Information according to the General Data Protection Regulation (GDPR)
I. Person in charge
SONO MOTORS GmbH
80935 Munich, Germany
Represented by: Laurin Hahn, Jona Christians
Register Court: Amtsgericht München
Register number: HRB 224131
Phone: +49 (0)89 - 452018
II. Provision of the website
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
Thereby, the following data is collected:
- Information about the browser type and version used
- The operating system of the user
- The Internet service provider of the user
- The IP address of the user
- Date and time of access
- Websites from which the system of the user reaches our website
- Websites that are accessed by the user’s system through our website
The collection and temporary storage solely serves the technical function of the website. The data will never be linked to your personal data.
1. Legal basis for data processing
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.
2. Purpose of data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. For this, the IP address of the user must be stored for the duration of the session.
This named purposes reflect our legitimate interest in the processing of data in the sense of Art. 6 para. 1 lit. f GDPR.
3. Duration of storage
The data will be deleted as soon as it is no longer necessary for the achievement of the purpose it was collected for. In the case of acquisition of the data to provide the website, this is the case when the respective session ends.
4. Right of objection
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. The user has consequently no right to object this processing.
II. General information about personal data
1. Processing of personal data
Generally, we process personal data of our users only to the extent necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior obtaining of consent for factual reasons is not possible and the processing of the data is permitted by applicable law.
To protect the security of your data during transmission, we use state-of-the-art encryption techniques (such as SSL) over HTTPS.
2. Legal basis for the processing of personal data
The legal basis for the processing of your personal data are the following:
- Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) works as legal basis.
- In case of processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual actions.
- Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c GDPR as legal basis.
- In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis.
- If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR works as legal basis for processing.
3. Data erasure and storage duration
We adhere to the principles of data avoidance and data economy. Therefore, we only store your personal data for as long as is necessary to achieve the purposes stated here or according to the various periods of storage stipulated by the European or national legislature. After discontinuation of the respective purpose or expiration of these periods, the corresponding data are routinely and in accordance with the statutory provisions blocked or deleted, unless there is a need for further storage of data for closure of a contract or fulfillment of a contract.
III. Specific reasons for the processing of personal data
Inter alia, we collect and process personal data in the following cases:
- When you register for one of our newsletters
- When you reserve a car via the website, increase the corresponding deposit for the reservation or support us financially
- If you contact us directly in other cases, especially if you send us an email to the email addresses listed on the website.
With the following information, we will notify you about the contents of our newsletter as well as the registration and sending procedures and your right of objection. By subscribing to one of our newsletters, you agree to the receipt and the procedures described.
We offer various newsletters, for example, depending on which country you are in and in which language you would like to receive the newsletter. Therefore, in addition to the e-mail address, we also store the relevant country and the language you choose. In order to address you personally, we aslo ask for the correct salutation and your first name.
For an effective registration we need a valid e-mail address. In order to verify that an application is actually made by the owner of an e-mail address, we use the “Double opt-in” procedure. For this purpose we record the order of the newsletter, the dispatch of a confirmation mail and the receipt of the requested answer.
For delivery of our newsletters, we use MailChimp, a mailing list platform provided by Rocket Science Group, LLC, 675 Ponce De Leon Ave # 5000, Atlanta, GA 30308, USA. MailChimp transfers and processes all of its users’ data in compliance with the Standard Contractual Clauses (SCC) and protects data in compliance with the Privacy Shield Principles. The data entered by you for the purpose of receiving the newsletter will be stored by us and on the servers of MailChimp.
With the help of MailChimp we are also able to analyze our newsletters. So we can e.g. see if a newsletter message has been opened and which links have been clicked. We use this information for statistical purposes to further improve our service.
The legal basis for the processing of personal data to deliver the newsletters is Art. 6 para. 1 lit. a GDPR. The use of MailChimp as a mailing service provider and the statistical surveys are further based on our legitimate interests to be able to offer you the best possible newsletter (see Article 6 (1) (f) GDPR). To ensure proper processing, we have closed a data processing addendum with MailChimp according to Art. 28 (3) sentence 1 GDPR.
The consent to the storage and processing of your personal data for the newsletter can be revoked at any time. Each newsletter contains a respective link. In addition, you can notify your objection via the contact option indicated at the end of this data protection policy.
After unsubscribing the newsletter, your data will be deleted both from our servers and from the servers of MailChimp.
2. Preordering a vehicle via the website
You can preorder a Sion vehicle from Sono Motors via our website by making a down payment on the purchase price.
With your consent, we shall collect the following personal data in order to process your preorder correctly and to prepare a subsequent possible vehicle purchase:
- Form of address
- First name
- E-mail address
- Street, building no., postal code, town/city, country
- Company (optional)
- VAT ID no. (B2B customers only)
- Language (via the website’s language selection function – not requested manually)
A personal customer number (mySono ID) and a preorder number per Sion (Sion ID) will be assigned to you as part of the preorder process. The following information will additionally be logged for processing purposes: transaction number, date of preorder, date of payment receipt, amount paid, currency, invoice number, method of payment, purchase price per Sion.
Your data will be used exclusively to process the reservation and a potential purchase contract. This also includes sending e-mails with relevant information about the product and / or the general conditions (e.g. price changes).
Information regarding preordering a Sion vehicle can be found in our Terms & Conditions.
The legal basis for data collection and processing is points (a) and (b) of Art. 6 (1) GDPR.
The data shall be logged during execution of the preorder and a potential purchase contract and shall be erased in accordance with the statutory record retention obligations. The data is required for orderly execution of the contract. The data can therefore only be erased or blocked at your request when the contractual relationship is terminated.
The invoice is generated by PAYONE and is sent by e-mail in our name. Please refer to item III. 4. for details of PAYONE’s data protection provisions.
In case your Sion reservation was successfully canceled, the data necessary to reverse the payment may be collected through our service partner SurveyMonkey:
SurveyMonkey Europe UC
2nd Floor, 2 Shelbourne Buildings,
Shelbourne Road, Dublin, Ireland
The data protection policy of SurveyMonkey can be found here: https://www.surveymonkey.com/mp/legal/privacy-policy/?ut_source=footer
2.a. Donation to support Sono Motors via the website
Through our website, you can support Sono Motors by making a gift (called a "donation") to us by giving us a non-remunerated grant.
With your consent, we collect the following personal data in order to process the donation properly and to be able to offer our offered customer incentives ("Perks"):
- First Name
- Email address
The following information is stored to process the donation and the subsequent offer from the customer incentive program: donation date, incoming payment date, payment amount, currency, means of payment.
For the handling of the donation we use the payment platform of the service provider BS PAYONE GmbH. Details of data protection of the payment processing via BS PAYONE GmbH can be found in section III. 4. of this data protection declaration.
Your data will only be used to process the donation and a later offering of the customer incentive program. In addition also the dispatch of emails with relevant information counts to the customer incentive program and / or the basic conditions.
The legal basis for collection and processing is Art. 6 Para. 1 lit. a+b DSGVO.
4. Payment via BS PayOne
For the settlement of all payment runs, in particular in the context of reservation/increase or financial support, we use the offer of our payment service provider:
BS PAYONE GmbH
Lyoner Straße 9
Commercial Register Frankfurt/Main, HRB-Nr. 28 985
VAT ID: DE 114129870
Managing Director: Niklaus Santschi, Jan Kanieß, Dr. Ing. Götz Möller, Carl Frederic Zitscher
Chairman of the Supervisory Board: Ottmar Bloching
BS PAYONE GmbH is authorized and regulated by the Federal Financial Supervisory Authority, Graurheindorfer Straße 108 in 53117 Bonn, Germany, as payment institution.
The payment data you enter will be sent directly from your browser to PayOne. Depending on the chosen payment method, BS PAYONE GmbH will potentially forward data to other payment service providers (eg Paypal).
BS PAYONE will provide us with a summary of the payment process. We store this data together with the data provided by you for the reservation, increase or donation. The data on the means of payment used by you will only be sent in abbreviated form (only the last digit of the credit card number or IBAN).
The legal basis for storage and processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after termination of the legal relationship that triggers the payment and the respective legal retention obligations.
5. E-mail contact
You can contact us via the e-mail address provided on our website.
In this case, the user’s personal data transmitted with the e-mail will be stored.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
6. Test Drives
Through our website you can make an appointment for your personal test drive with the Sion as part of our test drive tours.
As part of the reservation we collect the following data:
- Your full name (first name, last name)
- Your phone number
- Your email address
We need your full name for your identification when handing over the vehicle. We collect your contact details in order to reach you, for example in order to provide you with information on your test drive and if there are any short-term changes or cancellations in the course of the test drives and possibly to contact you after the test drive about your experience with the Sion.
Your data will only be processed for the purposes stated and will be deleted at the latest upon termination of the Sion test drive tours. The legal basis for the collection and processing of your data is Art. 6 (1) lit. a (for contacting after the test drive) and lit. b GDPR.
For the reservation process, we use the Acuity Scheduling platform provided by Acuity Scheduling, Inc. 90 State Street, STE 700 Office 40, Albany, New York 12207 (“Acuity”). Acuity has adjusted its processes to provide a GDPR compliant level of privacy. For more information, please visit: https://acuityscheduling.com/privacy.php and https://help.acuityscheduling.com/hc/en-us/articles/360003334751
To ensure proper processing, we have closed a data processing addendum with Acuity according to Art. 28 (3) sentence 1 GDPR.
IV. Google Analytics
This website uses functions of the web analytics service Google Analytics. Provider is the Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
Google LLC, based in the United States, is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
We have activated the function IP anonymization on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Opposition to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set which prevents the collection of your data on future visits to this website: Disable Google Analytics.
We have entered into a contract with Google for data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
V. Google AdWords
Our website uses the Google Adwords service. Google AdWords is an online advertising program of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
Using Google Adwords Conversion Tracking
We also use so-called conversion tracking when using the Google AdWords service. When you click on an ad served by Google, a conversion tracking cookie will be placed on your computer / device. These cookies lose their validity after 30 days, contain no personal data and are thus not used for personal identification. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking.
You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you can opt-out of interest-based ads on Google and interest-based Google ads on the web (within the Google Display Network) in your browser by activating the swith “off” at http://www.google.com/settings/ads or by taking the steps for deactivation at http://www.aboutads.info/choices/.
For more information about your preferences and privacy at Google, please visit https://www.google.com/intl/en/policies/privacy/?fg=1
Our website uses Mapbox tiles on a number of subpages in order to display interactive maps. The Mapbox Tiles API is a map service provided by Mapbox Inc. (Mapbox). When the Mapbox Tiles API is used, information about your use of this website including your IP address can be transmitted to the USA.
When you view a page containing Mapbox Tiles maps, your browser establishes a direct link with the Mapbox servers. The map content is transmitted directly to your browser by Mapbox and is incorporated into the website by your browser. We therefore have no control over the volume of data collected by Mapbox in this way.
For more information on the purpose and extent of Mapbox’s data collection and its further processing and use, your rights in this respect, and possible settings to protect your privacy, please refer to Mapbox’s data privacy notice at https://www.mapbox.com/privacy/. This states among other things that a visitor’s IP address, the referring web page, the date and time of page visits, and the pages accessed on their websites will be recorded. Mapbox states that it uses this information solely for the purposes of improving the services it provides and for diagnostic and analytic purposes. Mapbox does not share personal data with third parties.
You also have the option of preventing Mapbox from installing cookies by disabling third-party cookies in your browser settings.
VII. Embedded YouTube videos
On some of our subpages of the website www.sonomotors.com we embed Youtube videos. The corresponding plug-ins are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, it will connect to Youtube’s servers. Youtube will be informed which pages you visit. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. This can be prevented by logging out of your Youtube account beforehand.
Anyone who has disabled the storage of cookies for the Google Ad program will not have to expect such cookies when watching YouTube videos. Youtube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in the browser.
VIII. Your rights of information, rectification, data transmission, blocking, termination and opposition as well as for complaints
You have the right to receive information about your personal data stored by us at any time. You also have the right to rectification, data transfer, blocking or, apart from the prescribed data storage for business transactions, deletion of your personal data. To exercise your rights, please address the contact listed at the end of the data protection policy.
For a data lock to be taken into account at all times, these data must be stored in a lock file for control purposes. You can also request the deletion of the data, as long as there is no legal archiving obligation. As far as such an obligation exists, we lock your data on request.
You can make changes to or revoke your consent with effect for the future by notifying us.
Insofar as the storage and processing of personal data is absolutely necessary for the execution of a contractual relationship, the deletion of your data may depend on the fact that the contractual relationship is also dissolved.
If you believe that we are infringing the GDPR in the processing of personal data concerning you, you have the right to complain to the competent supervisory authority. You can assert this right with a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged breach.
In Bavaria the competent supervisory authority is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
IX. Change of our data protection policy
We reserve the right to change this data protection policy from time to time to ensure that it complies with current legal requirements or to implement changes to our services, e.g. when introducing new services. Your new visit will be subject to the new data protection policy.
X. Questions about privacy / contact
If you have any questions about data protection or if you would like to contact us about any other privacy issue, please email us at: