PRIVACY POLICY

Last Updated: 12.11.2021

Here you can find the description of how we collect, use, and handle your personal data when you use our websites and services (“Services”).

Storage Location

We store your personal information on our servers which are located in Germany. Germany provides an adequate level of data protection as required by Art 45 (1) GDPR.

Data Controller

The data controller according to Art. 4 (7) GDPR is

SUPREMATIC Technology Arts GmbH
Hospitalstr. 35
70174 Stuttgart
Germany

General questions: info@suprematic.de
Data Protection Officer (Privacy Officer): privacy@suprematic.de

Purposes and legal basis for the processing of your personal information

We will process your personal information only with your knowledge and consent (Art. 6 (1) (a) GDPR), except where permitted or required by the law or defined in this Privacy Policy. Where we process your personal information on the legal basis of your consent, you have the right to withdraw your consent at any time. Such withdrawal of your consent will not affect the lawfulness of our processing of your personal information before such withdrawal.

Moreover, we process your personal information to:

• Provide you with the Services you have requested (Legal basis: Art. 6 (1) (b) GDPR);
• Process your payment, including recurring payments as you request (Legal basis: Art. 6 (1) (b) GDPR);
• Communicate with you about the Services you have requested (Legal basis: Art. 6 (1) (b) GDPR);
• Ensure that you are properly registered to use our Services and to receive any associated technical
• support (Legal basis: Art. 6 (1) (b) GDPR);
• Inform you of any important updates (Legal basis: Art. 6 (1) (b) GDPR);
• Improve and protect our Services (Legal basis: Art. 6 (1) (f) GDPR);

Where we process your personal information on the basis of Art. 6 (1) (b) GDPR, you are contractually required to provide us with your data, and we are not able to provide our services without such data.

If we process your personal information on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) and in case you want to learn more about our balancing of interests, please contact our Data Protection Officer at privacy@suprematic.de.

Using our Services

Account Information.

The information we collect and associate with your account (“Account Information”).

This includes your identifying information, e-mail address, first name, last name, personal and/or business billing information, profile picture or similar online identifier.

And also includes commercial information such as your billing history and Service consumption history. The legal basis is Art. 6 (1) (b) GDPR.

Your Data.

This is what you decide to store in your Neckar account.

Our Services are designed to store and maintain documents, their meta-data (labels, attributes, descriptions), access rights to them, and so on (“Your Data”), perform structured queries to Your Data, collaborate with other users and external services, and work across multiple devices.

To make that possible, we store, process, and transmit Your Data as well as information related to it. The legal basis is Art. 6 (1) (b) GDPR.

Device information.

We also collect information about the devices you use to access the Services. This includes things like IP addresses, geolocation, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. The legal basis is Art. 6 (1) (b) GDPR. We furthermore collect that information for the detection and defense of misuse which is justified by our legitimate interest according Art. 6 (1) (f) GDPR and is being conducted in order to ensure the proper functioning of our Services.

Usage information.

We collect information related to how you interact with the Services or advertisements, including actions you take in your account (sign-in, create a document, edit, change access rights, view, query and so on). We use this information to provide, improve, and promote our Services, and protect our users. The legal basis is Art. 6 (1) (b) GDPR.

Marketing communications and further purposes

We may also use your personal information for purposes such as:

• Letting you know about new or upgraded Services;
• Inviting you to participate in customer surveys or other opinion-gathering devices.

We will ask you for your prior consent before contacting you accordingly and the legal basis for such processing of your personal information is your consent (Art. 6 (1) (a) GDPR). Where you are able to subscribe to periodic information updates (e.g. our newsletters), we are using the double-opt-in method (confirmation of your email address by confirmation email before the first marketing communication is sent) in order to verify consent.You may withdraw your consent at any time with future effect which will not affect the processing of your personal information being undertaken until the withdrawal by

• using the unsubscribe link in the email we have sent you, or
• changing your media preferences in your account profile, or
• contacting us at support@suprematic.de

Transfer of personal information

In order to provide, improve, protect, and promote our Services, we may share your personal information with trusted third parties, but we won’t sell it to advertisers or other third parties.

These third parties may access your information to perform tasks on our behalf, and we’ll remain responsible for their handling of your information per our instructions.

Regardless of where these service providers or other third parties are located, we require that they also comply with the GDPR and the applicable data protection laws.

Trusted third parties.

Trusted third parties are companies or individuals that we are using for business purposes to help us to provide, improve, protect, and promote our Services.

For example, trusted third parties may access your information to provide data storage services, IT Infrastructure, or customer support services.

We use the following categories of service providers or other third parties:

• data storage and IT Infrastructure services
  • Amazon Web Services, EU
  • Hetzner, DE
• billing and payment processing services
  • Paypal, US
  • Klarna Bank, SE
• technical support
  • Slack Technologies, US
• marketing communications
  • MailChimp, US
• analytics
  • Google, US
  • Amplitude, US

Other Neckar users.

Our Services allow you to collaborate with other Neckar users or teams. For example, you can grant read or write rights to some parts (or the whole set) of Your Data. As well collaborators and potential collaborators may get access to some of your basic account information, like your name, profile picture, e-mail address and Services usage information.

Law & Order and the Public Interest.

We may disclose your personal information to third parties if we determine that such disclosure is reasonably necessary to:

• comply with any applicable law, regulation, legal process, or appropriate government request;
• any person from death or severe adverse health;
• prevent fraud or abuse of our Services or our users.

Cookies

We use tracking technologies like cookies to provide, improve, and promote our Services. Cookies are small text files that are placed on your computer by the websites that you visit. These text files are used to help identify when you return to a website. Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your computer, when you have gone offline, while session cookies are deleted, as soon as you close your web browser. You can set your browser to not accept cookies, but this may limit your ability to use the Services.

We use cookies which are strictly necessary to provide you with the services requested by you. The legal basis for such use of cookies is Art. 6 (1) (b) GDPR. Moreover, we are using marketing and advertising cookies and the legal basis for this is Art. 6 (1) (f) GDPR. Our legitimate interest in processing your personal information in this context is to optimize the Services, to customize the user experience and to offer you advertising tailored to your interests.

We also use cookies to collect information on your usage of our Services for monitoring and debugging purposes to help us improve our product and services. Information collected includes IP address, anonymized errors logs, and the type of web browser and platform you use. The legal basis for this are our legitimate interests (Art. 6 (1) (f) GDPR) in keeping our Services error-free and to optimize our Services.

The use of cookies by third-party service providers are not covered by this Privacy Policy.

Data retention

We delete or anonymize your personal information as soon as it is no longer required for the purposes we have collected your personal information as outlined in this Privacy Policy, unless further processing or storage of your personal information is necessary in order to comply with a respective legal obligation.

We’ll retain the information you store in our Services for as long as your account exists or as long as we need it to provide you the Services. If you close your account, we’ll initiate the deletion of your information after 30 days. Please note that in some cases, there might be some latency in deleting your information from our servers and back-ups. As well we may retain some of your information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.

If you want to learn more about our data retention concept, please contact our Data Protection Officer at privacy@suprematic.de

Information about your rights

You have the following rights:

• Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether or not your personal information is being processed, and, where that is the case, to request access to the personal information and information such as the purposes of the processing or the categories of personal information concerned.
• Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal information.
• Right to erasure (Art. 17 GDPR): You have the right to request erasure of personal information without undue delay under certain circumstances, e.g. if your personal information is no longer necessary for the purposes for which it was collected or if you withdraw consent on which processing is based according to Art. 6 (1) (a) GDPR and where there is no other legal ground for processing.
• Right to restriction of processing (Art. 18 GDPR): You have the right to request us to restrict the processing of your personal information under certain circumstances, e.g. if you think that the personal information we process about you is incorrect or unlawful.
• Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal information under certain circumstances, in particular if we process your personal information on the legal basis of legitimate interest (Art. 6 (1) (f) GDPR) or if we use your personal information for marketing purposes.
• Right to data portability (Art. 20 GDPR): Under certain circumstances, you have the right to receive your personal information you have provided us with, in a structured, commonly used and machine-readable format and you have the right to transmit that information to another controller without hindrance or ask us to do so.

You can assert your abovementioned rights by contacting our Data Protection Officer at privacy@suprematic.de

Right to lodge a complaint before the data protection authority

You have the right to lodge a complaint with a supervisory authority if you consider that our processing of your information relating to you infringes the GDPR. Please contact our Data Protection Officer at privacy@suprematic.de, and we will provide you with detailed information as regards the contact details of the respective supervisory authority.

Changes

We may update our Privacy Policy from time to time and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.

Contact

Please contact our Data Protection Officer at privacy@suprematic.de in case you have any questions.