Version dated November 3rd, 2020
mySugr considers data protection and privacy to be of paramount importance. We carry out all processing operations in strict compliance with the EU General Data Protection Regulation (“GDPR”) (specifically but not limited to Article 6(1)(b) to (f) and Article 28) as well as the Laws of Austria, where mySugr is incorporated, and other applicable global privacy and data protection laws such as the California Consumer Privacy Act (“CCPA”) (together “Applicable Law”).
mySugr GmbH with its head office in Vienna at the business address 1010 Vienna, Trattnerhof 1, registered in the Company Register of Vienna Commercial Court under FN 376086 v, ("mySugr") is the stated responsible entity under the data protection regulations. This means mySugr decides on the purpose and means of processing the Personal Data of its users and is responsible for its security and compliance with the Applicable Laws.
mySugr uses your Personal Data collected from your visits of the Webpages exclusively for the purposes described in this document. We ensure that each processing is restricted to the extent necessary for the relevant purpose.
Each processing always guarantees adequate security and confidentiality of your Personal Data. This covers protection from unauthorized and illegal processing, unintentional loss, unintentional destruction or damage using appropriate technical and organizational measures. We use strict internal processes, security features, and the latest encryption methods, always taking into account state-of-the-art technology.
3.1 Webpage delivery
We process data such as your device IP address and the specific URL that you visited on our Webpages. Temporary storage of the above-mentioned data by our system is necessary to enable delivery of the Webpage to your device. The storage in log files is done to ensure the integrity and security of the Webpage. In addition, the data is used to optimise the Webpage and to ensure the security of our systems, in particular to guarantee the integrity, confidentiality and availability of the data processed via our Webpage. We also process usage data in an aggregated or de-identified form for statistical purposes and to improve our Webpage.
3.2 Webpage usage statistics
When you visit our Webpages we store the name of your internet service provider, the third party webpage from which you visited us from, the parts of our Webpage you visit, the date and duration of your visit, and information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit.
3.4 Data retention
Data collected through our Webpage will be deleted once it is no longer necessary to fulfill the purpose associated. For data necessary for providing the Webpage to you, the data will be deleted once the Webpage is closed. Data stored in log files will be deleted after 7 days, apart from data necessary to investigate potential intrusion and unauthorised access.
Personal Data, collected when using our Webpage, will only be transmitted by mySugr to third parties (in particular expert persons and security authorities) in the event of a (suspected) data security incident or a criminal offence (e.g. an hacking attack) for the purposes of clarification, prosecution and the assertion of legal claims.
Note: Categories that are not currently used by our Webpage are not displayed as an option
4.1 Strictly necessary
These cookies are necessary for the Webpage to function and cannot be switched off in our systems. They are only set in response to actions made by you that amount to a request for services, such as setting your privacy & cookie preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but blocking these cookies will prevent the Webpages from working.
Functional processing & cookies enable our Webpages to provide enhanced functionality and personalisation. With your consent, they may be set by us or by third party service providers whose services we have added to our pages. If you reject these cookies then some or all of these services may not function properly.
Performance cookies & processing allow us to count visits and traffic sources so we can measure and improve the performance of our Webpage. These cookies help us understand how our Webpages are being used, such as which Webpages are the most and least popular and how people navigate around the Webpages. The information collected in these cookies are aggregated, meaning that they do not relate to you personally. If you do not allow this category, we will be prevented from knowing when you have visited our Webpages and will prevent us from monitoring Webpage performance. In some cases, these cookies may be sent to our third party service providers to help us manage these analytics.
With your consent, targeting cookies may be evaluated or set on our Webpage by our advertising partners. mySugr uses these to evaluate the success of digital marketing campaigns about our products and services on other websites. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other webpages. These cookies do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising on other websites.
4.5 Social media
With your consent, social media cookies are set by a range of social media services that we have added to the Webpage(such as Facebook, Twitter, LinkedIn) to enable you to share our content with your friends, colleagues, and networks. These cookies are capable of tracking your browser across other third party sites and building up a profile of your interests. This may impact the content and messages you see on the other third party sites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.
On our Webpages you have the opportunity to contact us to ask us questions. For example, via the contact form, we ask you for your contact information (e.g. name, email address etc.). We use this data solely in connection with answering the queries we receive.
When we collect your email address for this purpose we will ask for your consent to use it for this purpose. Emails we send to you, replying to your requests posted via the Webpages, will have a link way to easily revoke this consent for contacting you via email.
Certain web browsers and other programs may be used to signal your preferences to mySugr about how or whether mySugr or third parties may collect information about your online activities. Currently, mySugr honors these signals for all categories listed above except the Strictly Necessary Cookies above.
7.1 Revocation of consents
If we process your Personal Data based on your consent, you may revoke the consent at any time. However, this will not affect the lawfulness of the processing before the revocation. We will continue to provide our services if they do not depend on the consent that has been revoked. Please note that third party cookies that were set with your consent need to be removed manually. To do so follow the instructions provided by your browser vendor.
7.2 Information, correction, and restriction
Each user has the right to request information on the processing of their Personal Data. To do so, please contact us at any time at firstname.lastname@example.org.
Your right to information covers information on the processing purposes, data and third party recipient categories, storage time, origin of your data, and your rights under the data protection regulations (Applicable Law).
Should some of your Personal Data be incorrect, you can request that your data is corrected or completed at any time. You have the right to restrict data processing for the duration of any investigation review that you have requested.
7.3 Deletion (“right to be forgotten”)
Each user has the right to request the deletion of their Personal Data. To do so, please contact us at any time at email@example.com. Cookies are stored on your device, if you wish to delete them please follow the instructions provided by your browser vendor. However, in certain situations we are not required to delete your Personal Data, such as when the information is necessary in order to complete the service for which the personal information was collected, to provide a good or service requested by you, to comply with a legal obligation, to engage in research, to secure our Webpage or other online services, or to otherwise use your Personal Data internally in a lawful manner that is compatible with the context in which you provided the information.
If you feel we are not protecting your data protection rights adequately, and want to submit a data subject access request to us, please contact us at any time at firstname.lastname@example.org or contact our data protection officer directly at email@example.com. We will handle your request promptly.
Any user has the right to submit a complaint with the Austrian Data Protection Authority responsible for mySugr at Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Wien (https://www.dsb.gv.at/kontakt) if they believe that the processing of their Personal Data is not in compliance with data protection regulations. In addition, the user has a right to complain to a supervisory authority in the EU member state in which they are resident, in which their workplace is located, or which is the location of a suspected infringement.
8.1 Vendors and processors used on the Webpages
We use various cloud vendors & third parties (“Data Processors”) to provide the mySugr Webpages with the aim to support our business, collaborate with third parties with respect to promotion or other business activities related to mySugr service offerings.
mySugr only uses Data Processors that have signed appropriate data privacy contracts and provide sufficient guarantees under Applicable Law.
Hosting and cloud services and their tools are used to store data and to produce anonymized analyses.
Marketing service providers support us in creating, sorting, customizing, and sending newsletters, emails, and other messages about our products to our users.
Customer support services and their tools help our customer support to quickly and efficiently handle our users’ inquiries. Here, for example, queries are recorded from various communication channels and grouped according to topics using ticket systems.
Analysis service providers and their tools help us to understand how users use our products in order for us to provide customized communication and product improvements in the future.
8.2 Revisions to this Document and changes to our Webpages
8.3 Enforcement of rights
The use of Personal Data may also be necessary to prevent abuse by users or to assert, exercise, or defend legal claims. We may be forced into disclosure due to binding laws, court or official decisions and instructions, criminal investigation, or in the public interest. In such cases, the storage and processing of your data are permitted by law without your consent.
mySugr is the controller for data processing related to the usage of the mySugr webpages. How mySugr handles data is described in the previous sections, this section provides a GDPR specific cross reference of the prior sections specifically for GDPR.
9.1 Web page delivery
The legal basis for the processing of data for this purpose is Article 6(1)(f) GDPR. Our legitimate interests pursuant to Article 6(1)(f) GDPR lie in the necessity of this data processing for the functioning and maintaining the functioning of the Webpage.
9.2 Strictly Necessary
The legal basis for the use of these cookies is Article 6(1)(f) GDPR. Our legitimate interests pursuant to Article 6(1)(f) GDPR lie in the necessity of these cookies for the functioning of the Webpage.
9.3 All other Categories (Functional, Performance …)
The legal basis for the use of these cookies is your consent pursuant to Article 6(1)(a) GDPR.
9.4 Enforcement of rights
The legal basis for this is our legitimate interest pursuant to Article 6(1)(f) GDPR.
9.5 Contact us via email
The legal basis for this is your consent pursuant to Article 6(1)(a) GDPR.
The California Consumer Privacy Act of 2018 (CCPA), California Civil Code Section 1798.83, gives California residents the right to know what personal information mySugr collects about them, including whether it is being sold or disclosed to third-parties for their direct marketing purposes, and the right to prevent mySugr from selling that information.
How mySugr handles data, including how to contact mySugr to exercise any rights under CCPA is described in the previous sections as well as the mySugr Webpage California Supplemental Privacy Notice.