Privacy policy

IT Sonix Custom Development GmbH

Privacy policy

We only process personal data as necessary and for the purpose of providing a functional and user-friendly website.

According to Art. 4(1) of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), “processing” means any procedure performed upon personal data, whether or not by automated means, such as collecting, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing or destroying.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of processing. In addition, we inform you below about the third-party components we use for optimisation purposes and to increase the quality of use, insofar as third parties process data under their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as the responsible party
II. Rights of users and data subjects
III. Information on data processing
IV. Data protection information in accordance with the EU General Data Protection Regulation

I. Information about us as the responsible party

The party responsible for this website as stipulated by data protection legislation is:

IT Sonix Custom Development GmbH
Managing board: Artur Schiefer, Franziska Beer, Jan Landmann
Georgiring 3
04103 Leipzig

Telephone: +49 341 355 76-0

The provider’s data protection officer is:

Holger Flemig
EPRO Consult Dr. Prössel und Partner GmbH

II. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right

  • To receive confirmation concerning whether data related to them is being processed, to receive information about the data being processed, to receive further information about data processing and to receive copies of the data (see also Art. 15 GDPR);
  • To correct or complete incorrect or incomplete data (see also Art. 16 GDPR);
  • To have data related to them deleted immediately ( see also Art. 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Art. 17(3) GDPR, to restrict said processing as per Art. 18 GDPR;
  • To receive the data related to them and provided by them and to transmit this data to other providers/controllers ( see also Art. 20 GDPR);
  • To lodge a complaint with a supervisory authority if they believe that data concerning them is being processed by the provider in breach of data protection provisions ( see also Art. 77 GDPR).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or restriction of processing that takes place on the basis of Arts. 16, 17(1), 18 GDPR. However, this obligation shall not apply if such notification is impossible or involves disproportionate effort. Without prejudice to this, the user has a right to information about these recipients.

Likewise, in accordance with Art. 21 GDPR, users and data subjects have the right to object to the future processing of data related to them, provided that the data is processed by the provider in accordance with Art. 6(1)(f) GDPR. In particular, they can object to the processing of data for the purpose of direct advertising.

III. Information on data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information is provided below on individual processing procedures.

Server data

Data is transmitted by your Internet browser to us or to our web space provider and stored in server log files for technical reasons, in particular to ensure a secure and stable website. These server log files are used to collect information such as the type and version of your Internet browser, the operating system, the website from which you accessed our website (referrer URL), the page(s) of our website that you visit, the date and time of each access, the IP address of the Internet connection from which our website is used, the amount of data transferred and the requesting provider.

The data collected in this way is temporarily stored but not together with other data related to you.

This storage takes place on the legal basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data will be deleted again after seven days at the latest unless further storage is required for purposes of evidence. Otherwise, the data is exempt from erasure in whole or in part until final clarification of the incident.


Our website uses cookies. Cookies are small text files or other storage technologies that are placed and stored on your computer by your Internet browser. These cookies allow certain information about you to be processed on an individual basis. This processing makes our website more user-friendly, effective and secure.

The cookies we use are categorised as follows:

  • Session cookies
  • Functional cookies
  • Performance cookies

You can prevent or restrict the installation of cookies using your Internet browser settings. You can also delete stored cookies at any time. However, the steps and measures required to do this depend on the specific Internet browser you use. Therefore, if you have any questions, please use the help function or consult the documentation of your Internet browser or contact its maker for support.

However, if you prevent or restrict the installation of cookies, not all of the functions of our website may be fully usable.

Cookies used
Session cookies – strictly necessary cookies
Name Description (stored information and purpose) Domain Expiry
grav-site-430ee58 CMS session cookie
Serves to ensure a user-friendly visit to our website. 30 minutes
matomo_sessid It is important to note that it does not contain any data identifying visitors and is considered an "essential" cookie. 14 days

Functional cookies – strictly necessary cookies
Name Description (stored information and purpose) Domain Expiry
complianceCookie Used to store consent about the use of cookies 1 Jahr
mtm_consent Used to store tracking consent 1 year
mtm_consent_removed Used to store the tracking cancellation 1 year


Online job applications / publication of vacancies

Job applications

We give you the option of applying to us via our website. For these digital applications, your applicant and application data will be collected and processed electronically by us for the purpose of handling the application process.

The legal basis for this processing is Section 26(1) sentence 1 of the German Federal Data Protection Act (BDSG) in conjunction with Art. 88(1) GDPR.

If an employment contract is concluded after the application process, we will store the data you submitted during the application in your personnel file for the purpose of the usual organisational and administrative process; this is, of course, done in compliance with the more extensive legal obligations.

The legal basis for this processing is also Section 26(1) sentence 1 of the BDSG in conjunction with Art. 88(1) GDPR.

In the event that an application is rejected, we will automatically erase the data submitted to us two months after notification of the rejection. However, the data will not be erased if it is required to be stored for a longer period of up to four months or until the conclusion of legal proceedings due to legal provisions, e.g. due to the obligation to provide evidence according to the German General Equal Treatment Act (AGG).

The legal basis in this case is Art. 6(1)(F) GDPR and Section 24(1) no. 2 BDSG. Our legitimate interest lies in legal defence or enforcement of rights.

If you expressly consent to your data being stored for a longer period of time, e.g. for the purpose of your inclusion in a database of applicants or interested parties, the data will be processed on the basis of your consent. The legal basis is then Art. 6(1)(a) GDPR. However, you can of course withdraw your consent at any time in accordance with Art. 7(3) GDPR by making a declaration to us with effect for the future.

On a technical level, our online application portal is operated by our service provider softgarden E-Recruiting GmbH, Tauentzienstrasse 14, 10789 Berlin, Germany (hereinafter referred to as Softgarden). Softgarden only provides software and computing capacity and otherwise has no influence on the application process. This is commissioned processing in accordance with Art. 28 GDPR. Softgarden is contractually obliged to take technical and organisational measures to ensure the protection of your personal data. For example, your data is stored in a secure operating environment that is not accessible to the public. Your data is encrypted during transmission using Transport Layer Security (TLS). This means that communication between your computer and the data servers used takes place using a recognised encryption method. For more information about the collection of data on the products and webpages operated by Softgarden, please refer to Softgarden’s privacy policy:

Subscription to job vacancies

If you subscribe to our job vacancies, we process your email address in order to be able to inform you about new job vacancies by email.

The legal basis for this is Art. 6(1)(a) GDPR. You may withdraw your consent to this subscription at any time with effect for the future in accordance with Art. 7(3) GDPR. To do this, you only need to inform us of your withdrawal or click on the “unsubscribe” link contained in the relevant email.

Social media link via graphic or text link

On our website, we also promote presences on the social networks listed below. They are integrated using linked graphics of the respective networks. Using a linked graphic prevents your system from automatically connecting to the respective server of the social network to display a graphic of the network itself when a page containing a social media link is called up. The user is only redirected to the service of the respective social network when they click on the corresponding graphic .

After the user has been forwarded, information about the user is collected by the respective network. It is possible that the data collected in this way will be processed in the USA.

This is initially data such as IP address, date, time and page visited. If the user is logged into his or her user account of the respective network during this time, the network operator may be able to assign the information collected from the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button provided by the respective network, this information may be stored in the user’s personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to their user account, they should log out before clicking on the graphic. It is also possible to achieve this by configuring the user account accordingly.

The following social networks are integrated into our site by means of a link:

Facebook & Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Facebook privacy policy:
Instagram privacy policy:


LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Privacy policy:


XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.

Privacy policy:


Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

Privacy policy:

YouTube / YouTube content (external media)

We use the platform to post our own videos and make them publicly accessible. This is a video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”. Google provides further information on the collection and use of data as well as your rights and protection options in this regard in the data protection notices available at

We have embedded YouTube videos into our online offering. The videos are stored on and can be played directly from our website. These are all embedded in extended data protection mode, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. The use of a two-click solution prevents a connection from being automatically established to the respective server of the third-party provider when our website is accessed in order to display the external content. You are therefore able to decide for yourself whether the provider collects information about you. The data mentioned in the next paragraph will only be transmitted when you play the videos. We have no influence on this data transmission.

When you visit the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. This connection is necessary in order to be able to display the respective video on our website via your Internet browser. During this process, YouTube will record and process at least your IP address, the date and time and the webpage you visited. If you are logged in to Google/YouTube at the same time, Google/YouTube will assign the connection information to your Google/YouTube account. If you wish to prevent this, you should either log out of Google/YouTube before visiting our website or configure the appropriate settings in your Google/YouTube user account. Google/YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Evaluation of this kind is performed in particular for the provision of demand-oriented advertising and to inform other users of the social network about your activities on our website (even for users who are not logged in). You have the right to object to the creation of these user profiles and you must contact YouTube to exercise this right.

In the event that personal data is transferred to Google LLC., which is based in the USA, Google uses the EU’s Standard Contractual Clauses for the relevant data transfers in order to comply with data protection requirements when transferring personal data from the EEA to third countries. These are based on the commission’s decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the council and remain a permissible legal mechanism for the transfer of data under the GDPR. Further information on this is provided by Google.

WUD newsletter

Newsletter data

If you subscribe to our free newsletter, the data requested from you for this purpose, i.e. your email address and, optionally, your name and address, will be transmitted to us. At the same time, we store the IP address of the Internet connection from which you access our website as well as the date and time of your subscription and confirmation. We use the data collected exclusively for the purpose of sending the newsletter. By completing the subscription process, you give your consent to receive the newsletter, which may be withdrawn at any time.

To confirm your newsletter subscription, you must explicitly confirm that you want us to activate receipt of the newsletter for you via what is known as the double opt-in procedure. For this purpose, you will receive a confirmation email from us following your subscription in which we ask you to click on the link contained therein to confirm to us that you would like to receive our newsletter. If you do not confirm your subscription within one week, your data will be automatically erased.

Your data is processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR).

You may withdraw your consent to the sending of the newsletter at any time with effect for the future in accordance with Art. 7(3) GDPR. To do this, you only need to inform us of your withdrawal or click on the “unsubscribe” link contained in each newsletter.


We use the CleverReach service to send the newsletter. The provider is CleverReach GmbH & Co. KG, Mühlenstrasse 43, 26180 Rastede, Germany. CleverReach is a service that can be used to organise and analyse newsletter distribution. The data you enter for the purpose of receiving the newsletter (e.g. email address) is stored on CleverReach’s servers in Germany or Ireland.

Our newsletters sent with CleverReach allow us to analyse the behaviour of newsletter recipients. For example, we can analyse how many recipients have opened the newsletter message and how often each link in the newsletter was clicked on.

If you do not want us to carry out this analysis, you should unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. Furthermore, you can also withdraw your consent at any time with effect for the future by sending an email to the address included in this privacy policy (see above).

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the members’ area) remains unaffected by this.

For more details, please refer to CleverReach's privacy policy at:

We have concluded a contract with CleverReach in which we oblige CleverReach to protect our customers’ data and not to pass it on to third parties.

Registrierung beim WUD - Eventbrite (Online-Plattform für Event- und Ticketmanagement)

Zur Teilnahme/Registrierung an unseren Events (insb. WUD) verwenden wir die Online-Plattform für Event- und Ticketmanagement „Eventbrite“, welche von der Eventbrite, Inc., 535 Mission Street, 8th Floor, San Francisco, CA 94103, USA betrieben wird. Für Benutzer, die im Europäischen Wirtschaftsraum („EWR“) oder in der Schweiz ansässig sind, fungiert Eventbrite Inc. in Bezug auf die über die Services erfassten personenbezogenen Daten als verantwortliche Partei. Eventbrites Vertretung in der EU zum Zwecke der europäischen Datenschutzgesetzgebung ist Eventbrite Operations (IE) Limited mit Sitz in 97 South Mall Cork, T12 XV54, Irland.

Wenn Sie auf unserer Seite eine Registrierung vornehmen möchten und auf die entsprechende Schaltfläche oder den entsprechenden Link klicken, werden Sie dafür auf die Website von Eventbrite weitergeleitet.

Eventbrite verarbeitet Ihre Daten u.a. auch in den USA. Ein Zugriff US-amerikanischer Behörden auf die bei Eventbrite gespeicherten Daten kann nicht ausgeschlossen werden. Die Übermittlung von personenbezogenen Daten in die USA kann in Bezug auf die Angemessenheit des Schutzniveaus mit verschiedenen Risiken für die Rechtmäßigkeit und Sicherheit der Datenverarbeitung einhergehen, da die USA derzeit aus datenschutzrechtlicher Sicht als Drittland gelten. Sie haben dort nicht die gleichen Rechte wie innerhalb der EU/ des EWR. Ggf. stehen Ihnen keine Rechtsbehelfe gegen Zugriffe von Behörden zu.

Eventbrite verarbeitet in unserem Auftrag personenbezogene Daten unserer registrierten Event- Teilnehmer. Zur Herstellung eines angemessenen Datenschutzniveaus haben wir mit dem Dienstleister EU-Standardvertragsklauseln geschlossen. Diese beruhen auf dem Durchführungsbeschluss (EU) 2021/914 der Kommission vom 4. Juni 2021 über Standardvertragsklauseln für die Übermittlung personenbezogener Daten an Drittländer gemäß der Verordnung (EU) 2016/679 des Europäischen Parlaments und des Rates.

Weitere Informationen hinsichtlich der Einhaltung der europäischen Datenschutzregelungen durch Eventbrite: finden Sie hier:

Eventbrite erfasst personenbezogenen Daten, wenn Sie solche Informationen freiwillig im Rahmen einer Anmeldung zu einer unserer Events bereitstellen und übermittelt diese Daten anschließend an uns als Veranstalter. Um sich bei Eventbrite für ein Event anzumelden, müssen Sie u.a. folgende Daten an Eventbrite Inc. übermitteln:

  • Name, Vorname
  • E-Mail-Adresse
  • Event-ID
  • IP-Adresse
  • Merkmale des Zugriffsgerätes und/oder des Browsers

Die Datenschutzerklärung von Eventbrite finden Sie hier:

Als Veranstalter erhalten wir von Eventbrite Zugriff folgende Daten der Teilnehmer des registrierten Events: Name, Vorname, E-Mail-Adresse. Die Daten verwenden wir für die Zwecke der Vor- und Nachbereitung der jeweils registrierten Events. Zudem erhalten registrierte Teilnehmer vor und nach dem registrierten Event Informationen zum jeweiligen Event und unsere Kontaktmöglichkeiten per E- Mail zugesendet. Die Verarbeitung der Daten erfolgt auf Grundlage von Art. 6 Abs. 1 lit. b DSGVO (Verarbeitung zur Erfüllung eines Vertrags).

Im Rahmen der Teilnahme (vor Ort) am Event verarbeiten wir die Daten der Teilnehmer im Rahmen einer Teilnehmerliste am Empfang und vorbereiteter Namensschilder. Zweck ist die Überwachung der Kapazität am Veranstaltungsort. Für eine bessere zukünftige Planung von Events verwenden wir zudem die Daten über die Teilnahme an Events, um die Inanspruchnahme und Auslastung der Events zu untersuchen. Diese Verarbeitungen beruhen auf Art. 6 Abs. 1 lit. f) DS-GVO.

Die Daten der Teilnehmer werden 12 Monate nach dem Event gelöscht.

Sie haben jederzeit die Möglichkeit, der Nutzung dieser Daten für werbliche Zwecke für die Zukunft zu widersprechen, indem Sie Ihrem Wunsch über die Zugangsdaten auf die Plattform über die Sie sich registriert haben auch widerrufen. Sollten Sie außerhalb von Eventbrite Events bei uns gebucht haben schicken Sie Ihren Widerruf an

Data Protection Information for the Customer Satisfaction Survey

Email Invitation

In certain cases, we send our customers email invitations to a customer satisfaction survey.
In this case, the legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in improving and optimizing our services and products. With the customer survey, potential for improvement in the cooperation between us and the current project customers as well as future, strategic, sales needs of the customers are to be determined. You can object to the processing of your data for the purpose of the "customer satisfaction survey" at any time for reasons that arise from your particular situation, stating these reasons (Art. 21. Para. 1 DSGVO): In the event of a justified objection, we will no longer process the personal data for the purposes in question and will delete the data unless we can demonstrate compelling reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of Assertion, exercise or defense of legal claims.

Participation in the customer satisfaction survey - declaration of consent If you take the survey, we will ask you a few questions about customer satisfaction with our services and products.

We conduct the survey ourselves on our „Lime Survey“ platform. The evaluations of the surveys are carried out exclusively by us in Germany.

The survey may not be anonymous (voluntary indication of name / position). If the feedback is particularly bad or good, we would like to get in touch with the customer (“customer-specific feedback”). Customer-specific feedback will be deleted 90 days after completion of processing (including clarification/communication) and transferred to the evaluation of the customer satisfaction survey as "project-related survey results".

Your data will be processed exclusively on the basis of your consent (Art. 6 Para. 1 lit. a) GDPR). You can revoke your consent to the personalized evaluation and possible subsequent contact at any time with effect for the future in accordance with Art. 7 Para. 3 DSGVO. All you have to do is inform us of your revocation:

Evaluations of the surveys - project-related survey results

The surveys are evaluated without reference to natural persons, only in relation to the customer’s name (company) and the project. All corresponding evaluation results (project-related survey results) are kept for up to 5 years.

Contact requests/contact options

If you contact us via the contact form or email, the data you provide will be used to process your request. You must provide this data so that we can process and answer your enquiry – without it, we will not be able answer your enquiry at all or only to a limited extent.

The legal basis for processing data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact is intended for the conclusion of a contract or takes place within the framework of an existing contractual relationship, the additional legal basis for the processing is Art. 6(1)(b) GDPR.

Your data will be erased as soon as your enquiry has been conclusively answered and there are no legal obligations to retain the data, e.g. in the case of subsequent contract processing.

IV. Data protection information in accordance with the EU General Data Protection Regulation

The data protection information pursuant to the EU General Data Protection Regulation for authorised representatives/agents of "legal entities" pursuant to Art. 12 ff. GDPR and data protection information in accordance with the EU General Data Protection Regulation for Applicants in accordance with Art. 12 ff. GDPR apply in addition to this website-specific privacy policy information.