Data protection declaration as per the General Data Protection Regulation (DSGVO)

Data protection and the transparency of the processes with which we process personal data is very important to us. Therefore the following information, in accordance with Art. 12 of the EU General Data Protection Regulation (DSGVO), details the manner in which we handle personal data on this website.

I. Name and address of the data controller

The data controller as per the DSGVO is:

SIRUP GmbH
Brunnenstrasse 181
10119 Berlin
Germany

Tel.: +49 30 325 326 0
Email: info@sirup.com
Website: www.sirup.com

II. Name and address of the data protection officer

Our data protection officer is:

Christoph Riedlberger
Tel.: +49 30 325 326 120
Email: c.riedlberger@sirup.com

III. General information concerning data processing

1. Scope of the processing of personal data

We process personal data only insofar as this is necessary for providing a functioning website. We normally only carry out this type of processing if the persons concerned have given us their consent or if such processing is permitted by legal regulations.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject to the processing of their personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (DSGVO) serves as the legal basis.

When the processing of personal data is required for the fulfilment of a contract or pre-contractual measures, Art. 6 para. 1 lit. b DSGVO serves as the legal basis.

Should the processing of personal data be necessary for the fulfillment of our legal obligations, Art. 6 para. 1 lit. c DSGVO will serve as the legal basis.

Where we, or a third party, have a legitimate interest in the processing of personal data and the interests, fundamental rights and freedoms of the affected data subject do not prevail, Art. 6 para. 1 lit. f DSGVO shall serve as the legal basis for the processing.

3. Data deletion and storage period

Personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. The data may be stored for a longer period of time should this be stipulated by law. The data will also be blocked or deleted when the legal storage period expires, unless the storage of the data is still necessary for the conclusion or fulfilment of a contract.

4. Disclosure of data to contracted processors

Personal data is passed on to contracted processors solely on the basis of the user's consent or a legal permit (Art. 6 para. 1 lit. a to f of the DSGVO).

We have completed a contract processing agreement with each of our contracted processors on the basis of Art. 28 DSGVO. Any transfer and processing of personal data by a contracted processor shall be in accordance with this agreement.

5. Transfers to third party countries

The processing of personal data in a third party country outside the European Union only takes place on the basis of the user's consent or a legal permit (Art. 6 para. 1 lit. a to f of the DSGVO). This also applies to the transfer of data to contracted processors in this type of third party country. Any such transfer of personal data to a third party country always takes place in accordance with Art. 44 DSGVO. This means that a data protection level corresponding to that of the EU has been established for the respective third party country or the contracted processor in the third party country. This is ensured either through an adequacy decision by the European Commission (Art. 45 DSGVO), through appropriate guarantees (Art. 46 DSGVO), or through compliance with officially recognized binding data protection guidelines (Art. 47 DSGVO).

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Every visit to our website involves the automatic collection of data from the calling computer system. These include:

  1. Browser type and version
  2. User’s operating system
  3. User’s IP address
  4. Date and time of access

The data are stored in the log files of our system. This data is not stored together with any of the user’s other personal data.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f of the DSGVO.

3. Purpose of data processing

The collection of the IP address and other information is necessary to enable delivery of the website to the user’s computer. To that end, the IP address of the user must remain stored for the duration of the session.

We ensure the functionality of the website through storage in log files. These data serve to optimize and enhance the security of the website and our IT systems. The data are not evaluated for marketing purposes.

For these purposes, our legitimate interest also lies in data processing pursuant to Art. 6 para. 1 lit. f of the DSGVO.

4. Duration of storage

The data required to provide the website will be deleted as soon as the corresponding session ends.

Data stored in log files will be deleted after seven days, at the very latest.

5. Option of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is, therefore, no option of objection on the part of the user.

V. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored on the user’s computer by the internet browser when a website is accessed. Cookies often contain strings of characters that allow the browser to be uniquely identified when the website is accessed again.

Our cookies store information on the search terms the user has entered via our website search function.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f of the DSGVO.

3. Purpose of data processing

The purpose of our cookies is to simplify the usage of websites for users. For this purpose, the user’s search terms are cached in encrypted form in cookies.

The user data collected by technically essential cookies are not used to create user profiles.

It is for this purpose that our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f DSGVO.

4. Duration of storage, option of objection and removal

Cookies are stored on the user’s computer and transmitted to our site. This means that you, as a user, also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your browser. Cookies saved to your computer can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

Our cookies are automatically deleted at the end of the visitor’s session, i.e. when the browser is closed.

VI. Email contact

1. Description and scope of data processing

You can contact us via the email address provided. In this event, such of the user’s personal data as is transmitted via email will be stored.

In this context, the data will not be passed on to any third parties. These data are used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f of the DSGVO. If the email contact concerns the conclusion of a contract, then additional legal grounds for the processing are located in Art. 6 exp. 1 lit. b of the DSGVO.

3. Purpose of data processing

The processing of personal data from the email assists us in the processing of a contact. This is also our legitimate interest in the processing of the data pursuant to Art. 6 para. 1 lit. f of the DSGVO.

4. Duration of storage

Personal data will be deleted as soon as the purpose for which it was collected is no longer applicable. This is usually the case when the conversation with the user has ended, i.e. when the matter in question has been finally resolved.

5. Option of objection and removal

Should the user contact us via email, they have the option of objecting to the storage of their personal data at any time. In this event, the conversation cannot be continued.

The objection to storage can be sent via email to datenschutz@sirup.com. In such a situation, all personal data stored in the course of contacting us will be deleted.

VII. Google Maps

1. Description and scope of data processing

We use Google Maps API from Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to integrate a map of Berlin into our website. This is loaded from the user's browser directly from Google Maps. The following data will be transmitted to Google:

  1. Information on the browser type and version used
  2. The user’s operating system
  3. The user’s IP address
  4. Date and time of access

Google does not associate this personal data with any other data.

2. Legal basis for data processing

The legal basis for the transmission of data to Google Maps is provided by Art. 6 para. 1 lit. f of the DSGVO.

3. Purpose of data processing

The user’s browser data and IP address are required in order for the map to be loaded onto the user’s browser. Map material is made freely available by Google. Our interest in using this map material is to enable the provision of directions to our location.

4. Duration of storage

The data will not be stored with us. Please see Google’s data protection declaration for information concerning Google’s storage of data: https://policies.google.com/privacy

You can find Google's terms of use for Germany at the following URL: http://www.google.de/intl/de/policies/terms/regional.html

Additional terms of use for Google Maps can be found at the following URL: https://www.google.com/intl/de_US/help/terms_maps.html

5. Option of objection and removal

Should the user not agree to the processing of the above-mentioned personal data by Google in connection with the Google Maps service, Google Maps can be deactivated in the browser by switching off JavaScript functions in their browser. Instructions to do so can be found at the following URL:

https://www.wikihow.com/Disable-JavaScript

If JavaScript is disabled, it may no longer be possible to use all the functions of our website to their full extent.

VIII. Google Fonts

1. Description and scope of data processing

On our website, we use fonts from Google Fonts (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). In order to display the fonts in your browser, Google may collect the following data:

  1. Browser type and version
  2. User’s operating system
  3. User’s IP address
  4. Date and time of access

Google does not associate this personal data with any other data.

2. Legal basis for data processing

The legal basis for the transmission of data to Google Maps is provided by Art. 6 para. 1 lit. f of the DSGVO.

3. Purpose of data processing

The user’s browser data and IP address are required in order for the fonts to be loaded onto the user’s browser. These fonts are made freely available by Google. Our interest in using these fonts lies solely in the display of our website.

4. Duration of storage

The data will not be stored with us. Please see Google’s data protection declaration for information concerning Google’s storage of data: https://policies.google.com/privacy

You can find Google's terms of use for Germany at the following URL: http://www.google.de/intl/de/policies/terms/regional.html

5. Option of objection and removal

Should the user not agree to the processing of the above-mentioned personal data by Google in connection with the Google Fonts service, they can block the domains fonts.gstatic.com and fonts.googleapis.com via add-ons or a filter rule in the browser. Find out more about this in the help section of your browser. If the web fonts are no longer able to be loaded due to this measure, it may no longer be possible to use all the functions of our website to their full extent.

IX. Social media

1. Description and scope of data processing

SIRUP has its own profile pages on social networks such as Facebook, Xing and LinkedIn. When visiting these pages, the terms, conditions and data processing policies of the relevant platform providers must be observed.

Content may be shared via the following social networks on our website:

  1. Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
  2. Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland)
  3. LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
  4. Google Plus (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

This occurs via a direct link to the website of the corresponding third-party provider. The third-party website opens when the user clicks on this link. Once this has occurred, no further personal data is processed from our side.

X. Rights of the data subject

If your personal data has been processed, you become a data subject within the meaning of the DSGVO and you thereby have the following rights:

1. Right of access to information

You can request that the data controller confirm whether your personal data has been processed by us.

If such processing has taken place, you can request the following information from the data controller:

  1. the purposes for which the personal data are being processed;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom your personal data have been, or are being, disclosed;
  4. the planned duration of the storage of your personal data or, if specific information on this is not available, the criteria for determining the storage period;
  5. the existence of the right to have your personal data corrected or deleted, the right to have processing restricted by the data controller, or the right to object to such processing;
  6. the existence of the right of appeal to a supervisory authority;
  7. any available information on the origin of the data, if the personal data has not been collected from the data subject themselves;
  8. the existence of automated decision-making, including profiling, in accordance with Art. 22 para. 1 and 4 of the DSGVO and - at least in these cases - meaningful information on the logic involved, as well as the scope and intended effects of such processing for the affected data subject.

You have the right to request information as to whether your personal data is being transmitted to a third party country or an international organization. Within this context, you may request to be informed about the appropriate guarantees pursuant to Art. 46 of the DSGVO in connection with this transmission.

2. Right to rectification

You have the right to rectification and/or supplement vis-à-vis the data controller if your processed personal data is inaccurate or incomplete. The data controller shall make the correction immediately.

3. Right of restriction of processing

You may request that the processing of your personal data be restricted under the following circumstances:

  1. if you dispute the accuracy of your personal data for a period of time which enables the data controller to review the accuracy of the personal data; 
  2. the processing is unlawful and you refuse the deletion of the personal data, instead requesting that the use of the personal data be restricted; 
  3. the data controller no longer needs the personal data for the purposes of processing, but you do need them in order to assert, exercise or defend legal claims, or
  4. if you have filed an objection to the processing pursuant to Art. 21 para. 1 of the DSGVO and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.

Should the processing of your personal data have been restricted, such data may then be processed - apart from being stored - solely with your consent, or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or on grounds of an important public interest concerning the EU or a member state.

Should the processing restriction have been implemented according to the above-mentioned conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to deletion

a) Obligation to delete

You may request that the data controller delete your personal data without delay, and they will then be obliged to immediately delete this data should one of the following reasons apply:

  1. Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a of the DSGVO, and no further legal basis for the processing exists.
  3. You file an objection against the processing pursuant to Art. 21 para. 1 of the DSGVO and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 of the DSGVO.
  4. Your personal data have been processed unlawfully.
  5. The deletion of your personal data is necessary to fulfil a legal obligation under EU law or the law of member states to which the data controller is subject.
  6. Your personal data have been collected in relation to information society services offered pursuant to Art. 8 para. 1 of the DSGVO.

b) Information provided to third parties

Should the data controller have made your personal data public and then discovered an obligation to delete it pursuant to Art. 17 para. 1 of the DSGVO, then they shall take all appropriate measures, including technical measures (taking into account the available technology and implementation costs), to inform the data processors processing the personal data that you, as the affected data subject, have requested the deletion of all links to this personal data or any copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist insofar as processing is necessary

  1. for exercising freedom of expression and information;
  2. for the performance of a legal obligation required for processing under the law of the EU or a member state to which the data controller is subject, as well as for the performance of a task in the public interest, or in the exercise of official authority conferred upon the data controller;
  3. for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i, as well as Art. 9 para. 3 of the DSGVO;
  4. for archiving purposes lying within the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 para. 1 of the DSGVO, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
  5. for the assertion, exercise or defense of legal claims.

5. Right to information

Should you have exercised your right to have the data controller correct, delete or restrict their processing, they are then obliged to inform all recipients to whom your personal data has been disclosed of this correction or deletion of data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by the data controller of any such recipients.

6. Right to data portability

You have the right to receive the personal data that you have provided to the data controller in a structured, commonly used and machine-readable format. In addition, you have the right to pass this data on to another data controller without hindrance from the controller to whom the personal data was provided, provided that

  1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a of the DSGVO, or on a contract pursuant to Art. 6 para. 1 lit. b of the DSGVO, and
  2. the processing is carried out using automated procedures.

In exercising this right, you also have the right to request that your personal data be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected by this.

The right to data portability shall not apply to the processing of personal data necessary for the performance of tasks in the public interest or in the exercise of official authority conferred upon the data controller.

7. Right to objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data pursuant to Art. 6 para. 1 lit. e or f of the DSGVO; this also applies to profiling based on these provisions.

The data controller may no longer process your personal data, unless they can provide compelling reasons for the protection of the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If your personal data is being used for direct marketing purposes, then you have the right to object to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling, insofar as it is associated with this type of direct marketing.

Your personal data will no longer be processed for these purposes should you object to the processing for direct marketing purposes.

You have the option of exercising your right to objection in connection with the use of information society services - notwithstanding Directive 2002/58/EC - by means of automated procedures using technical specifications.

8. Right to withdraw consent as per the data protection declaration

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of any processing carried out on the basis of the consent prior to the time of revocation.

9. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the EU member state where you reside, work or suspect an infringement, if you believe that the processing of your personal data is occurring contrary to the DSGVO.

The supervisory authority to which the appeal has been lodged shall inform the complainant of the status and results of their appeal, including the possibility of a judicial remedy pursuant to Art. 78 of the DSGVO.