Privacy Policy
This Privacy Policy informs you about the
scope of the processing of your personal data (hereinafter referred to as
"data") by our website and our Helpdesk Centre.
The controller for data
processing in accordance with the provisions of the General Data Protection
Regulation (GDPR) is
SenseGuard GmbH
Feldmühleplatz 15
40545 Düsseldorf
Phone: +49 211 506620
Web: www.suru-water.com
E-mail: info@suru-water.com
Matthias Rosa
RMPrivacy GmbH
Große Langgasse 1a, 55116
Mainz
Web:
www.rmprivacy.de
e-mail: privacy@suru-water.com
We process data as part
of our business and website operations.
This also includes
disclosure by transmission to third parties and, if applicable, to so-called
third countries outside the European Union ("EU") and the European
Economic Area ("EEA"). Where we transfer data outside the EU or the
EEA, we have labelled this accordingly below.
The individual data
concerned, processing purposes, legal bases, recipients and, if applicable,
transfers to third countries are listed below:
We log your website visit. In doing so, we process
·
Name(s) of our accessed website(s),
·
Date and time of retrieval,
·
the amount of data transferred,
·
the browser type and version,
·
the operating system you are using,
·
the referrer URL (the previously visited
website),
·
Your IP address,
·
the requesting provider.
The legal basis for data
processing is our overriding legitimate interest in the continuous provision
and security of our website in accordance with Art. 6 para. 1 f) GDPR.
The log file is erased after seven days, unless it is required to prove or
clarify specific legal violations that have become known within the retention
period.
To provide our online
presence, we use the services of web hosting providers who process the
above-mentioned data and all data to be processed in connection with the
operation of this website (log file when visiting the website) on our
behalf.
The legal basis for data processing is our overriding legitimate interest in
the provision of our website in accordance with Art. 6 para. 1 f) GDPR.
We use Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA
94103 ("Webflow") for our hosting. It is
possible that data may also be transferred to the USA.
Webflow is certified under the EU-US Data Privacy
Framework and falls under the EU adequacy decision for the US.
If you contact us, we
will process the following data from you for the purposes of the processing and
handling of your enquiry: Name, contact details - if provided by you - and your
message.
The legal basis for data processing is our obligation to fulfil the contract
and/or to fulfil our pre-contractual obligations pursuant to Art. 6 para. 1 b) GDPR and/or our
overriding legitimate interest in processing your enquiry pursuant to Art. 6 para. 1 f) GDPR.
You can download a free
white paper from our website. We process the following personal data:
The legal basis for data processing is our overriding legitimate interest in optimizing
the marketing of our offer in accordance with Art. 6 para. 1 f) GDPR.
We use so-called cookies
on our website. Cookies are small text files that are stored on your end device
(PC, smartphone, tablet, etc.) and saved by your browser.
We only use technically necessary session cookies on our website.
Sentry
We use the Sentry tool
from Sentry.io, 45 Fremont St, San Francisco, CA 94105, United States, on our
website to recognize and correct errors on the website. Sentry processes the
following data as part of this use:
·
IP address,
·
Information on the device,
·
Information on the browser used and
·
Details on error messages (incl. stack
trace).
The legal basis for this
data processing is our overriding legitimate interest in the continuous
provision and security of our website in accordance with Art. 6 para. 1 sentence 1 f) GDPR.
As part of the use of
Sentry, data may be transferred to the United States. Sentry.io is certified under
the EU-US Data Privacy Shield and is therefore covered by the EU Commission's
adequacy decision for the USA.
We use dynamic content
("content") from third parties to optimize the presentation and offer
of our website. When you visit the website, a request is automatically sent to
the server of the respective content provider via an interface, during which
certain log data (e.g. the user's IP address) is transmitted. The dynamic
content is then transmitted to our website and displayed there.
We use external content
in connection with the following functionalities:
We have integrated videos
from the Vimeo portal of Vimeo, Inc, 555 West 18th Street, New York, New York
10011, USA on our website. When the videos are played, log data is transmitted
to the Vimeo servers in the USA. This processing is carried out on the basis of
our overriding legitimate interest in optimizing the marketing of our offer in
accordance with Art. 6
para. 1 f) GDPR.
For data transfers to the
USA, Vimeo ensures an adequate level of data protection via the EU standard
contractual clauses. A copy of the relevant EU standard contractual clauses
will be provided on request. Please contact privacy@suru-water.com. Further
information can be found at: https://vimeo.com/privacy
To make visiting our
website attractive, we use external fonts from Google Fonts. These are loaded
from servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Ireland ("Google") when you visit the site. Google does not store
any cookies in your browser. However, according to our information, the IP
address of the user's end device is transmitted to Google and stored. This
processing is carried out on the basis of our overriding legitimate interest in
optimizing the marketing of our website in accordance with Art. 6 para. 1 f) GDPR.
It cannot be ruled out
that data will be transmitted to Google LLC, 1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA.
Google is certified under the EU-US Data Privacy Framework and is therefore
subject to the EU adequacy decision for the USA.
We use the internet
security services of Cloudflare Germany GmbH, Rosental 7, 80331 Munich, a
subsidiary of Cloudflare, Inc, 101 Townsend St., San Francisco, CA 94107, USA,
for the security and protection of our online presence and in particular for defense
against distributed denial-of-service (DDoS) attacks. Cloudflare processes the
log data of end users on our behalf: IP address, system configurations and
information about incoming and outgoing traffic of websites, devices and
applications of website visitors and may also transmit this data to the
USA.
The legal basis for data
processing is our overriding legitimate interest in the continuous provision
and security of our website in accordance with Art. 6 para. 1 f) GDPR.
Cloudflare is certified under the EU-US Data Privacy Framework and is
therefore subject to the EU adequacy decision for the USA.
On our website we use the
tool Keen.io from Keen.io,LLC, 122 E. Houston St, San
Antonio, TX 78205, United States, to provide and stream content on the website.
As part of this use, Keen processes the following data:
-
IP address,
- Information on the device,
- Browser metadata
The legal basis for this
data processing is our overriding legitimate interest in the continuous
provision and security of our website in accordance with Art. 6 para. 1
sentence 1 f) GDPR.
As part of the use of
Sentry, data may be transferred to the United States. Keen.io is not certified
under the EU-US Data Privacy Shield and is therefore not covered by the EU
Commission’s adequacy decision for the USA. Keen.io uses standard contractual clauses
to ensure an adequate level of data protection. We will make these
available on request.
As part of our Help Desk
Centre LINK, personal data is processed as follows:
To answer support
requests, we process your data via our ticket system. We process all data that
you provide to us via an enquiry, e.g. surname, first name, address, email
address, telephone number, customer number (if available and known) and the
content of the enquiry.
As part of our customer
support, we use the Jira ticket system from Atlassian, Inc. 350 Bush Street,
Level 13, San Francisco, California 94104, USA.
However, we only use data centers that are located within the European
Union. In addition, Atlassian is certified under the EU-US Data
Privacy Framework and is therefore covered by the EU adequacy decision for the
USA.
WhatsApp
As an alternative to a
support enquiry by email, you have the option of sending us your support
enquiries via WhatsApp Business, a service provided by WhatsApp Ireland
Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (WhatsApp). The following
data will be processed: Email address, content of the ticket, time of ticket
creation.
In connection with
WhatsApp, data may be transmitted to WhatsApp LLC and Meta Platforms Inc. based
in the USA. WhatsApp LLC and Meta Platforms Inc. are both certified under the
EU-US Data Privacy Framework and are therefore covered by the EU adequacy decision
for the USA.
To use this support
channel, you need the WhatsApp service on your device. We have no influence on
the data processing carried out by WhatsApp in this context.
Please also
note that we use the service of Twilio Inc, 101 Spear St FL 5, San Francisco,
CA 94105, based in the USA, as an interface to establish communication between
WhatsApp and our ticket system. Twilio Inc. is certified under the EU-US Data
Privacy Framework and is therefore covered by the EU adequacy decision for the
USA.
If you have entered into
a pre-contractual relationship or contractual relationship with us, the legal
basis for data processing is the effective fulfilment of the contract in
accordance with Art.
6 para. 1 b) GDPR.
To make our Help Desk
Centre via Jira more attractive and user-friendly, we use the Refined service
from Refined Wiki AB, Nordenskiöldsgatan 24, 211 19
Malmö, Sweden (Refined).
When using the Refined service, the following data is processed in order to
provide you with optimal customer support: IP address, session management
information, name and the information contained in your enquiry in the contact
form.
The aforementioned data
will only be stored for as long as is necessary to process your enquiry.
The legal basis for data processing is data processing based on our legitimate
interest in the optimal provision of our customer support, Art. 6 para. 1 f) GDPR.
In order to provide
videos in our helpdesk, we use Microsoft Clipchamp, a tool from Microsoft
Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This also involves
the transfer of personal usage data to Microsoft. This processing is based on
our overriding legitimate interest in optimizing the marketing of our offer in
accordance with Art. 6
para. 1 f) GDPR.
Microsoft is certified under the EU-US Data Privacy Framework and is therefore
covered by the EU adequacy decision for the USA.
Together
with Refined, we jointly process
certain analysis data in connection with the use of the Helpdesk Centre in
accordance with Art. 4 No. 7 GDPR, which is described below:
We use cookies as part of
the Help Desk Centre.
Information about the
specific cookies we use, their providers and purposes can be found in our consent
banner. There you can give your consent to the respective services as
required by Section 25 (1) of the German Telecommunications Digital Services
Data Protection Act (TDDDG), withdraw this consent or subsequently adjust your
settings.
We use a consent banner
to document your selection of certain data processing procedures and to fulfil
our obligations under data protection law. When you visit our website, your
cookie preferences are consulted via a banner. We then set a cookie in which
data on consents given or withdrawn is stored. The data processing is carried
out to fulfil our legal obligations in accordance with Art. 6 para. 1 c) GDPR.
Together with Refined, we
use various services of Google Ireland Limited, Gordon House, Barrow Street,
Dublin 4, Ireland (hereinafter "Google"). It is possible that data
may also be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain
View, CA 94043 in the USA.
Google is certified under the EU-US Data Privacy Framework and is covered by
the EU adequacy decision for the USA.
The Google Analytics
tracking tool from Google is used. The information obtained from this is shared
with us and Refined. Google Analytics is used exclusively to evaluate the use
of the Helpdesk Centre, to compile reports on the activities within this
website and to provide other services related to the use of the website and to
improve user-friendliness.
When Google Analytics is used, the interactions of website visitors are
primarily recorded and systematically analyzed using cookies.
Google
Analytics is used with the extension "anonymiseIp()".
This truncates IP addresses within the member states of the EU or EEA. If a
transmission to Google's servers in the USA takes place, the full IP address is
only transmitted in exceptional cases and shortened there. A direct personal
reference is therefore generally excluded. In particular, it is no longer
possible to identify the computer or end device of the website visitor.
The following data is
processed through the use of Google Analytics:
·
3 bytes of the IP address of the system
accessed by the website visitor (anonymized IP address),
·
the accessed website,
·
the website from which the user accessed the
page on our website (referrer),
·
the subpages that are accessed from the
website,
·
the time spent on the website,
·
the frequency of visits to the website.
The use of cookies or
comparable technologies set by Google takes place with your consent on the
basis of Section 25 (1)
sentence 1 of the GDPR. The legal basis for data processing in
the context of the aforementioned Google services is your prior consent in
accordance with Art. 6
para. 1 a) GDPR.
You can withdraw your consent at any time with effect for the
future by adjusting your preferences in our consent banner.
LinkedIn is a product
provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2,
Ireland. Together with LinkedIn, we are jointly responsible for data processing
in connection with our company profile, in particular in connection with the
"Page Insights" function in accordance with Art. 4 No. 7 GDPR. When
you visit our company profile, personal data is processed by LinkedIn and us as
controllers.
LinkedIn is the primary
controller under the GDPR for the processing of Page Insights data, see also section bb) User analysis.
LinkedIn therefore also assumes all obligations under the GDPR with regard to
the processing of Page Insights data (including Articles 12 and 13 GDPR,
Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). LinkedIn remains solely
controller for the processing of such personal data in connection with Page
Insights that is not covered by the existing Page Insights Joint
Controller Addendum.
The "Page Insights
Joint Controller Addendum" can be accessed at: https://legal.linkedin.com/pages-joint-controller-addendum.
You can find LinkedIn's
Privacy Policy at: https://www.linkedin.com/legal/privacy-policy
The purpose of operating
our company profile on LinkedIn is initially to make contact with users and
visitors to the LinkedIn social network and to engage in dialogue. In doing so,
we provide direct information about our enterprise and the associated offers.
As a LinkedIn profile
user, we may process the data you provide to us as a LinkedIn member. This
includes all information that you have stored in your profile, messages that
you send us and interactions with our content. In particular, this happens when
you share or recommend our content, comment on it, contact us or refer to our
presence within LinkedIn.
The processing of
personal data by us is based on our legitimate interests in an effective
exchange with LinkedIn users and visitors to our profile and in connection with
communication with users on our social media profiles, including our company
presentation in accordance with Art.
6 (1) f) GDPR.
If you send us your
application via LinkedIn or if you signal your interest in a job offer that we
send to you, the data you provide (e.g. name, e-mail address, desired location,
data of your LinkedIn profile, etc.), your message and the application documents
sent will be processed exclusively for the purposes of processing and handling
your application request.
The processing of
personal applicant data by us is carried out on the basis of Section 26 (1) German Federal Data
Protection Act. Accordingly, the processing of data that
is necessary in connection with the decision on the establishment of an
employment relationship is permitted.
Should the data be
necessary for legal prosecution after completion of the application process,
data processing may be carried out to safeguard our legitimate interests in
accordance with Art. 6
para. 1 f) GDPR, namely for the assertion and/or defense of
claims.
With the "Page
Insights" service, LinkedIn provides us with various information about
visits and visitors to our company page. This information is created by
LinkedIn and enables us to manage the marketing of our activities in a better
and more targeted manner. This is so-called aggregated data that cannot be used
to identify you personally. Data processing as part of the "Pages
Insights" service is the sole responsibility of LinkedIn. We have no
access to personal data, except in aggregated form.
The processing of
personal data by us is based on our legitimate interests in an effective
exchange with LinkedIn users and visitors to our profile and in connection with
communication with users on our social media profiles, including our company
presentation in accordance with Art.
6 (1) f) GDPR.
Data recorded when you
visit our company profile may be forwarded to the LinkedIn Corporation based in
the USA and processed there. For data transfers to the USA, LinkedIn ensures an
adequate level of data protection via the EU standard contractual clauses. A
copy of the corresponding EU standard contractual clauses will be provided on
request. Please contact privacy@suru-water.com.
We do not pass on data to
third parties as part of the operation of our company profile.
Vimeo is a service
provided by Vimeo Inc, 555 West 18th Street, New York,
New York 10011, USA ("Vimeo"). No personal data is processed directly by us as part of our Vimeo
channel.
However, if you enter
data yourself as a registered user on Vimeo, such as your user name and the
content published under your own account, this data will be processed by us
when we respond to an order from you, reply to your comments or write a post
that refers to your profile. In this case, the data you enter on Vimeo, in
particular your (user) name and the content published under your account, will
be processed to the extent that it is included in our offer and made accessible
to our followers.
For all other data
processing in the context of the use of the Vimeo service and its
functionalities, Vimeo is the controller
within the meaning of Art. 4 No. 7 GDPR. We have no influence on the type and scope of the data processed by Vimeo
as part of the Vimeo service, the type of processing, the use of the data or
the disclosure of this data to third parties.
Information on what data
is processed by Vimeo and for what purposes can be found in Vimeo's Privacy
Policy: https://vimeo.com/privacy.
The processing of
personal data by us is based on our legitimate interests in an effective
exchange with the users of Vimeo, the visitors to our profile and in connection
with communication with users on our social media profiles, including our
company presentation in accordance with Art.
6 para. 1 f) GDPR.
Data recorded when you
visit our Vimeo channel may be forwarded to Vimeo Inc., 555 West 18th Street, New York, New York 10011, based in the USA, and processed there. For data
transfers to the USA, Vimeo ensures an appropriate level of data protection via
the EU standard contractual clauses. A copy of the corresponding EU standard
contractual clauses will be provided on request. Please contact
privacy@suru-water.com.
We do not pass on data to
third parties as part of the operation of our company profile.
We only store personal data
for as long as is necessary for the purposes for which it is processed or if
you have withdrawn your consent. Insofar as statutory retention obligations
must be observed, the storage period for certain data may be up to 10 years,
regardless of the processing purposes.
You can request
information about all personal data that we have stored about you free of
charge at any time.
If you no longer consent
to the storage of your personal data or if it has become incorrect, we will
arrange for the deletion or blocking of your data or make the necessary
corrections (insofar as this is possible under the applicable law) if
instructed to do so. The same applies if we are only to process data with
restrictions in future. You have the right to object in particular in cases
where your data is required for the performance of a task carried out in the
public interest or where the data processing is based on our legitimate
interest, as well as profiling based on this. You also have such a right to
object in the case of data processing for the purpose of direct marketing.
You can withdraw your
consent at any time with effect for the future. Your withdrawal does not affect
the lawfulness of the processing up to the time of withdrawal.
If data processing is
carried out on the basis of a contract, pre-contractual negotiations, consent
or using automated procedures, you have the right to data portability. Upon
request, we will provide you with your data in a common, structured and machine-readable
format so that you can transfer the data to another controller if you wish.
Data for which we are not
able to identify the data subject, e.g. if it has been anonymized for analysis
purposes, is not covered by the above rights. Information, deletion, blocking,
correction or transfer to another enterprise may be possible with regard to
this data if you provide us with additional information that allows us to
identify you.
If you have any questions
regarding the processing of your personal data, information, rectification,
blocking, objection or deletion of data or if you wish to transfer the data to
another enterprise, please contact privacy@suru-water.com.
You also have the option of complaining to a supervisory authority about your
rights as a data subject.