Last Updated: 12.11.2021
Here you can find the description of how we collect, use, and handle your personal data when you use our websites and services (“Services”).
We store your personal information on our servers which are located in Germany. Germany provides an adequate level of data protection as required by Art 45 (1) GDPR.
The data controller according to Art. 4 (7) GDPR is
SUPREMATIC Technology Arts GmbH
Purposes and legal basis for the processing of your personal information
Moreover, we process your personal information to:
- Provide you with the Services you have requested (Legal basis: Art. 6 (1) (b) GDPR);
- Process your payment, including recurring payments as you request (Legal basis: Art. 6 (1) (b) GDPR);
- Communicate with you about the Services you have requested (Legal basis: Art. 6 (1) (b) GDPR);
- Ensure that you are properly registered to use our Services and to receive any associated technical
- support (Legal basis: Art. 6 (1) (b) GDPR);
- Inform you of any important updates (Legal basis: Art. 6 (1) (b) GDPR);
- Improve and protect our Services (Legal basis: Art. 6 (1) (f) GDPR);
Where we process your personal information on the basis of Art. 6 (1) (b) GDPR, you are contractually required to provide us with your data, and we are not able to provide our services without such data.
If we process your personal information on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) and in case you want to learn more about our balancing of interests, please contact our Data Protection Officer at firstname.lastname@example.org.
Using our Services
The information we collect and associate with your account (“Account Information”).
This includes your identifying information, e-mail address, first name, last name, personal and/or business billing information, profile picture or similar online identifier.
And also includes commercial information such as your billing history and Service consumption history. The legal basis is Art. 6 (1) (b) GDPR.
This is what you decide to store in your Neckar account.
Our Services are designed to store and maintain documents, their meta-data (labels, attributes, descriptions), access rights to them, and so on (“Your Data”), perform structured queries to Your Data, collaborate with other users and external services, and work across multiple devices.
To make that possible, we store, process, and transmit Your Data as well as information related to it. The legal basis is Art. 6 (1) (b) GDPR.
We also collect information about the devices you use to access the Services. This includes things like IP addresses, geolocation, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. The legal basis is Art. 6 (1) (b) GDPR. We furthermore collect that information for the detection and defense of misuse which is justified by our legitimate interest according Art. 6 (1) (f) GDPR and is being conducted in order to ensure the proper functioning of our Services.
We collect information related to how you interact with the Services or advertisements, including actions you take in your account (sign-in, create a document, edit, change access rights, view, query and so on). We use this information to provide, improve, and promote our Services, and protect our users. The legal basis is Art. 6 (1) (b) GDPR.
Marketing communications and further purposes
We may also use your personal information for purposes such as:
- Letting you know about new or upgraded Services;
- Inviting you to participate in customer surveys or other opinion-gathering devices.
We will ask you for your prior consent before contacting you accordingly and the legal basis for such processing of your personal information is your consent (Art. 6 (1) (a) GDPR). Where you are able to subscribe to periodic information updates (e.g. our newsletters), we are using the double-opt-in method (confirmation of your email address by confirmation email before the first marketing communication is sent) in order to verify consent.You may withdraw your consent at any time with future effect which will not affect the processing of your personal information being undertaken until the withdrawal by
- using the unsubscribe link in the email we have sent you, or
- changing your media preferences in your account profile, or
- contacting us at email@example.com
Transfer of personal information
In order to provide, improve, protect, and promote our Services, we may share your personal information with trusted third parties, but we won’t sell it to advertisers or other third parties.
These third parties may access your information to perform tasks on our behalf, and we’ll remain responsible for their handling of your information per our instructions.
Regardless of where these service providers or other third parties are located, we require that they also comply with the GDPR and the applicable data protection laws.
Trusted third parties.
Trusted third parties are companies or individuals that we are using for business purposes to help us to provide, improve, protect, and promote our Services.
For example, trusted third parties may access your information to provide data storage services, IT Infrastructure, or customer support services.
We use the following categories of service providers or other third parties:
- data storage and IT Infrastructure services
- Amazon Web Services, EU
- Hetzner, DE
- billing and payment processing services
- Paypal, US
- Klarna Bank, SE
- technical support
- Slack Technologies, US
- marketing communications
- MailChimp, US
- Google, US
- Amplitude, US
Other Neckar users.
Our Services allow you to collaborate with other Neckar users or teams. For example, you can grant read or write rights to some parts (or the whole set) of Your Data. As well collaborators and potential collaborators may get access to some of your basic account information, like your name, profile picture, e-mail address and Services usage information.
Law & Order and the Public Interest.
We may disclose your personal information to third parties if we determine that such disclosure is reasonably necessary to:
- comply with any applicable law, regulation, legal process, or appropriate government request;
- any person from death or severe adverse health;
- prevent fraud or abuse of our Services or our users.
We use tracking technologies like cookies to provide, improve, and promote our Services. Cookies are small text files that are placed on your computer by the websites that you visit. These text files are used to help identify when you return to a website. Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your computer, when you have gone offline, while session cookies are deleted, as soon as you close your web browser. You can set your browser to not accept cookies, but this may limit your ability to use the Services.
We’ll retain the information you store in our Services for as long as your account exists or as long as we need it to provide you the Services. If you close your account, we’ll initiate the deletion of your information after 30 days. Please note that in some cases, there might be some latency in deleting your information from our servers and back-ups. As well we may retain some of your information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
If you want to learn more about our data retention concept, please contact our Data Protection Officer at firstname.lastname@example.org
Information about your rights
You have the following rights:
- Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether or not your personal information is being processed, and, where that is the case, to request access to the personal information and information such as the purposes of the processing or the categories of personal information concerned.
- Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal information.
- Right to erasure (Art. 17 GDPR): You have the right to request erasure of personal information without undue delay under certain circumstances, e.g. if your personal information is no longer necessary for the purposes for which it was collected or if you withdraw consent on which processing is based according to Art. 6 (1) (a) GDPR and where there is no other legal ground for processing.
- Right to restriction of processing (Art. 18 GDPR): You have the right to request us to restrict the processing of your personal information under certain circumstances, e.g. if you think that the personal information we process about you is incorrect or unlawful.
- Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal information under certain circumstances, in particular if we process your personal information on the legal basis of legitimate interest (Art. 6 (1) (f) GDPR) or if we use your personal information for marketing purposes.
- Right to data portability (Art. 20 GDPR): Under certain circumstances, you have the right to receive your personal information you have provided us with, in a structured, commonly used and machine-readable format and you have the right to transmit that information to another controller without hindrance or ask us to do so.
You can assert your abovementioned rights by contacting our Data Protection Officer at email@example.com
Right to lodge a complaint before the data protection authority
You have the right to lodge a complaint with a supervisory authority if you consider that our processing of your information relating to you infringes the GDPR. Please contact our Data Protection Officer at firstname.lastname@example.org, and we will provide you with detailed information as regards the contact details of the respective supervisory authority.
Please contact our Data Protection Officer at email@example.com in case you have any questions.