Maintaining the privacy of your data is a top priority at Sustainability Agents SUSA GmbH (“SUSA”). This is why SUSA considers it essential to establish a high standard of data privacy and continually improve upon it. We therefore adhere to the statutory requirements of the Federal Republic of Germany and the European Union in all data processing procedures. One of our main concerns is that you should be able to determine to what extent SUSA processes your data and that you should decide in what manner you provide information to us.
Contact and so-called Controller for the processing of your personal data under the terms of the EU General Data Protection Regulation (GDPR) when you visit this website is
Sustainability Agents SUSA GmbH
Forster Str. 57
+49 30 9405 4133
For all questions about matters of privacy in connection with our services or the use of our website you can also contact our Data Protection Officer at any time. They can be reached under the above postal address and under the e-mail address given above (mark your communication: “FOA Data Protection Officer”).
2. Processing of personal data
In order to render our services, it is necessary to process personal data as specified below.
2.1. Personal Data
Personal data means any information relating to an identified or identifiable natural person. They include particularly all information making it possible to conclude your identity, for instance your name, telephone number, address or e-mail address.
2.2. Processing of Your Personal Data
We process your data for the purpose of browsing our website and contacting us via our contact form.
2.2.1 Accessing Our Website
Every time our website is used, we collect the access data which your browser automatically transmits to make your visit to the website possible. These access data comprise in particular:
- IP address of your device
- Date and time of access
- Address of the website called up and of the website enquiring
- Information on the browser and operating system used
- Online identifiers (e.g. device identifiers, session IDs)
The processing of these access data is necessary in order to make the visit to the website possible and to ensure the permanent functionality and security of our systems. The access data are in addition saved for the foregoing purposes in internal logfiles, in order to develop our website further with regard to the usage patterns of our visitors (e.g. if the proportion of mobile devices on which the pages are called up rises) and in order to administer our website in a general way. The legal basis is Art. 6, Paragraph 1, Clause 1, Point (b) of the GDPR.
The information saved in the logfiles allows no direct conclusion to be drawn about you as a person – in particular, we save the IP addresses only in abbreviated, anonymised form. The logfiles are saved for 7 days and archived following subsequent anonymisation.
2.2.2. Contact Form
We offer a contact form on our website that you can use to get in touch with us, to ask questions about our approach and work or to provide us with feedback. Therefore, we kindly ask you to provide us with your name, your e-mail address, the subject matter of the inquiry and the actual message. By clicking the box below the message form, you are able to send a copy of the entries to yourself. All details in the contact form are mandatory, however, if you do not wish to enter your name, please feel free to use an alias. Input in our contact form is saved for no longer than one year. The legal basis is Art. 6, Paragraph 1, Clause 1, Point (b) of the GDPR.
You are not required to accept cookies in order to visit our website. However, please note that you may not be able to use certain site features if you disable the receipt of SUSA cookies.
3.1. General Information about Cookies
3.2. Cookies Used by SUSA
SUSA uses the CloudFlare Cookie (_cfduid). The “__cfduid” cookie is a third party cookie. It is set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information. https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-. It expires in 1 year.
You can change your browser settings to prevent cookies from being accepted unless you have approved them. In most cases, the help function in the menu bar of your web browser will explain how to reject new cookies and how to disable cookies you have already received. We recommend always logging out fully after you have used a computer which has multiple users and is set up to accept cookies.
5. Use of Google fonts
6. Google Maps
Our website uses the Google Maps mapping service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”), in particular to help us geographically represent our projects.
In order to integrate Google maps and to display it in your web browser, your web browser must be able to connect to a Google server, which may also be located in the United States. In the event of personal information being transferred to the US, Google has participated in the EU-US Privacy Shield. Google receives the information of our website being accessed from the IP address of your device. The legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO, based on our legitimate interest in the integration of a map service to establish contact. Google and SUSA have set out the respective data protection obligations in an agreement.
If you visit the Google Maps service on our website while logged in to your Google profile, Google may also link this event to your Google profile. If you do not wish to be associated with your Google profile, you will need to log out of Google before accessing our project/contact page. Google stores your data and uses it for advertising, market research, and personalized viewing of Google Maps. You may object to this data collection against Google.
7. Transmission of Data
Data which we have collected are passed on only if:
- You have given an express declaration of consent for this, pursuant to Art. 6, Paragraph 1, Clause 1, Point (a) of the GDPR,
- Further transmission is necessary, pursuant to Art. 6, Paragraph 1, Clause 1, Point (f) of the GDPR, for bringing, exercising or defending legal claims, and no reason exists to suppose that you have a predominant and properly protected interest in preventing your data from being passed on,
- We have a legal duty to pass on your data pursuant to Art. 6, Paragraph 1, Clause 1, Point (c) of the GDPR, or
- This is legally permissible and requisite, pursuant to Art. 6, Paragraph 1, Clause 1, Point (b) of the GDPR, for the handling of contracts with yourself or for the execution of precontractual actions which are being carried out at your request.
Further transmission may also be made in connection with requests by government authorities, decisions of the courts and legal proceedings if it is necessary for prosecution or execution at law.
8. Your Privacy Rights
You have the right at any time to require us to provide information about the processing of your personal data (right of access). When providing you with this information we shall explain the data processing and supply an overview of the data relating to your person which are stored. Should data stored with us be inaccurate or no longer up-to-date, you enjoy the right to have these data corrected (right to rectification). You can also require the erasure of your data(right to erasure or right to be forgotten). Should the erasure exceptionally not be possible due to other legal regulations, the data processing will be restricted, so that in future they are only available for this statutory purpose. You can also have the processing of your data restricted, i.e. if you believe that the data which we have saved are not correct(right to restriction of processing). You also have the right of data portability, i.e. that we send you on request a digital copy of the personal data which you have provided (right to data portability).
To exercise your rights as set out here, you can communicate with the foregoing contact details at any time. This also applies should you wish to receive copies of guarantees for certification of an adequate data-protection level.
Finally, you have the right to complain to the regulatory authority to which we are subject. You can exercise this right at a regulatory authority in the member country of your place of residence, of your workplace, or of the place of alleged breach. In Berlin where SUSA is located the competent regulatory authority is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstrasse 219, 10969 Berlin.
9. Right of Revocation and Objection
Under Article 7, para. 3 of the GDPR you have the right at any time to withdraw to us any consent which has once been given. This will have as a consequence that in future we no longer continue the data processing based on this consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Insofar as we process your data on the basis of legitimate interests under Art. 6, para. 1, lit. f GDPR, you have the right under Art. 21 GDPR to object to the processing of your data and to mention grounds relating to your particular situation that in your opinion speak in favour of prevailing legitimate interests. Where personal data are processed for direct marketing purposes, you have a general right of objection which will also be implemented by us without your stating reasons.
If you wish to make use of your right to withdraw or object, a notification without set form to the contact details above will be sufficient.
10. Right of Revocation and Objection
Version: 1.2, November 2018