Last Updated: 12.11.2021

Here you can find the description of how we collect, use, and handle your personal data when you use our websites and services (“Services”).

Storage Location

We store your personal information on our servers which are located in Germany. Germany provides an adequate level of data protection as required by Art 45 (1) GDPR.

Data Controller

The data controller according to Art. 4 (7) GDPR is

SUPREMATIC Technology Arts GmbH
Hospitalstr. 35
70174 Stuttgart

General questions:
Data Protection Officer (Privacy Officer):

We will process your personal information only with your knowledge and consent (Art. 6 (1) (a) GDPR), except where permitted or required by the law or defined in this Privacy Policy. Where we process your personal information on the legal basis of your consent, you have the right to withdraw your consent at any time. Such withdrawal of your consent will not affect the lawfulness of our processing of your personal information before such withdrawal.

Moreover, we process your personal information to:

Where we process your personal information on the basis of Art. 6 (1) (b) GDPR, you are contractually required to provide us with your data, and we are not able to provide our services without such data.

If we process your personal information on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) and in case you want to learn more about our balancing of interests, please contact our Data Protection Officer at

Using our Services

Account Information.

The information we collect and associate with your account (“Account Information”).

This includes your identifying information, e-mail address, first name, last name, personal and/or business billing information, profile picture or similar online identifier.

And also includes commercial information such as your billing history and Service consumption history. The legal basis is Art. 6 (1) (b) GDPR.

Your Data.

This is what you decide to store in your Neckar account.

Our Services are designed to store and maintain documents, their meta-data (labels, attributes, descriptions), access rights to them, and so on (“Your Data”), perform structured queries to Your Data, collaborate with other users and external services, and work across multiple devices.

To make that possible, we store, process, and transmit Your Data as well as information related to it. The legal basis is Art. 6 (1) (b) GDPR.

Device information.

We also collect information about the devices you use to access the Services. This includes things like IP addresses, geolocation, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. The legal basis is Art. 6 (1) (b) GDPR. We furthermore collect that information for the detection and defense of misuse which is justified by our legitimate interest according Art. 6 (1) (f) GDPR and is being conducted in order to ensure the proper functioning of our Services.

Usage information.

We collect information related to how you interact with the Services or advertisements, including actions you take in your account (sign-in, create a document, edit, change access rights, view, query and so on). We use this information to provide, improve, and promote our Services, and protect our users. The legal basis is Art. 6 (1) (b) GDPR.

Marketing communications and further purposes

We may also use your personal information for purposes such as:

We will ask you for your prior consent before contacting you accordingly and the legal basis for such processing of your personal information is your consent (Art. 6 (1) (a) GDPR). Where you are able to subscribe to periodic information updates (e.g. our newsletters), we are using the double-opt-in method (confirmation of your email address by confirmation email before the first marketing communication is sent) in order to verify consent.You may withdraw your consent at any time with future effect which will not affect the processing of your personal information being undertaken until the withdrawal by

Transfer of personal information

In order to provide, improve, protect, and promote our Services, we may share your personal information with trusted third parties, but we won’t sell it to advertisers or other third parties.

These third parties may access your information to perform tasks on our behalf, and we’ll remain responsible for their handling of your information per our instructions.

Regardless of where these service providers or other third parties are located, we require that they also comply with the GDPR and the applicable data protection laws.

Trusted third parties.

Trusted third parties are companies or individuals that we are using for business purposes to help us to provide, improve, protect, and promote our Services.

For example, trusted third parties may access your information to provide data storage services, IT Infrastructure, or customer support services.

We use the following categories of service providers or other third parties:

Other Neckar users.

Our Services allow you to collaborate with other Neckar users or teams. For example, you can grant read or write rights to some parts (or the whole set) of Your Data. As well collaborators and potential collaborators may get access to some of your basic account information, like your name, profile picture, e-mail address and Services usage information.

Law & Order and the Public Interest.

We may disclose your personal information to third parties if we determine that such disclosure is reasonably necessary to:


We use tracking technologies like cookies to provide, improve, and promote our Services. Cookies are small text files that are placed on your computer by the websites that you visit. These text files are used to help identify when you return to a website. Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your computer, when you have gone offline, while session cookies are deleted, as soon as you close your web browser. You can set your browser to not accept cookies, but this may limit your ability to use the Services.

We use cookies which are strictly necessary to provide you with the services requested by you. The legal basis for such use of cookies is Art. 6 (1) (b) GDPR. Moreover, we are using marketing and advertising cookies and the legal basis for this is Art. 6 (1) (f) GDPR. Our legitimate interest in processing your personal information in this context is to optimize the Services, to customize the user experience and to offer you advertising tailored to your interests.

We also use cookies to collect information on your usage of our Services for monitoring and debugging purposes to help us improve our product and services. Information collected includes IP address, anonymized errors logs, and the type of web browser and platform you use. The legal basis for this are our legitimate interests (Art. 6 (1) (f) GDPR) in keeping our Services error-free and to optimize our Services.

The use of cookies by third-party service providers are not covered by this Privacy Policy.

Data retention

We delete or anonymize your personal information as soon as it is no longer required for the purposes we have collected your personal information as outlined in this Privacy Policy, unless further processing or storage of your personal information is necessary in order to comply with a respective legal obligation.

We’ll retain the information you store in our Services for as long as your account exists or as long as we need it to provide you the Services. If you close your account, we’ll initiate the deletion of your information after 30 days. Please note that in some cases, there might be some latency in deleting your information from our servers and back-ups. As well we may retain some of your information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.

If you want to learn more about our data retention concept, please contact our Data Protection Officer at

Information about your rights

You have the following rights:

You can assert your abovementioned rights by contacting our Data Protection Officer at

Right to lodge a complaint before the data protection authority

You have the right to lodge a complaint with a supervisory authority if you consider that our processing of your information relating to you infringes the GDPR. Please contact our Data Protection Officer at, and we will provide you with detailed information as regards the contact details of the respective supervisory authority.


We may update our Privacy Policy from time to time and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.


Please contact our Data Protection Officer at in case you have any questions.