Privacy Policy

With this privacy policy, we inform you about the scope of the processing of your personal data (hereinafter "data").

1. Responsible for Data Processing

Responsible for data processing in accordance with the provisions of the General Data Protection Regulation (GDPR) is:

2. Contact Details of our Data Protection Officer

3. General Information on Data Processing

In the course of our business and website operations, we process data.

This also includes disclosure by transfer to third parties and, if applicable, to so-called third countries outside the European Union ("EU") and the European Economic Area ("EEA"). Insofar as we transfer data outside the EU or the EEA, we have marked this accordingly below.

4. Data Processing

The individual data concerned, processing purposes, legal bases, recipients and, where applicable, transfers to third countries are listed below:

a) Web Page Visit Log File

We log your website visit. In doing so, we process:

The legal basis for data processing is our overriding legitimate interest in the ongoing provision and security of our website pursuant to Art. 6 para. 1 f) DSGVO.

The log file is deleted after seven days, unless it is needed to prove or clarify specific legal violations that have become known within the retention period.

b) Contact

If you contact us, we process the following data from you for the purpose of processing and handling your request: Name, contact details - if provided by you - and your message.

The legal basis of the data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations pursuant to Art. 6 para. 1 b) DSGVO and/or our overriding legitimate interest in processing your request pursuant to Art. 6 para. 1 f) DSGVO.

c) Downloads

On our website you can download a free whitepaper. In the process, we process the following personal data:

The legal basis for data processing is our overriding legitimate interest in the optimal marketing of our offer in accordance with Art. 6 para. 1 f) DSGVO.

d) Use of Functional Cookies

We use so-called cookies on our website. Cookies are small text files that are stored on your end device (PC, smartphone, tablet, etc.) and saved by your browser.

We only use technically necessary session cookies on our website.

e) External Content

We use dynamic content ("Content") from third parties to optimize the presentation and the offer of our website. When visiting the website, a request is automatically made to the server of the respective content provider by means of an interface, during which certain log data (e.g. the user's IP address) is transmitted. The dynamic content is then transmitted to our website and displayed there.

We use external content in connection with the following functionalities:

Vimeo Videos Integration

We have integrated videos from the Vimeo portal of Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA on our website. When playing the videos, log data is transferred to the Vimeo servers in the USA. This processing is based on our overriding legitimate interest in the optimal marketing of our offer according to Art. 6 para. 1 f) DSGVO.

Further information at: https://vimeo.com/privacy

5. Our Presence on Social Media

a) LinkedIn

aa) Joint Responsibility for Data Processing

LinkedIn is a product provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Together with LinkedIn, we are jointly responsible for data processing in connection with our company profile, in particular in connection with the "Page Insights" function, in accordance with the provisions of the General Data Protection Regulation (GDPR), Art. 4 No. 7 GDPR. When you visit our company profile, personal data is processed by LinkedIn and us as the responsible party.

LinkedIn assumes primary responsibility under the GDPR for the processing of Page Insights data, see also item bb) User analysis. LinkedIn therefore also assumes all obligations under the GDPR with regard to the processing of Page Insights data (including Art. 12 and 13 GDPR, Art. 15 to 22 GDPR and Art. 32 to 34 GDPR). LinkedIn remains solely responsible for the processing of such personal data in connection with Page Insights that is not covered by the existing Page Insights Joint Controller Addendum.

The "Page Insights Joint Controller Addendum" can be found at: https://legal.linkedin.com/pages-joint-controller-addendum

LinkedIn's privacy policy can be found at: https://www.linkedin.com/legal/privacy-policy

bb) What Data do we process and for what Purpose?

Exchange and Communication

The purpose of operating our company profile on LinkedIn is first of all to get in touch with users and visitors of the LinkedIn social network and to engage in an exchange. In doing so, we provide direct information about our company and the associated offers.

As a user of a LinkedIn profile, we may process the data provided by you as a LinkedIn member. This includes all information you have stored in your profile, messages they send us as well as interactions with our content. In particular, this happens when you share or recommend our content, comment on it, contact us or when you refer to our presence within LinkedIn.

The processing of personal data by us is based on our legitimate interests in an effective exchange with users of LinkedIn and visitors to our profile, as well as in connection with communication with users on our social media profiles, including our company presentation, pursuant to Art. 6 para. 1 f) GDPR.

Applications

If you submit your application to us via LinkedIn or if you indicate interest in a job offer that we make to you, the data you provide (e.g. name, e-mail address, desired job location, data of your LinkedIn profile, etc.), your message and the application documents submitted will be processed exclusively for the purpose of processing and handling your application request.

The processing of personal applicant data by us is based on Sec. 26 para. 1 FDPA. Accordingly, the processing of data that is required in connection with the decision on the establishment of an employment relationship is permissible.

Should the data be necessary for legal prosecution after completion of the application process, if applicable, data processing may be carried out to safeguard our legitimate interests pursuant to Art. 6 para. 1 f) GDPR, namely for the assertion and/or defense of claims.

User Analysis

LinkedIn provides us with the "Page Insights" service with various information on visits and visitors to our company page. These are created by LinkedIn and enable us to better and more purposefully manage the marketing of our activity. This is so-called aggregated data, with which no reference to your person can be made. Data processing within the scope of the "Pages-Insights" service takes place exclusively under the responsibility of LinkedIn. We have no access to personal data, except in aggregated form.

The processing of personal data by us is based on our legitimate interests in an effective exchange with the users of LinkedIn and visitors to our profile, as well as in connection with communication with users on our social media profiles, including our company presentation pursuant Art. 6 para. 1 f) GDPR.

cc) Data Transfer and Data Transmission to the United States

It is possible that data collected when visiting our company profile will be forwarded to the LinkedIn Corporation based in the United States and processed there. There is no adequacy decision of the EU Commission for data transfers to the United States. LinkedIn ensures an adequate level of data protection via the EU standard contractual clauses. A copy of the relevant EU standard contractual clauses will be provided upon request. Please contact privacy@suru-water.com for this.

Incidentally, we do not pass on data to third parties as part of the operation of our company profile.

b) Vimeo

aa) What Data do we process and for what Purpose?

Vimeo is a service of Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA ("Vimeo"). Within the scope of our Vimeo channel, no personal data is directly processed by us.

However, if you enter data on Vimeo itself as a registered user, such as your username and the content published under your own account, this data will be processed by us when we respond to an order from you, reply to your comments or write a post that refers to your profile. In this case, the data you entered on Vimeo, in particular your (user) name and the content published under your account, are processed insofar as they are included in our offer and made available to our followers.

For all further data processing in the context of the use of the Vimeo service and its functionalities, Vimeo is the responsible party within the meaning of Art. 4 No. 7 DSGVO. We have no influence on the type and scope of the data processed by Vimeo within the scope of the Vimeo service, the type of processing, the use of the data or the transfer of this data to third parties.

Information on what data is processed by Vimeo and for what purposes can be found in Vimeo's privacy policy: https://vimeo.com/privacy.

bb) Legal Basis

The processing of personal data by us is based on our legitimate interests in an effective exchange with users of Vimeo, visitors to our profile and in connection with communication with users on our social media profiles, including our company presentation, pursuant to Art. 6 para. 1 f) DSGVO.

cc) Data Transfer and Data Transmission to the United States

It is possible that data collected when visiting our Vimeo channel will be forwarded to Vimeo Inc, 555 West 18th Street, New York, New York 10011 based in the United States and processed there. There is no adequacy decision of the EU Commission for data transfers to the United States. Vimeo ensures an adequate level of data protection via the EU standard contractual clauses. A copy of the relevant EU standard contractual clause will be provided upon request. Please contact privacy@suru-water.com for this purpose.

Incidentally, we do not pass on data to third parties as part of the operation of our company profile.

6. Duration of Data Storage

We store personal data only as long as it is necessary for the purposes for which it is processed or if you have revoked your consent. Insofar as statutory retention obligations must be observed, the storage period for certain data can be up to 10 years, regardless of the processing purposes.

7. Your Data Subject Rights

a) Information

Upon request, you will receive information free of charge at any time about all personal data that we have stored about you.

b) Correction, Deletion, Restriction of Processing (Blocking), Objection

If you no longer agree to the storage of your personal data or if this data has become incorrect, we will arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible under the applicable law) in response to a corresponding instruction. The same applies if we are only to process data in a restrictive manner in the future. You have a right of objection in particular in cases where your data is required due to the performance of a task that is in the public interest or the data processing is based on our legitimate interest, as well as profiling based on this. You also have such a right of objection in the event of data processing for the purpose of direct advertising.

c) Right of Revocation for Consents with Effect for the Future

You can revoke consents granted at any time with effect for the future. Your revocation does not affect the lawfulness of the processing until the time of revocation.

d) Data Portability

If data processing takes place on the basis of a contract, pre-contractual negotiations, consent or with the help of automated processes, you have the right to data portability. Upon request, we will provide you with your data in a common, structured and machine-readable format so that you can transfer the data to another responsible party upon request.

e) Restriction of Processing

Data for which we are not able to identify the data subject, e.g. if it has been anonymized for analysis purposes, is not covered by the above rights. Information, deletion, blocking, correction or transfer to another company may be possible in relation to this data if you provide us with additional information that allows us to identify you.

f) Exercise of your Data Subject Rights and Right of Appeal

For questions regarding the processing of your personal data, for information, correction, blocking, objection or deletion of data or the wish to transfer the data to another company, please contact privacy@suru-water.com.

You also have the possibility to complain to a supervisory authority about your data protection rights.