telephone number, your customer, order and item number, as well as any other information that you provide to us. The legal basis for this is Art. 1 b) GDPR (fulfillment of the contract - the processing of the user's data is necessary to fulfill the agreement to answer questions or concerns) or Art. 6 Para. 1 f) GDPR (balancing of interests - based on our interest in processing inquiries from users of our website).
VIII. Data processing for advertising purposes
1. Newsletters
The legal basis for sending our newsletter is your consent in accordance with Article 6 (1) (a) GDPR. To send the newsletter, we use the so-called double opt-in procedure, i.e. we will only send you a newsletter by email if you have previously expressly confirmed to us that we should activate the newsletter service. We will then send you a notification email and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this email. When you register for our newsletter, we save your IP address and the date of registration. This storage serves solely as proof in the event that a third party misuses your email address to register you to receive the newsletter without your knowledge or authorization. If you no longer wish to receive newsletters from us at a later date, you can object to this at any time without incurring any costs other than the transmission costs according to the basic tariffs.
We use standard technologies in our newsletters that can be used to measure interactions in the newsletter (e.g. email opening, links clicked). We use this data for general statistical evaluations as well as to optimize and further develop our content and customer communication. This is done with the help of small graphics that are embedded in the newsletter (so-called pixels). The legal basis for this is our legitimate interest in accordance with Article 6 Paragraph 1 Letter f of the GDPR. Our newsletter is an integral part of our shopping community through which we want to provide relevant content for our customers. If you do not want usage behavior to be analyzed, you can unsubscribe from the newsletter or deactivate graphics in your email program by default.
IX. Cookies
We use cookies on our website. Cookies are small text files that are transferred from an Internet server to your browser and stored on its hard drive. There are so-called session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored on your device for a longer period of time or indefinitely.
Depending on the cookies you select, the next time you access the website using the same device, the information stored in the cookies will be sent to our website or to another website to which the cookie belongs. This helps us to optimally design and display our website according to your preferences.
You can use the “Cookie Settings” button to determine at any time which cookies you would like to allow. Basically, we distinguish between four different cookie categories:
1. Strictly Necessary Cookies
enable basic functions and are necessary for the website to function properly. For example, they serve to ensure that you, as a registered user, always remain logged in when accessing various subpages of our website and do not have to re-enter your login details each time you access a new page. The legal basis for the use of absolutely necessary cookies on our website is Art. 6 Para. 1 lit f) GDPR (legitimate interest, here in the technically flawless provision of our website and the services offered through it). The use of strictly necessary cookies is possible and permitted without your prior consent.
You can also visit our website without accepting absolutely necessary cookies. If you do not want your computer to be recognized the next time you visit, you can also refuse the use of cookies by changing the settings in your browser to “reject cookies”. You can find the respective procedure in the operating instructions of your respective browser. However, if you refuse the use of cookies, the use of some areas of our website may be restricted.
We also use the following cookies, which we only use if you have given us your consent:
2. Functional cookies
enable our website to store information you have already provided (such as registered name) and to offer you improved and more personal functions. If you do not allow these cookies, some of these services may not function properly.
3. Performance cookies
allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used and how visitors move around the website. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not be able to know when you have visited our website.
4. Marketing cookies
can be placed on our website by our advertising partners. They are used to collect information about the websites you visit or to present advertisements tailored to you. They do not directly store personal data, but are based on unique identification of your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
5. Details about the individual cookies
5.1. GOOGLE RECAPTCHA
We use the reCAPTCHA service from Google. The service can be used to make a query to distinguish whether the input was made by a human or improperly through automated, machine processing. The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and used there. However, if IP anonymization is activated on this website, Google will first shorten your IP address within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The IP address transmitted by your browser as part of reCaptcha is not merged with other Google data. The different data protection regulations of Google apply to this data. Further information about Google's data protection guidelines can be found at: https://www.google.com/intl/de/policies/privacy/.
5.2. GOOGLE GOOGLEADSERVICES / GOOGLE ADWORDS CONVERSION TRACKING
Our website uses cookies for so-called “conversion tracking” when you click on an ad placed by Google. This is used to identify whether a visitor came to our website via a Google ad. Google uses cookies, which are stored on your computer and enable analysis of the use of the website. If you would like to learn more about these methods, click here: https://www.google.com/settings/u/0/ads/authenticated.
5.3. GOOGLE DOUBLECLICK
Doubleclick by Google is a service from Google that sets cookies to show you advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which advertisements were displayed in your browser and which advertisements were viewed. The cookies do not contain any personal information. The use of DoubleClick cookies enables Google and its partner websites to serve ads based on previous visits to our website or other websites on the Internet. Google will only transfer data to third parties due to legal regulations or as part of order data processing. Under no circumstances will Google combine your data with other data collected by Google.
5.4. GOOGLE WEB FONTS
Google Webfonts (http://www.google.com/webfonts/) are used to visually improve the presentation of various information on our website. When the website is accessed, the web fonts are transferred to the browser's cache so that they can be used for display. If the browser does not support Google Web Fonts or prevents access, the text will be displayed in a standard font. Data transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They will not be associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. You can set your browser so that the fonts are not loaded from the Google servers (e.g. by installing add-ons such as NoScript or Ghostery for Firefox.) If your browser does not support Google Fonts or you prevent access to the Google servers, the text will be displayed in the system's default font. Information about the data protection conditions of Google Webfonts can be found at: https://developers.google.com/fonts/faq#Privacy.
5.5. GOOGLE ANALYTICS WITH ANONYMIZATION FUNCTION
We use cookies from Google Analytics, a web analysis service from Google, on our site. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices. Google Analytics uses cookies that enable analysis of your use of the website. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. We would like to point out that Google Analytics has been expanded to include IP anonymization on this website in order to ensure the anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. Further information on terms of use and data protection can be found at https://policies.google.com/. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The legal basis for the use of Google Analytics is your consent in accordance with Article 6 Paragraph 1 Letter a) GDPR. The recipient of the data collected is Google. The data we send and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month. As with all cookies, you can revoke your consent at any time, see Section XI. In addition, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by installing https://tools.google.com/dlpage/gaoptout. Opt-out cookies prevent your data from being collected in the future when you visit this website. In order to prevent Google Analytics from collecting data across different devices, you must opt out on all systems used.
5.6. GOOGLE REMARKETING
This website uses Google's remarketing function. The function is used to present interest-based advertisements to website visitors within the Google advertising network. The technology enables us to display automatically created, target group-oriented advertising after your visit to our website. The advertisements are based on the products and services that you clicked on when you last visited our website. Google usually stores information such as your web request, the IP address, the browser type, the browser language, and the date and time of your request. This information is used to assign the web browser to a specific computer. On the pages of the Google advertising network, the visitor can then be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google's remarketing function. If you have agreed at https://www.google.com/settings/u/0/ads/authenticated that your browser history will be linked by Google to your Google account and that information from your Google account will be used for ad personalization, the remarketing function will also take place across devices. Here, Google collects your Google ID and uses it for the purpose of cross-device recognition. According to its own information, Google generally does not collect any personal data during this process. For more information about how Google uses cookies, please see Google's privacy policy.
5.7. GOOGLE ANALYTICS (GA) AUDIENCE
Our website uses GA Audience, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: GA Audience). GA Audience uses, among other things, cookies that are stored on your computer and other mobile devices (e.g. smartphones, tablets, etc.) and which enable analysis of the use of the corresponding devices. Some of the data is evaluated across devices. Google Audience receives access to the cookies created as part of the use of Google Adwords and Google Analytics. Further information on data protection when using GA Audience can be found at the following link: https://support.google.com/analytics/answer/2700409?hl=en&ref_topic=2611283.
X. Secure data transmission and data security
We have taken technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All of our employees and service providers who work for us are obliged to comply with applicable data protection laws.
Whenever we collect and process personal data, it is encrypted during transmission. This means that your data cannot be misused by third parties. Our security precautions are subject to a constant improvement process and our data protection declarations are constantly revised.
XI. Your rights
You have a right to information, correction, deletion or restriction of processing of your stored data at any time, a right to object to processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
• Right to information
You can request information from us as to whether and to what extent we process your data.
• Right to rectification
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
• Right to deletion
You can request that we delete your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Regardless of whether you exercise your right to deletion, we will delete your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.
• Right to restriction of processing
You can request that we restrict the processing of your data if
- You contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse to delete it and instead request a restriction on the use of the data,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- You have objected to the processing of your data.
• Right to data portability
You can request that we provide you with the data that you have provided to us in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that - we process this data based on your given and revocable consent or for the performance of a contract between us, and - this processing is carried out using automated procedures. If it is technically feasible, you can request that we transmit your data directly to another person responsible.
• Right to object
If we process your data for legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You can object to the processing of your data for direct advertising purposes at any time without giving reasons.
• Right to complain
If you are of the opinion that we are violating German or European data protection law when processing your data, we ask you to contact us to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you would like to assert one of the rights mentioned against us, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity.
XII. CHANGES TO THIS PRIVACY POLICY
We reserve the right to change our privacy policy if this becomes necessary due to new technologies. If fundamental changes are made to this data protection declaration, we will announce these on our website.
As of: February 2022