The protection of your personal data is very important to us. In this privacy policy, you find all information about the collection and processing of your personal data when visiting our website and using our service. For more information about our service and our general terms and conditions, please see here www.data-cybernetics.com/general-terms-and-conditions.

1.           Controller

We, data cybernetics ssc GmbH (in the following "we" or "us"), are the controller and therefore responsible for the data processing activities in connection with the use of our service:

data cybernetics ssc GmbH, a company registered at the Local Court of Augsburg (Amtsgericht Augsburg) und HRB 36687,

with a registered address at Martin-Kolmsperger-Str 26, 86899 Landsberg am Lech, Germany.

If you have any question regarding the processing of personal data in context of using our service or if you want to exercise your rights pursuant to section 6 of this privacy policy, please contact us via e-mail under privacy@data-cybernetics.com.

2.           Personal Data we Process & Legal Basis for Processing

2.1          Website

When you visit our website, we collect technical usage data such as IP-addresses, time and date of the visit, time spent on the website, and which content you watched, and by which way you got to us. Purpose of processing is to analyse the visits on our website so we can improve and optimize the functionality and stability of it.

Legal basis for processing is our legitimate interest to continuous improve and work on our website functionality, Art. 6 (1) (f) GDPR (General Data Protection Regulation, „GDPR“).

2.2          Registration & Contract details

If you wish to use our service, you register on our website and create an account. Therefore, we process your entered data, i.e., e-mail-address and password so you can gain access to our service. With registration, a contract between you and cybernetics is concluded.

If you subscribe or use our service for a fee, we process your personal data (name, address, e-mail-address, payment details and the service you selected) which is necessary to perform our contract with you. Purpose of processing is that we can provide you the requested service.

Legal basis is the performance of our contract with you Art. 6 (1) (b) GDPR.

2.3          Service itself

When you use our service, i.e., request a calculation, you potentially enter personal data (e.g., your customer’s data, employee, and supplier data, etc.). We process this personal data so we can carry out the calculation. Purpose of processing is to comply with our contractual obligations and provide you the respective result of the calculation.

Legal basis is the performance of our contract with you, Art. 6 (1) (b) GDPR.

2.4          Support request

If you have any problems or requests regarding the use of our service, you can contact us via our support e-mail support@data-cybernetics.com. We process your entered data as well as your name and your personal data available on your user account so we can help you and process your request.

Legal basis is the performance of our contract with you, Art. 6 (1) (b) GDPR.

2.5          Meta-Data

We process your metadata, i.e., usage data such as date and time of login and log-out and requests to the service. We do our best to anonymize or pseudonymise your personal data. Purpose of processing is to analyse the usage of our service by our customers so we can work and improve our service and detect any sources of error.

Legal basis is our legitimate interest to optimize our work for our customers, Art. 6 (1) (f) GDPR.

3.           Data Retention

In general, we will only process your personal data to the extent necessary to fulfil its purpose. When we no longer need the data to fulfil our contractual or legal obligations, the data will be removed from our systems and records and/or measures will be taken to anonymise your personal data so that it is no longer identifiable.

If you have created an account, you can delete your account at any time, and we will delete your personal data in connection with your account in a timely manner.

If you have subscribed to our service, you can terminate our contract according to our general terms and conditions (available here www.data-cybernetics.com/general-terms-and-conditions). At the end of the term of the contract, we will delete your personal data in a timely manner unless it is necessary to proceed outstanding transactions or other necessary reasons. We may store your personal data longer if we are legally required to do so, in particular if we are required to comply with retention periods under tax law or commercial law. If we are subject to such statutory retention periods, we will lock your data and only process it to comply with our legal obligation. We may also store your personal data longer if necessary for the enforcement of or the defence against legal claims.

4.           Recipients of Personal Data

4.1          We only share your personal data to other third parties:

·                insofar as this is necessary or useful for the provision, performance, processing and use of the service,

·                insofar as we have been given the consent by you to do so,

·                to the extent that we commission service providers to operate the website or to provide or process the services, who process personal data on our behalf and in accordance with our instructions, or

·                insofar as this is required by mandatory legal provisions.

4.2          We use the below listed external technical or other service providers to provide IT and other administrative support for the provision of our website and our service. These service providers may have access to your personal data to the extent necessary to provide such services. Any access to your personal data is limited to those who need the information to complete our or your requests.

4.3          Purpose of processing and transferring your personal data to these service providers is the performance of our contract with you or the implementation of pre-contractual measures.

Legal basis for these data transfers is Art. 6 (1) (b) GDPR.

To the extent necessary, the service providers engaged by us process your personal data as data processors in accordance with our instructions for the purposes stated in this privacy policy. They are contractually obliged to comply with the applicable statutory data protection provisions and our instructions (pursuant to Art. 28 GDPR). The same applies to any subprocessors to the extent that our processors use such with our prior consent.

4.4          We use the following service providers:

4.4.1           Amazon Web Services

We use Amazon Web Services EMEA SARL (“AWS”), 38 avenue John F. Kennedy, L-1855 Luxembourg, for hosting services. AWS may have access to your personal data to the extent necessary to provide its services. We have chosen that the data is processed and stored on a server in the European Union; however, we have no impact whether your personal data is transferred to other countries outside the EU. AWS relies inter alias on the EU Standard Contractual Clauses to ensure an adequate level of data protection. 

For more information, please refer to the privacy note of AWS.

4.4.2           Stripe

We use Stripe Payments Europe, Limited (“Stripe”), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, for the payment process when you use our service for a fee. Stripe may have access to your payment data (order details, name, account details) to the extent necessary to provide its services. Stripe relies inter alias on the EU Standard Contractual Clauses to ensure an adequate level of data protection.  

For more information, please refer to the privacy policy of Stripe here.

4.4.3           NextCloud by RackSpeed GmbH

We use a NextCloud Server, provided by rackSPEED GmbH, Reisholzer Werftstraße 31b, 40589 Düsseldorf for storage of company documents. rackSPEED provides a hosting service based in Germany. RackSPEED may have access to your personal data to the extent necessary to provide the service.

For more information, please refer to rackSPEED’s privacy policy here.

4.4.4           Google Workspace

We use Google Workspace, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for internal administrative processes. Google may have access to your personal data to the extent necessary to provide its services. We have chosen that the data is processed and stored on a server in the European Union; however, we have no impact whether your personal data is transferred to other countries outside the EU.

For more information, please refer to Google Workspace privacy policy here.

5.           Transfer of Personal Data

We do not intend to transfer your personal data outside the European Union. However, as mentioned above, we have no control whether the engaged service providers may transfer your personal data in other countries outside the European Union.

For some countries, such as Switzerland and Israel, the EU Commission has issued an adequacy decision that provides the same data protection level as the EU. Based on the adequacy decision, there is no need for an extra agreement or approval for the data transfer.

In other countries, especially the US, a comparable data protection level does not exist.

If we or the engaged service provider may transfer your personal data outside the European Union, we will ensure before transferring it either that an adequate level of data protection exists at the recipient (by agreeing so-called EU standard contractual clauses with the recipient or binding internal data protection regulations within the meaning of Art. 47 GDPR) or that you have given your explicit consent.

6.           Your Rights as Data Subject

6.1          Right of access

You can request information pursuant to Art 15 GDPR about your personal data processed by us. In this case, we ask you to specify your request in order to make it easier for us to compile the necessary data.

6.2          Right to rectification

If your personal data is not or no longer accurate, you can request a rectification in accordance with Art 16 GDPR. If your data is incomplete, you can request to complete it.

6.3          Right to erasure

You can request the deletion of your personal data under the conditions of Art 17 GDPR. Your right to erasure depends on whether your personal data is still needed to fulfil our legal duties.

6.4          Right to restriction of processing

Within the framework of the requirements of Art 18 GDPR, you can request a restriction of the processing of your personal data.

6.5          Right to data portability

You can request to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format under the requirements of Art 20 GDPR.

6.6          Right to object

In accordance with Art 21 GDPR, i.e., where the processing is based on our legitimate interest, you can object to the processing of your personal data at any time on grounds relating to your particular situation. However, we cannot always comply with this, e.g., if legal provisions oblige us to process in order to fulfil our legal duties.

6.7          Right to complain

If you think that we have not complied with data protection regulations when processing your data, you can lodge a complaint with us or with a data protection authority.

Version: September 2023