mySugr Horizontal

mySugr GmbH

Webpage Privacy and Cookie Notice

Version dated November 3rd, 2020

This Webpage Privacy Policy and Cookie Notice applies to personal data processed by mySugr on our domain (a “Webpage” or collectively, the “Webpages”).

mySugr enables the visitors of its Webpages to be in control of their personal data. We also provide controls that allow mySugrs’s visitors to have control over the privacy of personal data that is processed while visiting the Webpages. This Webpage Privacy and Cookie Notice provides information about how mySugr processes and protects this data. The Privacy Policy that governs our data processing for our products can be found on the bottom of our webpage

mySugr considers data protection and privacy to be of paramount importance. We carry out all processing operations in strict compliance with the EU General Data Protection Regulation (“GDPR”) (specifically but not limited to Article 6(1)(b) to (f) and Article 28) as well as the Laws of Austria, where mySugr is incorporated, and other applicable global privacy and data protection laws such as the California Consumer Privacy Act (“CCPA”) (together “Applicable Law”).

For the purpose of this Webpage Privacy Policy and Cookie Notice personal data means any information relating to an identified or identifiable natural person (or household as applicable); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (the “Personal Data”). We use cookies and other tracking technologies (“cookies”) in order to create statistics that help us to improve the quality of our Webpage.

1. Responsibility for Processing Personal Data

mySugr GmbH with its head office in Vienna at the business address 1010 Vienna, Trattnerhof 1, registered in the Company Register of Vienna Commercial Court under FN 376086 v, ("mySugr") is the stated responsible entity under the data protection regulations. This means mySugr decides on the purpose and means of processing the Personal Data of its users and is responsible for its security and compliance with the Applicable Laws.

2. Purpose limitation and security

mySugr uses your Personal Data collected from your visits of the Webpages exclusively for the purposes described in this document. We ensure that each processing is restricted to the extent necessary for the relevant purpose.

Each processing always guarantees adequate security and confidentiality of your Personal Data. This covers protection from unauthorized and illegal processing, unintentional loss, unintentional destruction or damage using appropriate technical and organizational measures. We use strict internal processes, security features, and the latest encryption methods, always taking into account state-of-the-art technology.

3. Purposes of Personal Data processed

3.1 Webpage delivery
We process data such as your device IP address and the specific URL that you visited on our Webpages. Temporary storage of the above-mentioned data by our system is necessary to enable delivery of the Webpage to your device. The storage in log files is done to ensure the integrity and security of the Webpage. In addition, the data is used to optimise the Webpage and to ensure the security of our systems, in particular to guarantee the integrity, confidentiality and availability of the data processed via our Webpage. We also process usage data in an aggregated or de-identified form for statistical purposes and to improve our Webpage.

3.2 Webpage usage statistics
When you visit our Webpages we store the name of your internet service provider, the third party webpage from which you visited us from, the parts of our Webpage you visit, the date and duration of your visit, and information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit.

3.3 Types of data processed through the use of cookies
Our Webpage uses cookies. Cookies are small text files that are stored on your device when you access a Webpage. A cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the Webpage is accessed again. Cookies may obtain information for example identifying your computer or browser, your IP address, and/or an Ad ID, as well as information relating to your browsing history.

3.4 Data retention
Data collected through our Webpage will be deleted once it is no longer necessary to fulfill the purpose associated. For data necessary for providing the Webpage to you, the data will be deleted once the Webpage is closed. Data stored in log files will be deleted after 7 days, apart from data necessary to investigate potential intrusion and unauthorised access.

Personal Data, collected when using our Webpage, will only be transmitted by mySugr to third parties (in particular expert persons and security authorities) in the event of a (suspected) data security incident or a criminal offence (e.g. an hacking attack) for the purposes of clarification, prosecution and the assertion of legal claims.

4. Privacy Preference Center Categories

Note: Categories that are not currently used by our Webpage are not displayed as an option

4.1 Strictly necessary
These cookies are necessary for the Webpage to function and cannot be switched off in our systems. They are only set in response to actions made by you that amount to a request for services, such as setting your privacy & cookie preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but blocking these cookies will prevent the Webpages from working.

4.2 Functional
Functional processing & cookies enable our Webpages to provide enhanced functionality and personalisation. With your consent, they may be set by us or by third party service providers whose services we have added to our pages. If you reject these cookies then some or all of these services may not function properly.

4.3 Performance
Performance cookies & processing allow us to count visits and traffic sources so we can measure and improve the performance of our Webpage. These cookies help us understand how our Webpages are being used, such as which Webpages are the most and least popular and how people navigate around the Webpages. The information collected in these cookies are aggregated, meaning that they do not relate to you personally. If you do not allow this category, we will be prevented from knowing when you have visited our Webpages and will prevent us from monitoring Webpage performance. In some cases, these cookies may be sent to our third party service providers to help us manage these analytics.

4.4 Targeting
With your consent, targeting cookies may be evaluated or set on our Webpage by our advertising partners. mySugr uses these to evaluate the success of digital marketing campaigns about our products and services on other websites. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other webpages. These cookies do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising on other websites.

4.5 Social media
With your consent, social media cookies are set by a range of social media services that we have added to the Webpage(such as Facebook, Twitter, LinkedIn) to enable you to share our content with your friends, colleagues, and networks. These cookies are capable of tracking your browser across other third party sites and building up a profile of your interests. This may impact the content and messages you see on the other third party sites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.

5. Contact us via email

On our Webpages you have the opportunity to contact us to ask us questions. For example, via the contact form, we ask you for your contact information (e.g. name, email address etc.). We use this data solely in connection with answering the queries we receive.

When we collect your email address for this purpose we will ask for your consent to use it for this purpose. Emails we send to you, replying to your requests posted via the Webpages, will have a link way to easily revoke this consent for contacting you via email.

6. Web browser “Do Not Track” signals

Certain web browsers and other programs may be used to signal your preferences to mySugr about how or whether mySugr or third parties may collect information about your online activities. Currently, mySugr honors these signals for all categories listed above except the Strictly Necessary Cookies above.

7. Your rights

7.1 Revocation of consents
If we process your Personal Data based on your consent, you may revoke the consent at any time. However, this will not affect the lawfulness of the processing before the revocation. We will continue to provide our services if they do not depend on the consent that has been revoked. Please note that third party cookies that were set with your consent need to be removed manually. To do so follow the instructions provided by your browser vendor.

7.2 Information, correction, and restriction
Each user has the right to request information on the processing of their Personal Data. To do so, please contact us at any time at

Your right to information covers information on the processing purposes, data and third party recipient categories, storage time, origin of your data, and your rights under the data protection regulations (Applicable Law).

Should some of your Personal Data be incorrect, you can request that your data is corrected or completed at any time. You have the right to restrict data processing for the duration of any investigation review that you have requested.

7.3 Deletion (“right to be forgotten”)
Each user has the right to request the deletion of their Personal Data. To do so, please contact us at any time at Cookies are stored on your device, if you wish to delete them please follow the instructions provided by your browser vendor. However, in certain situations we are not required to delete your Personal Data, such as when the information is necessary in order to complete the service for which the personal information was collected, to provide a good or service requested by you, to comply with a legal obligation, to engage in research, to secure our Webpage or other online services, or to otherwise use your Personal Data internally in a lawful manner that is compatible with the context in which you provided the information.

7.4 Complaints
If you feel we are not protecting your data protection rights adequately, and want to submit a data subject access request to us, please contact us at any time at or contact our data protection officer directly at We will handle your request promptly.

Any user has the right to submit a complaint with the Austrian Data Protection Authority responsible for mySugr at Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Wien ( if they believe that the processing of their Personal Data is not in compliance with data protection regulations. In addition, the user has a right to complain to a supervisory authority in the EU member state in which they are resident, in which their workplace is located, or which is the location of a suspected infringement.

8. General information

8.1 Vendors and processors used on the Webpages
We use various cloud vendors & third parties (“Data Processors”) to provide the mySugr Webpages with the aim to support our business, collaborate with third parties with respect to promotion or other business activities related to mySugr service offerings.

mySugr only uses Data Processors that have signed appropriate data privacy contracts and provide sufficient guarantees under Applicable Law.

Each of the options mentioned in Section 4 is linked to a matching category of Data Processors that we have chosen to provide the related mySugr Webpage function to you. As a result, we may disclose Personal Data to contractors, service providers and other third parties but such disclosure will be limited to enabling those third parties to provide their services in the context of the mySugr Webpages. To the extent a third party’s Privacy Policy separately governs their use of your data obtained via mySugr, you will be notified and given an opportunity to review such terms. We may also disclose Personal Data to our subsidiaries and affiliates.

  • 8.1.1 Categories of Vendors and Processors

Hosting and cloud services and their tools are used to store data and to produce anonymized analyses.

Marketing service providers support us in creating, sorting, customizing, and sending newsletters, emails, and other messages about our products to our users.

Customer support services and their tools help our customer support to quickly and efficiently handle our users’ inquiries. Here, for example, queries are recorded from various communication channels and grouped according to topics using ticket systems.

Analysis service providers and their tools help us to understand how users use our products in order for us to provide customized communication and product improvements in the future.

  • 8.1.2 Specific Vendors and Processors

Specific Marketing service provider With your agreement to the category Targeting category, Google Analytics, a web analysis service of Google Ireland Limited ("Google") is used on this website. The use includes the "Universal Analytics" operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices. On this website Google Analytics has been configured to include IP anonymisation in order to ensure anonymous collection of IP addresses (IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. For more information on terms of use and data protection, please visit or


8.2 Revisions to this Document and changes to our Webpages
The most current version of this Webpage Privacy Policy and Cookie Notice will govern our practices for collecting, processing, and disclosing Personal Data in conjunction with the Webpages.

If we make such changes, we will invalidate your previous privacy choices for our Webpage, update the Webpage Privacy Policy and Cookie Notice accordingly, and ask for your choices again.


8.3 Enforcement of rights
The use of Personal Data may also be necessary to prevent abuse by users or to assert, exercise, or defend legal claims. We may be forced into disclosure due to binding laws, court or official decisions and instructions, criminal investigation, or in the public interest. In such cases, the storage and processing of your data are permitted by law without your consent.

9. Detailed Information relating to GDPR

mySugr is the controller for data processing related to the usage of the mySugr webpages. How mySugr handles data is described in the previous sections, this section provides a GDPR specific cross reference of the prior sections specifically for GDPR.

9.1 Web page delivery
The legal basis for the processing of data for this purpose is Article 6(1)(f) GDPR. Our legitimate interests pursuant to Article 6(1)(f) GDPR lie in the necessity of this data processing for the functioning and maintaining the functioning of the Webpage.

9.2 Strictly Necessary
The legal basis for the use of these cookies is Article 6(1)(f) GDPR. Our legitimate interests pursuant to Article 6(1)(f) GDPR lie in the necessity of these cookies for the functioning of the Webpage.

9.3 All other Categories (Functional, Performance …)
The legal basis for the use of these cookies is your consent pursuant to Article 6(1)(a) GDPR.

9.4 Enforcement of rights
The legal basis for this is our legitimate interest pursuant to Article 6(1)(f) GDPR.

9.5 Contact us via email
The legal basis for this is your consent pursuant to Article 6(1)(a) GDPR.

10. Detailed Information relating to US Privacy Notice

The US Privacy Notice describes the types of Personal Data that mySugr may collect or process from the United States (“US”) residents, how mySugr may use and disclose that Personal Data, and how US residents may exercise any rights they may have regarding our processing of their Personal Data.

11. Detailed Information relating to the Washington Consumer Health Data Privacy Policy

The Washington Consumer Health Data Privacy Policy supplements mySugr’s US Privacy Notice and applies to the collection of “consumer health data” subject to the Washington State My Health My Data Act (the “MHMDA”). In this policy, we use the term “consumer” as it is defined in the MHMDA. Consistent with the MHMDA, we use the term “consumer health data” in this policy to mean personal information that is linked to, or reasonably linkable to, a consumer and that identifies the consumer’s past, present, or future physical or mental health status. This policy does not apply to any other Personal Data that mySugr collects.