Privacy Policy

The following Privacy Policy provides an overview of the kind of data being collected, the manner in which this data is being processed, and the way in which you will be obtaining information about the data provided to us.

Maintaining the privacy of your data is a top priority at Sustainability Agents SUSA GmbH (“SUSA”). This is why SUSA considers it essential to establish a high standard of data privacy and continually improve upon it. We therefore adhere to the statutory requirements of the Federal Republic of Germany and the European Union in all data processing procedures. One of our main concerns is that you should be able to determine to what extent SUSA processes your data and that you should decide in what manner you provide information to us.

1. Contact

Contact and so-called Controller for the processing of your personal data under the terms of the EU General Data Protection Regulation (GDPR) when you visit this website is

Sustainability Agents SUSA GmbH

Forster Str. 57

10999 Berlin

+49 30 9405 4133

For all questions about matters of privacy in connection with our services or the use of our website you can also contact our Data Protection Officer at any time. They can be reached under the above postal address and under the e-mail address given above (mark your communication: “FOA Data Protection Officer”).

2. Processing of personal data

In order to render our services, it is necessary to process personal data as specified below.

2.1. Personal Data

Personal data means any information relating to an identified or identifiable natural person. They include particularly all information making it possible to conclude your identity, for instance your name, telephone number, address or e-mail address.

2.2. Processing of Your Personal Data

We process your data for the purpose of browsing our website and contacting us via our contact form.

2.2.1 Accessing Our Website

Every time our website is used, we collect the access data which your browser automatically transmits to make your visit to the website possible. These access data comprise in particular:

  • IP address of your device
  • Date and time of access
  • Address of the website called up and of the website enquiring
  • Information on the browser and operating system used
  • Online identifiers (e.g. device identifiers, session IDs)

The processing of these access data is necessary in order to make the visit to the website possible and to ensure the permanent functionality and security of our systems. The access data are in addition saved for the foregoing purposes in internal logfiles, in order to develop our website further with regard to the usage patterns of our visitors (e.g. if the proportion of mobile devices on which the pages are called up rises) and in order to administer our website in a general way. The legal basis is Art. 6, Paragraph 1, Clause 1, Point (b) of the GDPR.

The information saved in the logfiles allows no direct conclusion to be drawn about you as a person – in particular, we save the IP addresses only in abbreviated, anonymised form. The logfiles are saved for 7 days and archived following subsequent anonymisation.

2.2.2. Contact Form

We offer a contact form on our website that you can use to get in touch with us, to ask questions about our approach and work or to provide us with feedback. Therefore, we kindly ask you to provide us with your name, your e-mail address, the subject matter of the inquiry and the actual message. By clicking the box below the message form, you are able to send a copy of the entries to yourself. All details in the contact form are mandatory, however, if you do not wish to enter your name, please feel free to use an alias. Input in our contact form is saved for no longer than one year. The legal basis is Art. 6, Paragraph 1, Clause 1, Point (b) of the GDPR.

3. Use of Cookies

You are not required to accept cookies in order to visit our website. However, please note that you may not be able to use certain site features if you disable the receipt of SUSA cookies.

3.1. General Information about Cookies

Cookies are small text files stored on your computer, cell phone or other device the first time you visit SUSA, which then help us to recognise you as a user the next time you visit the SUSA website using the same computer and web browser. We use cookies to present our services to you in the most convenient, efficient and interesting manner and thus continually improve the quality of our service.

3.2. Cookies Used by SUSA

Most cookies used by us are automatically deleted from your hard drive once you end your browser session (hence session cookies). Session cookies automatically expire at the end of your session. In addition, we also use cookies that remain on your hard drive. Upon your next visit, SUSA automatically identifies that you have visited our website in the past and recalls stored information and preferred settings. These temporary – or permanent – cookies (lifespan of up to one year) are stored on your hard drive and are deleted automatically after the time specified. These cookies serve in particular to make our website more user-friendly, more powerful and more secure.

SUSA uses the CloudFlare Cookie (_cfduid). The “__cfduid” cookie is a third party cookie. It is set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information. It expires in 1 year.

You can change your browser settings to prevent cookies from being accepted unless you have approved them. In most cases, the help function in the menu bar of your web browser will explain how to reject new cookies and how to disable cookies you have already received. We recommend always logging out fully after you have used a computer which has multiple users and is set up to accept cookies.

4. Security

SUSA has taken numerous security precautions to reasonably and adequately protect your personal data. Physical, technical and procedural protections are in place to secure our databases and restrict access to the information to authorised persons in compliance with this Privacy Policy. Sensitive data are sent to SUSA exclusively using encrypted transmission (SSL/TLS technology).

5. Use of Google fonts

Our Website uses Google Fonts (“Web Fonts”) for consistent presentation of texts. This is a service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). open a web page, to display texts and fonts correctly, your browser loads the required web fonts into your browser cache. To be able to do this, your browser must connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. The server to connect may be based in the US. In the event of personal information being transferred to US, Google has participated in the EU-US Privacy Shield. We use Google Web fonts in the interest of a consistent and attractive presentation of our online presence. The legal basis for data processing is Art. 6 para. I lit. f DSGVO based on the aforementioned interests. For more information, see the FAQs and the Google Privacy Policy

6. Google Maps

Our website uses the Google Maps mapping service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”), in particular to help us geographically represent our projects.

In order to integrate Google maps and to display it in your web browser, your web browser must be able to connect to a Google server, which may also be located in the United States. In the event of personal information being transferred to the US, Google has participated in the EU-US Privacy Shield. Google receives the information of our website being accessed from the IP address of your device. The legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO, based on our legitimate interest in the integration of a map service to establish contact. Google and SUSA have set out the respective data protection obligations in an agreement.

If you visit the Google Maps service on our website while logged in to your Google profile, Google may also link this event to your Google profile. If you do not wish to be associated with your Google profile, you will need to log out of Google before accessing our project/contact page. Google stores your data and uses it for advertising, market research, and personalized viewing of Google Maps. You may object to this data collection against Google.

For more information, please see the Google Privacy Policy and the Additional Terms of Use for Google Maps.

7. Transmission of Data

Data which we have collected are passed on only if:

  • You have given an express declaration of consent for this, pursuant to Art. 6, Paragraph 1, Clause 1, Point (a) of the GDPR,
  • Further transmission is necessary, pursuant to Art. 6, Paragraph 1, Clause 1, Point (f) of the GDPR, for bringing, exercising or defending legal claims, and no reason exists to suppose that you have a predominant and properly protected interest in preventing your data from being passed on,
  • We have a legal duty to pass on your data pursuant to Art. 6, Paragraph 1, Clause 1, Point (c) of the GDPR, or
  • This is legally permissible and requisite, pursuant to Art. 6, Paragraph 1, Clause 1, Point (b) of the GDPR, for the handling of contracts with yourself or for the execution of precontractual actions which are being carried out at your request.

A part of the data processing can be handled via service providers. Along with the service providers stated in this Privacy Policy, these may include in particular computer centres which store our website and databases, IT service providers which maintain our systems, and consultancy firms. Should we pass data on to our service providers, these data may only be used for performance of their tasks. We select and commission these service providers carefully. They are bound contractually to follow our instructions, have suitable technical and organisational measures for the protection of the rights of data subjects, and are monitored by ourselves on a regular basis.

Further transmission may also be made in connection with requests by government authorities, decisions of the courts and legal proceedings if it is necessary for prosecution or execution at law.

8. Your Privacy Rights

You have the right at any time to require us to provide information about the processing of your personal data (right of access). When providing you with this information we shall explain the data processing and supply an overview of the data relating to your person which are stored. Should data stored with us be inaccurate or no longer up-to-date, you enjoy the right to have these data corrected (right to rectification). You can also require the erasure of your data(right to erasure or right to be forgotten). Should the erasure exceptionally not be possible due to other legal regulations, the data processing will be restricted, so that in future they are only available for this statutory purpose. You can also have the processing of your data restricted, i.e. if you believe that the data which we have saved are not correct(right to restriction of processing). You also have the right of data portability, i.e. that we send you on request a digital copy of the personal data which you have provided (right to data portability).

To exercise your rights as set out here, you can communicate with the foregoing contact details at any time. This also applies should you wish to receive copies of guarantees for certification of an adequate data-protection level.

Finally, you have the right to complain to the regulatory authority to which we are subject. You can exercise this right at a regulatory authority in the member country of your place of residence, of your workplace, or of the place of alleged breach. In Berlin where SUSA is located the competent regulatory authority is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstrasse 219, 10969 Berlin.

9. Right of Revocation and Objection

Under Article 7, para. 3 of the GDPR you have the right at any time to withdraw to us any consent which has once been given. This will have as a consequence that in future we no longer continue the data processing based on this consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Insofar as we process your data on the basis of legitimate interests under Art. 6, para. 1, lit. f GDPR, you have the right under Art. 21 GDPR to object to the processing of your data and to mention grounds relating to your particular situation that in your opinion speak in favour of prevailing legitimate interests. Where personal data are processed for direct marketing purposes, you have a general right of objection which will also be implemented by us without your stating reasons.

If you wish to make use of your right to withdraw or object, a notification without set form to the contact details above will be sufficient.

10. Right of Revocation and Objection

We occasionally update this Privacy Policy, for instance when we revise our website or statutory regulations change.

Version: 1.2, November 2018