Controller
Overview of processing
Legal bases we rely on
Security measures
Disclosure of personal data
International data transfers
Storage and erasure of data
Your rights under the GDPR
Provision of our website & hosting
Cookies
Contact and enquiry handling
Imran Sonan
Werner-Heisenberg-Straße 2a
D-63263 Neu-Isenburg, Germany
E-mail: imran@sonanproductions.de
Categories of data we process
Inventory data (e.g. names, addresses)
Contact data (e.g. e-mail, phone)
Content data (e.g. messages, uploads)
Usage data (e.g. pages viewed, click paths)
Meta / communication / procedural data (e.g. IP addresses, timestamps)
Log data (server log files)
Data subjects concerned
Visitors and users of our online services
Communication partners
Purposes of processing
Communication with you
Security of our systems
Internal organisation and administration
Collecting feedback
Providing and improving our online offer
Maintaining our IT infrastructure
Consent (Art. 6 (1) a GDPR) – You have given us permission for a specific purpose.
Contract performance / pre-contractual steps (Art. 6 (1) b GDPR) – Processing is necessary to fulfil a contract with you or to respond to your request before a contract.
Legitimate interests (Art. 6 (1) f GDPR) – We have a legitimate interest that is not overridden by your rights and freedoms.
National German rules (BDSG) and, where applicable, the Swiss FADP apply in addition.
We implement technical and organisational safeguards appropriate to the risk, including access controls, encryption, backup procedures, incident-response plans and privacy-by-design/default principles.
We may transfer data to other entities—e.g. IT service providers or embedded-content providers—only where this is legally permitted and protected by suitable contracts (e.g. data-processing agreements).
If we process data outside the EU/EEA:
We rely on an EU adequacy decision, Standard Contractual Clauses, your explicit consent, or another legal derogation.
For some US providers we rely on the EU–US Data Privacy Framework (DPF) if they are certified.
We erase personal data once the purpose no longer applies and no statutory retention duties remain. Typical German retention periods:
10 years – Accounting records, invoices, tax-relevant documents
6 years – Commercial correspondence and similar business documents
3 years – Data needed to defend potential legal claims (regular limitation period)
If multiple periods apply, the longest period prevails.
Right to object – You can object to processing based on Art. 6 (1) e or f GDPR at any time; you can always object to direct marketing.
Right to withdraw consent – You can revoke consent at any time.
Right of access – You can request confirmation and details of any processing of your data.
Right to rectification – You can request that inaccurate data be corrected.
Right to erasure / restriction – You can request deletion or restriction in accordance with legal requirements.
Right to data portability – You can receive data you provided in machine-readable form or have it transmitted to another controller.
Right to lodge a complaint – You may complain to a supervisory authority if you believe we violate data-protection law.
We process your IP address to deliver the website and maintain server log files (max. 30 days) for security and operational purposes.
Legal basis: our legitimate interests (Art. 6 (1) f GDPR).
We use cookies and similar technologies.
Session cookies are deleted when you close your browser.
Persistent cookies remain stored (max. 2 years unless stated otherwise).
Where required, we ask for your consent; otherwise, we rely on our legitimate interests. You can withdraw consent at any time and disable cookies via your browser settings.
When you contact us (e.g. via contact form or e-mail) we process the data you provide solely to handle your request.
Legal bases: contract performance / pre-contractual steps (Art. 6 (1) b GDPR) and our legitimate interests in effective communication (Art. 6 (1) f GDPR).
© SONANPRODUCTIONS
Webdesign by UpBrander
