Privacy Policy

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States as well as other data protection provisions is:

SUSMATA AG

Schlattwiesen 25
72131 Ofterdingen
Germany

Represented by: Meral Dogan
Registered in the Commercial Register of the District Court of Stuttgart, HRB 801283

Email: info@susmata.com

2. Data Protection Officer

Our internal Data Protection Officer can be reached at:

Meral Dogan

SUSMATA AG
Schlattwiesen 25
72131 Ofterdingen
Germany

Email: info@susmata.com

3. General Information on Data Processing & Legal Bases

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. Processing is generally carried out only after obtaining the user's consent or where another legal basis applies.

Legal bases

  • Art. 6(1)(a) GDPR – consent (e.g., newsletter, non-essential cookies).
  • Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures.
  • Art. 6(1)(c) GDPR – compliance with a legal obligation.
  • Art. 6(1)(f) GDPR – legitimate interests (e.g., secure operation of the website, handling enquiries).

Retention and erasure

Personal data will be erased as soon as the purpose of processing ceases to apply and no statutory retention obligations require further storage.

Transfers to third countries

Personal data will only be transferred to countries outside the EU/EEA if the requirements of Art. 44 et seq. GDPR are met (e.g., adequacy decision, standard contractual clauses, explicit consent).

4. Your Rights as a Data Subject

You have the following rights with regard to personal data relating to you:

  • right of access (Art. 15 GDPR),
  • right to rectification (Art. 16 GDPR),
  • right to erasure (Art. 17 GDPR),
  • right to restriction of processing (Art. 18 GDPR),
  • right to data portability (Art. 20 GDPR),
  • right to object to processing (Art. 21 GDPR),
  • right to withdraw any consent given, with effect for the future (Art. 7(3) GDPR).

To exercise your rights, an informal message to the contact addresses listed under sections 1 or 2 is sufficient.

Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data (Art. 77 GDPR). The competent authority for us is:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstraße 10a, 70173 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de

5. Hosting & Server Log Files

This website is hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. A data processing agreement pursuant to Art. 28 GDPR is in place. Processing takes place exclusively within the European Union.

Each time the website is accessed, technically necessary data is automatically recorded by our hosting provider in so-called server log files:

  • anonymised IP address of the requesting device,
  • date and time of access,
  • name and URL of the file retrieved,
  • amount of data transferred and HTTP status code,
  • referrer URL (previously visited page),
  • browser and operating system used.

Purpose: ensuring a smooth connection, comfortable use, evaluation of system security and stability, and defence against attacks.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and stable operation of the website).

Retention: log files are stored for a maximum of 14 days and then deleted. The data is not combined with other data sources.

6. Contact Form

We offer you the option of contacting us via a contact form on our website. The following data is collected:

  • First name (required),
  • Last name (required),
  • Company (optional),
  • Role / position (optional),
  • Email address (required),
  • Your message (required),
  • Confirmation of the privacy policy (required, consent).

The data is transmitted exclusively by email to info@susmata.com; it is not stored on the web server.

Purpose: handling your enquiry and any related follow-up communication.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures), to the extent your enquiry aims at concluding a contract; otherwise Art. 6(1)(f) GDPR (legitimate interest in responding effectively to enquiries) as well as Art. 6(1)(a) GDPR (consent).

Retention: the transmitted data is stored until your enquiry has been finally processed and is then deleted, unless statutory retention obligations require further storage.

7. Newsletter (Brevo)

You can subscribe to our newsletter on our website. During registration, the following data is collected:

  • email address,
  • consent to receive the newsletter,
  • date and time of registration and confirmation (for documentation purposes).

Double opt-in procedure

Registration takes place using the so-called double opt-in procedure. After registering, you will receive an email containing a confirmation link. Your email address will only be added to our mailing list after you click on this link. This ensures that the registration was actually made by you.

Sending service provider: Brevo

The newsletter is sent via the Brevo service operated by Sendinblue GmbH (Köpenicker Straße 126, 10179 Berlin, Germany) as part of the Brevo group (Brevo SAS, 106 boulevard Haussmann, 75008 Paris, France). A data processing agreement pursuant to Art. 28 GDPR is in place.

Performance measurement (click rates)

Our newsletters contain so-called tracking pixels and individualised links that allow us to evaluate whether and when you have opened a newsletter email and which links you have clicked on. This information is used for statistical analysis and to optimise our newsletter content.

Legal basis: Art. 6(1)(a) GDPR (consent).

Retention: the data is stored for as long as you have subscribed to the newsletter. After unsubscribing, the data is stored in a blocklist where necessary to prevent future mailings.

Withdrawal of consent / unsubscribing

You may withdraw your consent to receive the newsletter and to performance measurement at any time with effect for the future, e.g. via the unsubscribe link in every newsletter or by email to info@susmata.com.

For more information on data protection at Brevo, please see: www.brevo.com/legal/privacypolicy/

8. Cookie Consent via Cookiebot

On our website we use the consent management tool Cookiebot operated by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot allows us to obtain and document users' consent to the processing of personal data in a legally compliant manner.

Currently, this website uses only strictly necessary cookies required for the operation of the website. No consent is required for these.

In connection with the use of Cookiebot, the following data is processed:

  • anonymised IP address,
  • date and time of consent,
  • browser information,
  • device information,
  • consent status (as proof).

Legal basis: Art. 6(1)(c) GDPR (legal obligation to document consent) and Art. 6(1)(f) GDPR (legitimate interest in a legally compliant consent management).

Retention: consent data is stored for up to 12 months in accordance with statutory documentation requirements.

For more information on data protection at Cookiebot, please see: www.cookiebot.com/en/privacy-policy/

9. Data Security

We use the widely used SSL/TLS encryption procedure during your visit to our website, in conjunction with the highest level of encryption supported by your browser. In addition, we use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties.

10. Updates to this Privacy Policy

This privacy policy is currently valid and was last updated in May 2026. Due to the further development of our website and offers, or because of changing legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version can be accessed on this page at any time.