Privacy policy

IT Sonix Custom Development GmbH

Privacy policy

Personal data is processed by us only as necessary and for the purpose of providing a functional and user-friendly website.

According to Art. 4 (1) of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following data protection declaration, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of the processing. In addition, we inform you below about the third-party components we use for optimization purposes and to increase the quality of use, insofar as third parties process data under their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as the responsible party
II. Rights of users and data subjects
III. Information on data processing
IV. Common responsible persons to the Facebook profile of IT Sonix custom development GmbH

I. Information about us as the responsible party

The party responsible for this website as stipulated by data protection legislation is:

IT Sonix Custom Development GmbH
Managing board: Artur Schiefer, Franziska Beer, Jan Landmann
Georgiring 3
04103 Leipzig

Telephone: +49 341 355 76-0

hereafter "ITSONIX"

Data protection officer is:

Holger Flemig
EPRO Consult Dr. Prössel und Partner GmbH

II. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right

  • To receive confirmation concerning whether data related to them is being processed, to receive information about the data being processed, to receive further information about data processing and to receive copies of the data (see also Art. 15 GDPR);
  • To correct or complete incorrect or incomplete data (see also Art. 16 GDPR);
  • To have data related to them deleted immediately ( see also Art. 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Art. 17(3) GDPR, to restrict said processing as per Art. 18 GDPR;
  • To receive the data related to them and provided by them and to transmit this data to other providers/controllers ( see also Art. 20 GDPR);
  • To lodge a complaint with a supervisory authority if they believe that data concerning them is being processed by the provider in breach of data protection provisions ( see also Art. 77 GDPR).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or restriction of processing that takes place on the basis of Arts. 16, 17(1), 18 GDPR. However, this obligation shall not apply if such notification is impossible or involves disproportionate effort. Without prejudice to this, the user has a right to information about these recipients.

Likewise, in accordance with Art. 21 GDPR, users and data subjects have the right to object to the future processing of data related to them, provided that the data is processed by the provider in accordance with Art. 6(1)(f) GDPR. In particular, they can object to the processing of data for the purpose of direct advertising.

III. Information on data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information is provided below on individual processing procedures.

Server data

Data is transmitted by your Internet browser to us or to our web space provider and stored in server log files for technical reasons, in particular to ensure a secure and stable website. These server log files are used to collect information such as the type and version of your Internet browser, the operating system, the website from which you accessed our website (referrer URL), the page(s) of our website that you visit, the date and time of each access, the IP address of the Internet connection from which our website is used, the amount of data transferred and the requesting provider.

The data collected in this way is temporarily stored but not together with other data related to you.

This storage takes place on the legal basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data will be deleted again after seven days at the latest unless further storage is required for purposes of evidence. Otherwise, the data is exempt from erasure in whole or in part until final clarification of the incident.


Our website uses cookies. Cookies are small text files or other storage technologies that are placed and stored on your computer by your Internet browser. These cookies allow certain information about you to be processed on an individual basis. This processing makes our website more user-friendly, effective and secure.

The cookies we use are categorised as follows:

  • Session cookies
  • Functional cookies
  • Performance cookies

You can prevent or restrict the installation of cookies using your Internet browser settings. You can also delete stored cookies at any time. However, the steps and measures required to do this depend on the specific Internet browser you use. Therefore, if you have any questions, please use the help function or consult the documentation of your Internet browser or contact its maker for support.

However, if you prevent or restrict the installation of cookies, not all of the functions of our website may be fully usable.

Cookies used
Session cookies – strictly necessary cookies
Name Description (stored information and purpose) Domain Expiry
grav-site-430ee58 CMS session cookie
Serves to ensure a user-friendly visit to our website. 30 minutes
matomo_sessid It is important to note that it does not contain any data identifying visitors and is considered an "essential" cookie. 14 days

Functional cookies – strictly necessary cookies
Name Description (stored information and purpose) Domain Expiry
complianceCookie Used to store consent about the use of cookies 1 Jahr
mtm_consent Used to store tracking consent 1 year
mtm_consent_removed Used to store the tracking cancellation 1 year


Online job applications / publication of vacancies

Job applications

We give you the option of applying to us via our website. For these digital applications, your applicant and application data will be collected and processed electronically by us for the purpose of handling the application process.

The legal basis for this processing is Section 26(1) sentence 1 of the German Federal Data Protection Act (BDSG) in conjunction with Art. 88(1) GDPR.

If an employment contract is concluded after the application process, we will store the data you submitted during the application in your personnel file for the purpose of the usual organisational and administrative process; this is, of course, done in compliance with the more extensive legal obligations.

The legal basis for this processing is also Section 26(1) sentence 1 of the BDSG in conjunction with Art. 88(1) GDPR.

In the event that an application is rejected, we will automatically erase the data submitted to us two months after notification of the rejection. However, the data will not be erased if it is required to be stored for a longer period of up to four months or until the conclusion of legal proceedings due to legal provisions, e.g. due to the obligation to provide evidence according to the German General Equal Treatment Act (AGG).

The legal basis in this case is Art. 6(1)(F) GDPR and Section 24(1) no. 2 BDSG. Our legitimate interest lies in legal defence or enforcement of rights.

If you expressly consent to your data being stored for a longer period of time, e.g. for the purpose of your inclusion in a database of applicants or interested parties, the data will be processed on the basis of your consent. The legal basis is then Art. 6(1)(a) GDPR. However, you can of course withdraw your consent at any time in accordance with Art. 7(3) GDPR by making a declaration to us with effect for the future.

On a technical level, our online application portal is operated by our service provider softgarden E-Recruiting GmbH, Tauentzienstrasse 14, 10789 Berlin, Germany (hereinafter referred to as Softgarden). Softgarden only provides software and computing capacity and otherwise has no influence on the application process. This is commissioned processing in accordance with Art. 28 GDPR. Softgarden is contractually obliged to take technical and organisational measures to ensure the protection of your personal data. For example, your data is stored in a secure operating environment that is not accessible to the public. Your data is encrypted during transmission using Transport Layer Security (TLS). This means that communication between your computer and the data servers used takes place using a recognised encryption method. For more information about the collection of data on the products and webpages operated by Softgarden, please refer to Softgarden’s privacy policy:

Subscription to job vacancies

If you subscribe to our job vacancies, we process your email address in order to be able to inform you about new job vacancies by email.

The legal basis for this is Art. 6(1)(a) GDPR. You may withdraw your consent to this subscription at any time with effect for the future in accordance with Art. 7(3) GDPR. To do this, you only need to inform us of your withdrawal or click on the “unsubscribe” link contained in the relevant email.

Social media link via graphic or text link

On our website, we also promote presences on the social networks listed below. They are integrated using linked graphics of the respective networks. Using a linked graphic prevents your system from automatically connecting to the respective server of the social network to display a graphic of the network itself when a page containing a social media link is called up. The user is only redirected to the service of the respective social network when they click on the corresponding graphic .

After the user has been forwarded, information about the user is collected by the respective network. It is possible that the data collected in this way will be processed in the USA.

This is initially data such as IP address, date, time and page visited. If the user is logged into his or her user account of the respective network during this time, the network operator may be able to assign the information collected from the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button provided by the respective network, this information may be stored in the user’s personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to their user account, they should log out before clicking on the graphic. It is also possible to achieve this by configuring the user account accordingly.

The following social networks are integrated into our site by means of a link:

Facebook & Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Facebook privacy policy:
Instagram privacy policy:


LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Privacy policy:


XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.

Privacy policy:


Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

Privacy policy:

YouTube / YouTube content (external media)

We use the platform to post our own videos and make them publicly accessible. This is a video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”. Google provides further information on the collection and use of data as well as your rights and protection options in this regard in the data protection notices available at

We have embedded YouTube videos into our online offering. The videos are stored on and can be played directly from our website. These are all embedded in extended data protection mode, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. The use of a two-click solution prevents a connection from being automatically established to the respective server of the third-party provider when our website is accessed in order to display the external content. You are therefore able to decide for yourself whether the provider collects information about you. The data mentioned in the next paragraph will only be transmitted when you play the videos. We have no influence on this data transmission.

When you visit the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. This connection is necessary in order to be able to display the respective video on our website via your Internet browser. During this process, YouTube will record and process at least your IP address, the date and time and the webpage you visited. If you are logged in to Google/YouTube at the same time, Google/YouTube will assign the connection information to your Google/YouTube account. If you wish to prevent this, you should either log out of Google/YouTube before visiting our website or configure the appropriate settings in your Google/YouTube user account. Google/YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Evaluation of this kind is performed in particular for the provision of demand-oriented advertising and to inform other users of the social network about your activities on our website (even for users who are not logged in). You have the right to object to the creation of these user profiles and you must contact YouTube to exercise this right.

In the event that personal data is transferred to Google LLC., which is based in the USA, Google uses the EU’s Standard Contractual Clauses for the relevant data transfers in order to comply with data protection requirements when transferring personal data from the EEA to third countries. These are based on the commission’s decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the council and remain a permissible legal mechanism for the transfer of data under the GDPR. Further information on this is provided by Google.

WUD newsletter

Newsletter data

If you subscribe to our free newsletter, the data requested from you for this purpose, i.e. your email address and, optionally, your name and address, will be transmitted to us. At the same time, we store the IP address of the Internet connection from which you access our website as well as the date and time of your subscription and confirmation. We use the data collected exclusively for the purpose of sending the newsletter. By completing the subscription process, you give your consent to receive the newsletter, which may be withdrawn at any time.

To confirm your newsletter subscription, you must explicitly confirm that you want us to activate receipt of the newsletter for you via what is known as the double opt-in procedure. For this purpose, you will receive a confirmation email from us following your subscription in which we ask you to click on the link contained therein to confirm to us that you would like to receive our newsletter. If you do not confirm your subscription within one week, your data will be automatically erased.

Your data is processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR).

You may withdraw your consent to the sending of the newsletter at any time with effect for the future in accordance with Art. 7(3) GDPR. To do this, you only need to inform us of your withdrawal or click on the “unsubscribe” link contained in each newsletter.


We use the CleverReach service to send the newsletter. The provider is CleverReach GmbH & Co. KG, Mühlenstrasse 43, 26180 Rastede, Germany. CleverReach is a service that can be used to organise and analyse newsletter distribution. The data you enter for the purpose of receiving the newsletter (e.g. email address) is stored on CleverReach’s servers in Germany or Ireland.

Our newsletters sent with CleverReach allow us to analyse the behaviour of newsletter recipients. For example, we can analyse how many recipients have opened the newsletter message and how often each link in the newsletter was clicked on.

If you do not want us to carry out this analysis, you should unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. Furthermore, you can also withdraw your consent at any time with effect for the future by sending an email to the address included in this privacy policy (see above).

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the members’ area) remains unaffected by this.

For more details, please refer to CleverReach's privacy policy at:

We have concluded a contract with CleverReach in which we oblige CleverReach to protect our customers’ data and not to pass it on to third parties.

Registration at WUD - Eventbrite (online platform for event and ticket management)

To participate/register for our events (esp. WUD), we use the online platform for event and ticket management "Eventbrite", which is operated by Eventbrite, Inc., 535 Mission Street, 8th Floor, San Francisco, CA 94103, USA. For users located in the European Economic Area ("EEA") or Switzerland, Eventbrite Inc. acts as the responsible party with respect to personal data collected through the Services. Eventbrite's representative in the EU for the purposes of European data protection legislation is Eventbrite Operations (IE) Limited, located at 97 South Mall Cork, T12 XV54, Ireland.

If you wish to register on our site and click on the relevant button or link, you will be redirected to the Eventbrite website for this purpose.

Eventbrite also processes your data in the USA, among other places. Access by US authorities to the data stored by Eventbrite cannot be ruled out. The transfer of personal data to the USA may be associated with various risks to the lawfulness and security of data processing with regard to the adequacy of the level of protection, as the USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have legal remedies against access by authorities.

Eventbrite processes personal data of our registered event participants on our behalf. To ensure an adequate level of data protection, we have concluded EU standard contractual clauses with the service provider. These are based on Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council.

For more information regarding Eventbrite's compliance with European data protection regulations: click here:

Eventbrite collects personal information when you voluntarily provide such information as part of registering for one of our events and then transfers that information to us as the event organiser. In order to register with Eventbrite for an event, you must provide Eventbrite Inc. with the following information, among other things:

  • Last name, first name
  • E-mail address
  • Event-ID
  • IP-address
  • Access device and/or browser characteristics

You can find Eventbrite's privacy policy here:

As the organiser, we receive access to the following data of the participants of the registered event from Eventbrite: Name, first name, email address. We use this data for the purpose of preparing and following up on the registered events. In addition, registered participants receive information about the respective event and our contact options by e-mail before and after the registered event. The data is processed on the basis of Art. 6 para. 1 lit. b DSGVO (processing for the fulfilment of a contract).

As part of the participation (on-site) in the event, we process the data of the participants within the framework of a list of participants at the reception and prepared name tags. The purpose is to monitor capacity at the venue. For better future planning of events, we also use event participation data to study event take-up and utilisation. These processing operations are based on Art. 6 para. 1 lit. f) DS-GVO.

Participants' data will be deleted 12 months after the event.

You have the option at any time to object to the use of this data for advertising purposes in the future by revoking your wish via the access data on the platform via which you have registered. If you have booked events with us outside of Eventbrite, please send your revocation to

Data Protection Information for the Customer Satisfaction Survey

Email Invitation

In certain cases, we send our customers email invitations to a customer satisfaction survey.
In this case, the legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in improving and optimizing our services and products. With the customer survey, potential for improvement in the cooperation between us and the current project customers as well as future, strategic, sales needs of the customers are to be determined. You can object to the processing of your data for the purpose of the "customer satisfaction survey" at any time for reasons that arise from your particular situation, stating these reasons (Art. 21. Para. 1 DSGVO): In the event of a justified objection, we will no longer process the personal data for the purposes in question and will delete the data unless we can demonstrate compelling reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of Assertion, exercise or defense of legal claims.

Participation in the customer satisfaction survey - declaration of consent If you take the survey, we will ask you a few questions about customer satisfaction with our services and products.

We conduct the survey ourselves on our „Lime Survey“ platform. The evaluations of the surveys are carried out exclusively by us in Germany.

The survey may not be anonymous (voluntary indication of name / position). If the feedback is particularly bad or good, we would like to get in touch with the customer (“customer-specific feedback”). Customer-specific feedback will be deleted 90 days after completion of processing (including clarification/communication) and transferred to the evaluation of the customer satisfaction survey as "project-related survey results".

Your data will be processed exclusively on the basis of your consent (Art. 6 Para. 1 lit. a) GDPR). You can revoke your consent to the personalized evaluation and possible subsequent contact at any time with effect for the future in accordance with Art. 7 Para. 3 DSGVO. All you have to do is inform us of your revocation:

Evaluations of the surveys - project-related survey results

The surveys are evaluated without reference to natural persons, only in relation to the customer’s name (company) and the project. All corresponding evaluation results (project-related survey results) are kept for up to 5 years.

Contact requests/contact options

If you contact us via the contact form or email, the data you provide will be used to process your request. You must provide this data so that we can process and answer your enquiry – without it, we will not be able answer your enquiry at all or only to a limited extent.

The legal basis for processing data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact is intended for the conclusion of a contract or takes place within the framework of an existing contractual relationship, the additional legal basis for the processing is Art. 6(1)(b) GDPR.

Your data will be erased as soon as your enquiry has been conclusively answered and there are no legal obligations to retain the data, e.g. in the case of subsequent contract processing.

Additional data protection information on electronic signature services from LIONWARE (MultiConnect Portal)

We use the software LIONWARE The MultiConnect Portal of Lionware GmbH with registered office at Im Kaisemer 13a 70191 Stuttgart, Germany ("Lionware") for the digital signature of contracts and documents ready for signature.

For this purpose, Lionware processes the data entered by you when using the electronic signature services, usage data of your terminal device and transaction-related data. The legal basis is Art. 88 para. 1 DSGVO in conjunction with. § Section 26 (1) BDSG or for the purpose of fulfilling a contract with the data subject based on Art. 6 (1) lit. b and f DSGVO. The legitimate interest consists in an efficient and cost-saving processing of the signing of contracts and documents.

Failure to provide this data may result in the inability to create an electronic signature. We transmit personal data to employees, customers and the relevant departments of the company. We have concluded an order processing contract with Lionware. Lionware stores all personal data on servers within the EU. Further information on data processing by Lionware can be found here: We store the data collected for the electronic signature until the expiry of the statutory retention period v

IV. Joint controllers of the Facebook profile of IT Sonix custom development GmbH ("ITSONIX")

Privacy Policy Social Media Pages of ITSONIX


The following privacy policy provides an overview of the collection and processing of your data on our appearances on the following social media platforms:

Facebook, hereafter „Facebook-Profile“

We would like to point out that you use our social media pages and their functions as well as social media platforms as a whole on your own responsibility. This applies in particular to the use of interactive functions (e.g. liking, commenting, sharing, rating). The corresponding terms of use of Facebook can be found at „“. You can access the privacy policy here: „“.

In addition to us, the operator of the social media platform (hereinafter referred to as the "Provider") is also controller for data processing on our social media pages (Facebook platform), hereinafter also referred to as "Meta" or "Facebook".

Meta Platforms Ireland Ltd.
4 Grand, Canal Square
Grand Canal Harbour Dublin 2

Online contact form of the data protection officer of Facebook: „“.

The operators of the social media platforms are available to you as a central contact. However, you can also assert your rights with regard to the processing operations under joint responsibility vis-à-vis us. Insofar as you contact us, we will coordinate with the respective provider in order to answer your inquiry and ensure your data subject rights.


We would like to point out that Meta may store the data of the respectively registered users and other interested visitors of the social media platforms, e.g. personal information (registration data, status messages, photos, location, etc.) or the IP address, cookies, etc., also outside the European Union (EU) or the European Economic Area (EEA) and use them for its own business purposes.

We have no influence on the data collection and use by the provider. Furthermore, it is not transparent for us which data Meta stores where and for how long, as well as to what extent Meta fulfills existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on. Whenever you are logged in with your respective social media account and visit our social media pages, the provider can assign this to your profile.

A transfer of data to the USA and access by US authorities to the data stored at Meta cannot be ruled out. The transfer of personal data to the USA may be associated with various risks to the legality and security of data processing with regard to the adequacy of the level of protection, as the USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to legal remedies against access by authorities.

A joint controllership agreement in accordance with Article 26 GDPR has been concluded, which specifies, among other things, how the respective tasks and responsibilities for the processing of personal data are structured and who fulfills which data protection obligations.

Information on data processing

ITSONIX operates the Facebook profile to point out its services and service offers and to interact with visitors of the social media platforms (hereinafter referred to as "users").

When using the Facebook profile of ITSONIX, personal data is processed. In the following, you will be informed about the type and scope of the data processing for which ITSONIX is responsible under data protection law in this context.

ITSONIX itself does not store any personal data regarding your use of the respective social media sites.

Information that you publish on the respective social media pages of ITSONIX (e.g. comments) or send via the respective messenger will be stored by the providers based on your usage relationship and can be removed there by you.

Processing of usage data under joint controllership of Meta and ITSONIX

When you visit the social media pages of ITSONIX, Meta also uses certain usage data (e.g., whether you have "liked" or commented on certain amounts of ITSONIX) to provide ITSONIX with aggregated usage statistics (so-called "page insights"). Usage statistics do not allow any conclusion on the behavior of individual users, but only provide ITSONIX with an overview of the usage of its social media pages (e.g. which posts were clicked on particularly frequently). ITSONIX itself has no access to the personal data processed for the creation of the statistics. Which usage actions are logged by Meta on the social media platforms is solely determined by Meta and cannot be set up, changed or otherwise influenced by ITSONIX.

ITSONIX has Meta provide usage statistics for its respective social media pages in order to improve the posts published there and to make them as interesting as possible for users. The processing is carried out on the basis of a balancing of interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, which always also takes your interests into account. If you are logged in to Facebook yourself, the processing is also carried out in accordance with the terms of use that apply between you and Facebook in each case, pursuant to Art. 6 (1) sentence 1 lit. b GDPR.

For the processing of personal data for the creation of these usage statistics, Facebook and ITSONIX are joint controllers pursuant to Art. 26 GDPR. Facebook's Page Insights information „(“ describes what data is processed under joint controllership and includes the "Page Insights Addendum" in which Facebook and ITSONIX have contractually agreed which of them fulfills which obligations under the GDPR.

Processing of your data when communicating with ITSONIX via the Facebook page

Facebook usage
If you contact ITSONIX via the Facebook page, e.g. by commenting on a post or writing a message via Facebook Messenger, ITSONIX processes your data (e.g. your name and the communication content) in order to handle your request.

As far as necessary, ITSONIX processes your data beyond that to assert legal claims and defense in legal disputes as well as to prevent and solve criminal offenses (e.g. in case of hate or inflammatory comments).

The legal basis for the processing of data transmitted in the course of contacting us is Art. 6 para. 1 lit. f) GDPR. If the contact is aimed at the conclusion of a contract or takes place within the framework of an existing contractual relationship, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

Your data will be deleted if your inquiry has been answered conclusively and the deletion does not conflict with any legal obligations to retain data, such as in the case of any subsequent contract processing.