- Privacy Policy
- Anti bribery and corruption
- Code of Business Ethics
- Compliance Charter
- Cookie Usage Policy
- Supplier code of business ethics
- SUSE Open Source Policy
- SUSE Product Export List
- Terms of Use
- Corporate Information Security
- Speaking Up Policy
- Environmental Policy
- SUSE S.A – Group Tax Strategy
Privacy Policy
Preamble
This Privacy Statement describes how the SUSE Group ("SUSE", "SUSE Group”, "we", "us" and "our") collects and uses personal data when you visit our website and/or use our services. “Personal Data” refers to all data which relates to you personally or with which you can be identified personally, e.g. name, address, e-mail address or user behaviour. At SUSE, we believe that the Personal Data you provide to us must be kept confidential and used in a legally compliant manner.
Name and Address of the Controller
The Controller, according to Article 4(7) of the EU General Data Protection Regulation (GDPR) is:
SUSE Software Solutions Germany GmbH
Frankenstraße 146
Nürnberg, 90461
Phone: +49 (0) 911 74053 0
E-mail: privacy@suse.com
Name and Address of our Data Protection Officer
Our legally designated Data Protection Officer ("DPO") is:
Andrew Colyer
1. Personal Data Processed When You Use Our Website or Services Without Registration
When you are simply visiting our website for information, without registering or logging in, we may nonetheless collect data which may include Personal Data from you, through your browser, such as:
- IP address and corresponding network location
- Exact time (including timezone) of your request
- Metadata and contents of your request
- Details of your browser and operating system
We use the services provided by Functional Software, Inc’s https://www.sentry.io to enable our server maintenance and security team to analyse errors and potential threats in real time. The legal basis for this processing of your data is Article 6(1)(f) of the GDPR, which allows the processing of data for our legitimate interests, that is technically required to ensure a stable, secure and functioning website. This data is deleted after 90 days. Additionally, we also store the aforementioned data locally for a period not exceeding 30 days.
SUSE uses a ChatBot function on https://suse.com. Should you choose to use this feature, the ChatBot may ask you to provide Personal Data in order to help you to provide you with information pertinent to the feedback that you enter in the ChatBot window. If you use SUSE’s ChatBot, we will process Personal Data such as your contact details to get in touch with you (e.g. if you are interested in one of our products or if you request support). Please note that the ChatBot allows free text entry so any Personal Data you enter will be processed. You are thus encouraged to refrain from entering Personal Data except as necessary and as prompted by the ChatBot. We ask you to never include sensitive categories of Personal Data (see Art 9 GDPR). If you choose to enter Personal Data in our ChatBot, we process such Personal Data under Article 6(1)(a) GDPR or Article 6(1)(f) GDPR. It is within SUSE’s legitimate interest to process such data in order to help you to provide you with information pertinent to the feedback that you enter in the ChatBot window. Given the minimum nature of the processing (see above), we believe that a fair balancing of our rights is attained. SUSE engages Qualified.com, Inc. to deploy ChatBot on our website. The data is processed in the United States. Data transfers between SUSE Group entities and Qualified.com, Inc. are also legitimated by a data processing agreement which adopts the Standard Contractual Clauses.
Use of Cookies
Our website uses cookies. Cookies are data that are assigned to you and are stored by your browser. You can block our cookies at any time by changing the appropriate setting in your browser. Cookies that have already been stored can be deleted by you at any time. Please note that when you block or delete cookies, you may not be able to make full use of all functions on our website. The legal basis for our use of cookies is Art 6(1)(f) and Art 6(1)(a) of the GDPR, which allows the processing of data that is technically required to ensure a stable, secure and functioning website and to provide you with a personalised experience on our website (e.g. through marketing relevant analytics). You can find more information about what cookies we use in our Cookie Policy and in the relevant sections below.
2. Personal Data Processed When You Register for and Use Our Website or Services
In addition to the Personal Data collected when you use our website or services without registration, some functions of our website and services can only be used when you register and log in. The Personal Data we collect after your registration and/or logging in can include e.g.:
- Personal details such as name, e-mail, address, telephone
- Details about your company such as company name, e-mail, job title, address, telephone
- Login credentials and related information such as security questions/answers or tokens
- Products or services you may be interested in
- Billing information (where applicable) such as credit card or bank details
- Details you provide to us in the context of an employment application (where applicable)
- Any other details you provide using our online services, such as forum contributions, comments, survey submissions, etc.
Such data is processed either based on a contract (Article 6(1)(b) of the GDPR) or your consent (Article 6(1)(a) of the GDPR). For the latter, you can revoke your consent at any time by sending us an informal message to the e-mail address listed above or by modifying your preferences accordingly on our website. Data collected during the registration or, for as long as your account continues, is stored by us for as long as you are registered on our website. Should you wish to terminate your account on our website you can do so at any time by sending a request via the GDPR Web Form. Please note that terminating your account will mean you will no longer be able to use our services. Certain data such as forum contributions and comments may be retained longer. The legal basis for this processing of your data is Article 6(1)(f) of the GDPR, which allows the processing of data to ensure e.g. a functioning and usable online services such as forums. Legal retention periods shall remain unaffected. To prevent misuse of our services, your IP address and the exact time of your registration and/or logging in will also be stored. The legal basis for this processing of your data is Article 6(1)(f) of the GDPR, which allows the processing of data that is technically required to ensure a stable, secure and functioning website.
3. Personal Data Processing for Visitors at SUSE Premises
When you visit SUSE premises, we use CCTV cameras for monitoring of access points for security and crime prevention purposes (e.g. to assist us in the identification and detection of offenders or for the investigation of a security incident). The controller of the processing of personal data by CCTV will always be the specific SUSE entity whose premises you are visiting. SUSE monitors only areas within our sphere of control and we avoid unnecessarily capturing public areas. There are signs in place to inform you where cameras are in use. Access to the video footage is strictly limited on a need-to-know basis within SUSE and subject to an approval process. Video footage might be supplied to the police if necessary for crime investigation purposes. The legal basis of this processing is Art 6(1)(f) of the GDPR, in particular protection of SUSE's tangible assets (e.g. laptops, servers, other HW, etc.), security of SUSE employees, products, etc.. We store such data for as long as necessary for the purposes mentioned above.
4. Personal Data Processing for SUSE Candidates
Purposes of Processing
We use your Personal Data to decide whether to establish an employment relationship and to contact you. If the employment relationship does not materialise, we use your Personal Data to send you a rejection, typically using the same method you used to send us your application documents. The processing of your Personal Data is thus necessary pursuant to i.a. Article 6 (1)(b) and Article 88 GDPR, for the establishment of an employment relationship with you.
Should you choose to participate in the SUSE Talent Community (our pool of interested candidates), we will process your Personal Data in order to maintain a pool of candidates who wish to be considered and contacted with respect to future job offers. You can also opt to receive a newsletter as part of the SUSE Talent Community, which provides you with updates on SUSE job opportunities, company news and events. You can use the unsubscribe link in the individual newsletter emails to remove yourself from further mailings.
SUSE uses a ChatBot function on https://jobs.suse.com. Should you choose to use this feature, the ChatBot may ask you to provide Personal Data in order to help you search available jobs and to provide you with information pertinent to the feedback that you enter in the ChatBot window.
In order to streamline your application, SUSE offers you the opportunity to upload your resume from an existing cloud storage service, such as DropBox and SkyDrive. Should you choose to use this feature, SUSE must process Personal Data in order to technically facilitate this data transfer.
Our jobs platform processes certain information (which may include Personal Data such as IP or data which, when aggregated, may be unique and as such potentially personally identifiable) for the purpose of displaying job recommendations based on your browsing history.
It is also possible to login/register on SUSE’s job platform using your LinkedIn, Facebook or Google account. Should you choose to do so, we process your name, photo (where available) and primary email address as supplied by those platforms for the purpose of creating your profile on our jobs platform. You can stop this processing at any time in the settings of the relevant platform. In addition, when registering, SUSE’s platform will process Personal Data for the purpose of determining what current job opportunities are available that match your profile and in order to contact you with such job opportunities.
Finally, SUSE’s job platform automatically collects and processes technical information which may include Personal Data (IP or data which, when aggregated, may be unique and as such potentially personally identifiable) for the purpose of ensuring the technical stability of the platform and for identifying and mitigating potential security issues.
Categories and Types of Personal Data Processed
To apply, you will need to create an account on SUSE’s Workday platform. The platform requires at a minimum your contact details (such as name, email, country of residence, street name, house number, city, postal code, phone number), work history (job title, company, location, duration, role description), education (school/university, degree, field of study, overall result, duration), skills, resume (you can upload this and so you decide what Personal Data is included), any websites you decide are relevant to your application, confirmations regarding any employment history or relationship with various government bodies (for regulatory compliance), legal work status (work permit, residency permit/visa) and gender (you may choose ‘undeclared’).
If you choose to join SUSE’s Talent Community, you will be asked to provide your contact details (name, email, phone number, current employer, current title, country, city) and areas that interest you. You may also upload your resume or use DropBox or SkyDrive to transfer your resume.
If you use SUSE’s ChatBot, we will process Personal Data such as your location (to search job opportunities at that location). Should you choose to give us feedback on how useful the ChatBot is, we also process that information. Please note that the ChatBot allows free text entry so any Personal Data you enter will be processed. You are thus encouraged to refrain from entering Personal Data except as necessary and as prompted by the ChatBot. We ask you to never include sensitive categories of Personal Data (see Art 9 GDPR).
If you use LinkedIn, Facebook or Google to create or log in to your profile on SUSE’s job platform, we will process contact information that is supplied to us from such a platform - contact information (name, email, phone) as well as your current job description and skills. You may restrict or stop such processing at any time using the settings of the relevant platform.
Legal Grounds for Processing
When applying for a job through our SUSE jobs platform, the Personal Data we collect is necessary for the decision as to whether to establish an employment relationship with you. We cannot process incomplete applications. The categories and types of Personal Data that are necessary are marked as such (usually with a red asterisk) and it will not be possible to proceed without completing such fields. For such necessary Personal Data in the context of your job application, we process this Personal Data according to Article 6(1)(b) and Article 6(1)(f) GDPR.
If you choose to create a profile on our jobs platform or you join the SUSE Talent Community, we process such Personal Data under Article 6(1)(a) GDPR – i.e. we rely on your consent.
If you choose to enter Personal Data in our ChatBot, we process such Personal Data under Article 6(1)(f) GDPR. It is within SUSE’s legitimate interest to process such data in order to match your input with the job opportunities currently available. Given the minimum nature of the processing (see above) we believe that a fair balancing of our rights is attained.
Recipients of Personal Data
Your application as well as any Personal Data you enter to join the SUSE Talent Community will be received and will be reviewed by SUSE’s hiring and talent managers and will be made available to the department leads and anyone else with a need to access the Personal Data to process and/or approve the job application (whereby this group of recipients will be kept to the minimum necessary).
Processors of Personal Data
SUSE engages Workday, (by Workday, Inc) as our Human Capital Management processor. The Workday tenant used by SUSE is located in Europe. Data transfers between SUSE Group entities and between the SUSE Group and Workday, Inc are also legitimated by a data processing agreement which adopts the Standard Contractual Clauses.
SUSE engages Phenom People, (by Phenom, Inc) as our Talent Experience Platform (which includes the ChatBot deployed on the SUSE jobs platform). The Phenom tenant used by SUSE is located in Europe. Data transfers between SUSE Group entities and Phenom, Inc are also legitimated by a data processing agreement which adopts the Standard Contractual Clauses (despite references to Privacy Shield in Phenom’s privacy policy).
5. Personal Data Processing for SUSE's Customer Surveys
Purpose of Processing
We need to process your Personal Data in order to better understand your information technology environment, market trends that are impacting your IT strategy and consumption in order to improve our products. Where necessary, we may need to use the Personal Data processed to contact you with respect to new products and solutions that would be relevant to you.
Categories of Personal Data Processed
We expect to process Personal Data such as your first and last name, your email, your company affiliation and role (if applicable), your location (country, postal code) as well as any information you share with us through or relating to a customer survey. We ask you to never include sensitive categories of Personal Data (see Art 9 GDPR) when you respond to our surveys.
Grounds for Processing
Where a contractual relationship (e.g. whereunder SUSE provides product support) exists or is being created between us, we process your Personal Data according to Art 6 (1)(b) GDPR. Otherwise, we process your Personal Data according to Art 6 (1)(f) GDPR, under which it is our legitimate interest to process your Personal Data to be able to provide a better product experience and to be able to contact you (see above). Given that we keep the Personal Data we need to process to provide these services to you at a minimum and that we do not believe you are disadvantaged in any way by providing such insights and information through a survey, we believe that this represents a fair balancing of interests.
Recipients of Personal Data
The Personal Data will be processed by those SUSE Group employees who are responsible for the day-to-day running of the product and marketing organization.
6. Personal Data Processing for SUSE's Okta Authentication System
Purpose of Processing
We need to process your Personal Data to create, provision and administer your account with SUSE, to ensure the security of your account, to provide account related services such as password recovery, multi-factor authentication as well as to provision your access to SUSE services which rely on the Okta authentication system. Where necessary, we may need to use the Personal Data processed to contact you with respect to issues with your account.
Categories of Personal Data Processed
We expect to process Personal Data such as your chosen username, your first and last name, your email, your company affiliation and role (if applicable), your location (country, postal code), IDs as well as any information you share with us through or relating to Okta, including without limitation in emails, forum, free text fields. Additionally, some metadata used to enhance the security of the system may be collected (see Okta's privacy policy, linked below, for further information). We ask you to never include sensitive categories of Personal Data (see Art 9 GDPR) when you use our Okta authentication system.
Grounds for Processing
Where a contractual relationship (e.g. whereunder SUSE provides product support) exists or is being created between us, we process your Personal Data according to Art 6 (1)(b) GDPR. Otherwise, we process your Personal Data according to Art 6 (1)(f) GDPR, under which it is our legitimate interest to process your Personal Data to be able to provide the Okta authentication system and to be able to contact you (see above). Given that we keep the Personal Data we need to process to provide these services to you at a minimum and that we do not believe you are disadvantaged in any way by using our Developer Portal, we believe that this represents a fair balancing of interests.
Recipients of Personal Data
The Personal Data will be processed by those SUSE Group employees who are responsible for the day-to-day running of the Okta authentication system. Additionally, SUSE uses a processor, Okta, Inc 100 First Street, 6th Floor, San Francisco, CA 94105, USA to provide the service. A data processing agreement is in place between Okta, Inc and SUSE, which incorporates the standard contractual clauses to cover the transfer of your Personal Data to Okta in the USA and other countries used by Okta for data processing.
7. Personal Data Processing for SUSE's Partner Campaign
Purpose of Processing
We need to process your Personal Data in order to better understand where and how SUSE’s products and technology are relevant to you and your IT environment. Where necessary, we may need to use the Personal Data processed to contact you with respect to new products and partner solutions that we identify to be relevant to you.
Categories of Personal Data Processed
We expect to process Personal Data such as your first and last name, your email, your company affiliation and role (if applicable), your location (country, postal code) as well as any information you share with us through or relating to a marketing campaign, including but not limited to web pages where you would fill information in order to access an educational asset, special offer, marketing content or other similar items. We ask you to never include sensitive categories of Personal Data (see Art 9 GDPR) when you engage with our marketing campaigns.
Grounds for Processing
Where a contractual relationship (e.g. whereunder SUSE provides product support) exists or is being created between us, we process your Personal Data according to Art 6 (1)(b) GDPR. Otherwise, we process your Personal Data under Art 6 (1)(a) GDPR where we have received your consent to do so, or according to Art 6 (1)(f) GDPR, under which it is our legitimate interest to process your Personal Data to be able to provide better product and partner solution offerings and to be able to contact you (see above). Given that we keep the Personal Data we need to process to provide these services to you at a minimum and that we do not believe you are disadvantaged in any way by providing such insights and information through a marketing campaign, we believe that this represents a fair balancing of interests.
Recipients of Personal Data
The Personal Data will be processed by those SUSE Group employees who are responsible for the day-to-day running of the product and marketing organization. Transfer of your Personal Data to SUSE’s partners and/or their reseller partners, such as Edge Solutions and Consulting, will happen if and after you consent to be further contacted via phone for exploratory calls that will provide you with custom insights around your IT environments and solutions we jointly offer with partners.
8. Personal Data Processing When You Contact Us Directly
When you contact SUSE directly (e.g. via email), we process your personal data such as name, surname, email address or company details in order to respond to your questions or requests (e.g. when you report a security vulnerability). The legal basis of this processing depends on the circumstances of the request and it might be Art 6 (1)(a) GDPR where we have received your consent, Art 6(1)(b) of the GDPR for the personal data we process that forms the basis of a contract as well as Art 6(1)(f) of the GDPR which allows the processing of data for our security purposes. We process your data within the SUSE Group and your data is stored in our systems such as Google Workspace. We delete your data once it is not necessary anymore in accordance with our internal data retention schedule.
9. SUSE Customer Center
When you use SUSE Customer Center (“SCC”) we may collect and process certain personal data from you in order to fulfill your support subscription using the SCC website and associated channels. Such data can include your contact details (e.g. name, email, telephone, address), data concerning your support subscription (subscriptions acquired, current system status, acceptance of terms and conditions, times and durations when logged in). The legal basis of this processing is Art 6(1)(b) of the GDPR for the personal data we process that forms the basis of a contract as well as Art 6(1)(f) of the GDPR which allows the processing of data that is technically required to ensure a stable, secure and functioning website. We store such data in SCC for as long as you retain your account with us.
10. SUSE Customer Support
In the course of providing customer support we may request some Personal Data from you to enable us to provide the high quality support that you expect from us. Such Personal Data can include your contact details (e.g. name, email, telephone, address) and account creation and maintenance details (e.g. username, password, security questions). We use this Personal Data in order to create and maintain your account on our Customer Relationship Management (“CRM”) systems, to allow you to file and track support incidents (e.g. through our web interface or through our live support tools), to upload error and telemetry data associated with your support incidents and to statistically evaluate the effectiveness of the support that we provide to our customers. The legal basis for this processing of your data is Article 6(1)(b) of the GDPR for the Personal Data we process that forms the basis of a contract. We keep your account related Personal Data as well as any Personal Data which you voluntarily add to the support incident for the duration of your support agreement with us. With respect to error and telemetry data (e.g. log files, memory dumps) you send to us, you must ensure that these, under no circumstances contain Personal Data. We delete such data within 30 days after the incident is resolved and so you must take steps to back up any such data before sending it to us.
11. Live Chat
To provide you with the ability to have a real time chat with one of our representatives, we have integrated the functionality provided by the third party provider LiveChat. In order to use this function, we collect your consent (Art 6(1)(a) of the GDPR) to provide certain Personal Data such as your name and email. We do this to ensure a personal experience, and to ensure that we can send you a record of your chat. Additionally, the service may automatically store some further information such as operating system, device type and application version.
12. Newsletter
You can subscribe to our newsletter, through which we inform you about our products, services and offers. We rely on your consent to subscribe and fulfill your newsletter request. We use a “double opt-in" procedure to subscribe you to our newsletter. After your initial subscription, we send an email to the email address you subscribed with, requesting your confirmation (e.g. by replying to the email or clicking a link therein). If you don’t confirm the subscription within the relevant time period, your subscription request will be automatically deleted. We also store the IP address you used and the time of registration and confirmation to enable us to verify your subscription and to prevent misuse. The legal basis for this processing of your data is Article 6(1)(f) of the GDPR, which allows the processing of data for our legitimate interests, that is technically required to ensure a stable, secure and functioning website.
Your email address is mandatory and necessary both to enable verification of your subscription request and actual sending of newsletter emails to you. Any other data you send us is entirely voluntary. After your confirmation, we store your email address to send you the newsletter. The legal basis for this is Art. 6 (1)(a) of the GDPR. You can revoke your consent for the newsletter any time and also unsubscribe from it. You can perform the revocation by clicking on the link provided in each email or by modifying your preferences accordingly on our website.
We may evaluate your user behaviour when we send you the newsletter, using "web beacons" (also known as Internet tags, pixel tags or clear GIFs). These web beacons allow us to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page and the information in cookies set by the third party. We may link the information collected from you above with that obtained from web beacons in newsletters to:
- Understand which email messages we sent may have been opened by you;
- Understand how you use and interact with our products and services;
- Improve our products and services;
- Optimise your html email experience;
- Provide you more relevant content; and
- Stop contacting you if over time we can see that you are no longer opening our email messages.
If you wish to prevent the use of web beacons, you may be able to prevent the use of some web beacons by setting your email application or software to display HTML emails as text only.
13. Personal Data Processing in Other Systems
Depending on the situation (whether you are our customer, potential customer or website visitor), we might process your personal data in various systems provided by third parties. Examples of such systems are mentioned below and they might change from time to time:
Salesforce
We use Salesforce Inc's cloud platform to manage our customer and potential customer portfolio. In order to do so, we must collect and process certain Personal Data from you. Such Personal Data can include your contact details (e.g. name, email), account creation details (e.g. username, password, security questions) as well as details about your relationship with us (interest in products and services, previous purchase history). The legal basis for the processing are Article 6 (1)(b) of the GDPR, Article 6 (1)(f) of the GDPR under which it is within our legitimate interests to maintain an efficient method of managing our customers as well as with consent, under Art 6 (1)(a) of the GDPR.
Marketo
We use Marketo Inc's cloud platform to manage how we market our products and services to our customers and potential customers as well as to manage and administer information about our customers. In order to do so, we must collect and process certain Personal Data from you. While certain categories of Personal Data may be shared through our use of the Salesforce cloud platform, Marketo also processes Personal Data such as your interest in our products and your preferences with regard to how and when we should contact you. The legal basis for the processing are Article 6 (1)(b) of the GDPR, Article 6 (1)(f) of the GDPR under which it is within our legitimate interests to maintain an efficient method of managing our customers as well as with consent, under Art 6 (1)(a) of the GDPR.
Bugzilla
We use the Bugzilla infrastructure for filing and tracking errata in our products and services. If you wish to use our Bugzilla interface, we will need to collect and process Personal Data from you. Such Personal Data can include your contact details (e.g. name, email) and account creation and maintenance details (e.g. username, password, security questions) as well as any Personal Data that you voluntarily transfer in the course of using the Bugzilla interface. The legal basis for this processing is Article 6(1)(b) of the GDPR for our customers and partners and Article 6(1)(f) of the GDPR for all other data subjects. While your account may be deleted, certain data may be retained in the bug reports that you filed or commented on. The legal basis on which such data is processed is Article 6(1)(f) of the GDPR, under which we may retain data necessary for the long term functioning and availability of our primary method of maintaining and presenting errata.
Feature Requests Tools
We use the feature requests tools (such as FATE or Jira) for filing and tracking features for our products and services. If you wish to use our interface, we will need to collect and process Personal Data from you. Such Personal Data can include your contact details (e.g. name, email) and account creation and maintenance details (e.g. username, password, security questions) as well as any Personal Data that you voluntarily transfer in the course of using the interface. The legal basis for this processing is Article 6(1)(b) of the GDPR for our customers and partners and Article 6(1)(f) of the GDPR for all other data subjects. While your account may be deleted, certain data may be retained in the feature requests that you filed or commented on. The legal basis on which such data is processed is Article 6(1)(f) of the GDPR, under which we may retain data necessary for the long term functioning and availability of our primary method of maintaining and presenting features.
Google Analytics
This website uses the web service Google Analytics to analyse your visits. We deploy this service for marketing, advertising and site requirements evaluation purposes. The legal basis for this processing is Article 6(1)(a) and Article 6(1)(f) of the GDPR as it is within our legitimate interests to pursue the aforementioned purposes. In order to carry out this evaluation, Google Analytics stores cookies in your browser. While Google may process certain information that could be used to identify you, our configuration ensures through e.g. IP masking and obfuscation, that only general information will be processed. You may reject the collection and processing of data at any time, by changing your browser setting to prevent the storage of cookies. See our Cookie Policy for further details about cookies in general and about Google Analytics cookies specifically.
6Sense
We use the services provided by 6Sense Insights, Inc. (“6sense”) to provide us with an analytics-based solution to help us to know more about business prospects and to help determine how and when we should interact with them. To enable this, we may transfer your data (e.g. sales data, web data/site activity data and lead information) to 6sense. The legal basis for this processing is Article 6(1)(f) of the GDPR as it is within our legitimate interest to deploy and maintain a lead generation and management platform to enable us to better engage with customers and potential customers.
DigitalRiver
We offer you the ability to make purchases online through our online shop. We use a third party service provider, Digital River, to fulfill orders. It will be necessary for you to provide Personal Data to enable fulfillment of your order (Article 6(1)(b) of the GDPR).
Clari (and Groove)
We use the services of Clari (and Groove) to streamline revenue operations and improve forecast accuracy. The legal basis for this processing is Article 6(1)(f) of the GDPR as it is within our legitimate interests to pursue the aforementioned purposes. Personal data originates in Salesforce (mostly) and Google Workspace, it can also be collected directly. The Personal Data we collect may include common personal data (e.g. name, email, phone number, geographical data) andaudio data.
Gong
The Gong software is used for call recording and transcription by the Sales Development Team. It also enables the analysis of email communication. This service empowers our team to orient towards a data-driven approach and improves our communication strategies with you. The legal basis for this processing is Article 6(1)(f) of the GDPR as it is within our legitimate interests to pursue the aforementioned purposes. The Personal Data we collect include: Name, Email Address, Phone Number, and the contents of the email/call communication. Gong will also process other customer data from Salesforce.
Oktopost
This platform allows us to measure all of our social media activities. The legal basis for this processing is Article 6(1)(f) of the GDPR as it is within our legitimate interest to lead with you meaningful conversations about our products.The Personal Data we collect about you may include: Name, Title, Contact details (e.g.: email, phone, company address) Company Name, IP Address. Oktopost also processes customer data from Salesforce.
DoubleClick Ad Exchange
While we do not incorporate code or functionality from DoubleClick, this website uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to display adverts that are relevant to the user, to improve reports on campaign performance, and to avoid users being shown the same adverts multiple times. Via a cookie ID, Google records which adverts are displayed in which browser and is thus able to prevent the adverts from being shown multiple times. Furthermore, with the aid of cookie IDs, DoubleClick can record conversions relating to ad requests. This is the case, for example, when a user sees a DoubleClick advert and later visits the advertiser’s website using the same browser and makes a purchase on that website. According to Google, DoubleClick cookies contain no personal information.
Through the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected through use of this tool by Google and are therefore providing you with information based on what we know: Through the integration of DoubleClick, Google receives the information that you have accessed the relevant section of our website or that you have clicked on one of our adverts. If you are registered with a Google service, Google can link the visit to your account. Even if you are not registered with Google or are not logged in, the provider may learn and store your IP address.
You can prevent participation in this tracking process in a number of ways: a) by configuring your browser software accordingly; in particular, the suppression of third-party cookies means that you will not receive adverts from third-party providers; b) by disabling the cookies for conversion tracking, by setting your browser to block cookies from the domain "googleadservices.com", at https://www.google.com/settings/ads; this setting is deleted if you delete your cookies; c) by disabling interest-related adverts from providers who are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices; this setting is deleted if you delete your cookies; d) by permanently deactivating your Firefox, Internet Explorer or Google Chrome browser at the link http://www.google.com/settings/ads/plugin. Please note that in this case, you may not be able to fully use all the functions on this website.
The legal basis for the processing of your data is Art. 6(1)(f) and Article 6(1)(a) of the GDPR. Further information on DoubleClick by Google is available at https://www.google.com/doubleclick, and on data protection in general at Google: https://www.google.com/intl/en/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.
AdDaptive Intelligence
AdDaptive Intelligence, Inc. (AdDaptive) provides digital advertising services to brands, advertising agencies, and digital publishers through the use of our technology platform (Platform). AdDaptive's Platform, which is used on behalf of clients (Clients), manages digital advertisements across many channels, such as third-party websites, mobile apps, online video, streaming audio and streaming TV.
When the AdDaptive technology is deployed on Client websites (Client Sites) and the user is located outside of the EEA, the Platform automatically receives information from the Client Site through the use of pixels tags and cookies.
Additionally, publisher and advertiser clients, as well as data providers, and our Demand Side Platform partner (Xandr), provide AdDaptive with Platform Data to support advertising transactions. The Platform Data may include cookies from the adnxs.com domain which you can learn more about by visiting https://about.ads.microsoft.com/en-us/solutions/xandr/digital-platform-cookie-policy. The AdDaptive Privacy Policy provides more information about Platform Data, and opting out of the use of cookies.
Social Media Plug-ins
We currently use the following social media plug-ins on our website:
- X (former Twitter)
We use the two-click solution. This means that when you visit our site, no personal data is sent initially to the plug-in providers. You can identify the provider of the plug-in by the marking on the box, via the provider’s initial letters or logo. We give you the opportunity to communicate directly with the plug-in provider via the button. The plug-in provider will receive the information that you have visited the relevant page on our website only if you click on the marked field and thereby activate it. In addition, the data will be transmitted. In the case of Facebook and Xing, according to these providers, the IP address is anonymised immediately after being collected in Germany. When the plug-in is activated, your personal data is therefore sent to the relevant plug-in provider and stored there (in the case of US providers, in the USA). Because the plug-in providers carry out data collection using cookies, we recommend deleting all cookies via the security settings in your browser before clicking on the greyed-out box.
We have no influence on the data collected or on the data processing operations, nor do we know the full scope of the data collection, the purposes of the processing or the retention periods. We also have no information regarding the erasure of the collected data by the plug-in providers.
The plug-in provider stores the data collected regarding you as usage profiles and uses these for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such use is carried out (including for users who are not logged in) for the purposes of displaying appropriate advertising and informing other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact the relevant plug-in provider. Via the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve the experience we offer and make it more interesting for you as a user. The legal basis for the use of plug-ins is Art. 6(1)(1)(f) GDPR.
The data transfer takes place irrespective of whether you have an account with the plug-in provider and are logged into your account. If you are logged into your account with the plug-in provider, your data collected on our website will be linked directly to this account. If you click on the activated button and e.g. link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend regularly logging out after using a social network, before activating the button, as in this way you can prevent a link being made by the plug-in provider to your profile.
Further information on the purpose and scope of the collection and processing of data by the plug-in provider is available in the privacy policies of these providers listed below. In these privacy policies, you can also find further information on your associated rights and setting options for protecting your privacy.
Addresses of the relevant plug-in providers and URLs for their privacy policies:
Google Ireland Limited, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland https://www.google.com/policies/privacy/partners/?hl=en.
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.
X Corp., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
Integration of YouTube Videos
We may integrate YouTube videos in our website. These videos are stored on http://www.youtube.com and can be played directly from our website. The videos are all integrated in "enhanced data protection mode", meaning that no data regarding you as a user is transmitted to YouTube if you do not play the videos. The data is transmitted only when you play the videos. We have no influence over this data transmission.
Through the visit to the website, YouTube receives the information that you have accessed the relevant page on our website. In addition, the data will be transmitted. This takes place irrespective of whether you have a user account with YouTube that you are logged into or whether no user account exists. If you are logged in on Google, your data will be linked directly to your account. If you do not want your data to be linked to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact YouTube.
Further information on the purpose and scope of the collection and processing of data by YouTube is available in the privacy policy. Here, you can also find further information on your rights and setting options for protecting your privacy: https://www.google.com/intl/en/policies/privacy.
14. SUSECON
SUSECON is SUSE’s annual conference. You can register for SUSECON at SUSE's dedicated website https://www.suse.com/susecon/. For the purposes of processing your registration and to provide the services relating to your SUSECON account as well as ensuring that you can participate in SUSECON, we must process certain Personal Data.
The categories of Personal Data that we process to enable your participation in SUSECON are your contact details (name, email address, phone number, mailing address, emergency contact number) as well as information such as your audiovisual/mobility needs, technology certifications and your interest in SUSE technology. Any Personal Data that you share via the various communication channels provided as part of SUSECON may also be processed – we highly discourage you from sharing any special categories (see Article 9 GDPR) of Personal Data.
To enable your participation in SUSECON we typically process your Personal Data under Art 6 (1)(f) GDPR. It is within our legitimate interests, in enabling your participation in SUSECON, to process such Personal Data as is necessary to provide the digital conference. To balance our legitimate interests with your interests, we seek to keep the Personal Data that we process to a minimum and we have ensured that any processors which we use to provide SUSECON are also bound to ensure your Personal Data is processed in a GDPR compliant manner.
For certain services provided as part of SUSECON, such as the SUSECON newsletter and update mailings, we rely on your consent (Art 6 (1)(a) GDPR) and we ask for this before your Personal Data is processed for such purposes. You may withdraw your consent to receiving such mailings at any time (without affecting your participation in SUSECON) using the unsubscribe link that is included in all such mailings.
If you opt-in to being listed to the SUSECON mobile app during the registration process, your contact (name, title and company name) will be available by other attendees for networking through the mobile app. We rely on your consent (Art 6 (1)(a) GDPR) and we ask for this before your Personal Data is processed for such purposes. This setting can be adjusted in the mobile app itself. The mobile app allows attendees to write additional details about themselves, share their interests and exchange messages. We highly discourage you from sharing any special categories (see Article 9 GDPR) of Personal Data. Your Personal Data obtained through the mobile app will be processed in a GDPR compliant manner.
We have engaged RainFocus, Inc, 1633 W. Innovation Way, Suite 100, Lehi, 84043 Utah, USA as a processor to provide services relating to event registration and fulfillment. This involves transferring your Personal Data to the United States. Such transfer is secured by utilizing the Standard Contractual Clauses.
You will be given the option to opt-in for communication from all conference sponsors. This opt-in will be considered consent for your Personal Data to be shared with those sponsors. In addition, if you choose to access content from individual SUSECON sponsors (recorded sessions, keynotes, downloadable material, etc.) that sponsor will be provided with the Personal Data collected from you during the conference registration process. This policy will be clearly stated during the registration process and is reiterated on sponsor pages within the SUSECON site. You are not required to access sponsor content or otherwise provide your information to sponsors in order to participate in SUSECON.
15. Data Transfers Within SUSE Group and Other Examples of Data Disclosure
We process your Personal Data solely within the SUSE Group unless we expressly inform you otherwise. The data which we process to provide services is stored solely on SUSE Group servers in Provo, Utah, USA. Transfers of, and access to, your data to SUSE Group entities around the world are all protected using Standard Contractual Clauses.
We might disclose your personal data to third parties in some specific situation such as:
- if we go through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets, your personal data will likely be among the assets transferred,
- when legally required to do so (e.g., to cooperate with law enforcement investigations or other legal proceedings).
16. Your Consent
You consent to the SUSE Group and/or Partners (https://www.suse.com/partners/find-partner/) using your personal data created at, for, during or related to your interaction with a SUSE webform, offline channel, or person, for the purpose of offering products and services, including without limitation: conducting business, pursuing business relationships, developing products and services, and operating our various web presences, communities, and communication channels. You acknowledge that this may involve your personal data being processed by processors and transferred to third parties in third countries which may not provide the same level of protection to the rights of individuals as the GDPR does.
17. Your Rights as Data Subject
You have the following rights as a Data Subject:
- Right to information
- Right to rectification or erasure of Personal Data
- Right to restriction of processing
- Right of objection to the processing
- Right to data portability
- Right to complain to a data protection supervisory authority about our processing of your Personal Data
If you have consented to the processing of your data, you can always revoke this consent at any time. After you have expressed such a revocation to us, it will influence the permissibility of processing your personal data and may impact the services that we can provide to you.
Provided that we are basing the processing of your personal data on the need to balance interests, you can raise an objection to this processing of your data. This is the case if the processing is not required (in particular to) fulfill a contract with you, a fact which we endeavour to outline in the subsequent description of the respective functions. When exercising such a right of objection, we request that you outline the reasons why we should not process your personal data in the manner we have described. If you present to us your reasons, we shall check the circumstances and either stop and/or adjust the processing of the data, or present compelling counterarguments for continuing with the data processing.
You can of course object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your objection to the use of your data for advertising through the contact details given at the top of this Privacy Policy.
You may also contact SUSE's Data Protection Officer (see above) or the Supervisory Authority for SUSE which is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).
18. CCPA
This Privacy Statement also describes the rights of Californians under the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA requires businesses like SUSE, that receive information from more than fifty thousand California consumers, to provide certain information to them.
We Do Not Sell Your Personal Information
The CCPA requires us to disclose whether we sell your personal information. We do not sell your personal information.
Your Rights Under the CCPA
The CCPA provides Californians with the following rights:
- Requests for Information
You can request a copy of your personal information and that we disclose how we have collected, used, and shared your personal information over the past 12 months, including the categories of personal information we collected and our purposes for doing so; the categories of sources for that information; the categories of third parties with whom we shared it for a business purpose and our purposes for doing so.
- Your Right to Opt Out of Sales
We do not sell personal information, so we don’t have an opt out.
- Your Right to Notification
We must notify you if we collect new categories of personal information or use existing categories for materially different purposes.
- Nondiscrimination for exercising your CCPA Rights
The CCPA prohibits businesses from discriminating against you for exercising your rights under the law. Such discrimination may include denying services, charging different prices or rates for services, providing a different level or quality of services, or suggesting that you will receive a different level or quality of goods or services as a result of exercising your rights.
- Your Right to Delete Personal Information
You can request that we delete your personal information using the methods described in our privacy policy. We comply with such requests unless an exception applies.
The CCPA Categories of Personal Information We Collect and the Sources
Categories of Personal Information | Sources |
---|---|
Identifiers (e.g., real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers) | Information you provide directly or through your interactions with our services (as defined in our privacy policy) or partnersVendors that provide information to help us more effectively understand your business needs |
Characteristics of protected classifications under California or Federal law (e.g., your gender or age) (“Characteristics of Protected Classifications”) | Information you provide to us directly and inferences we make based on that informationInformation from our customers and partners |
Commercial information (e.g., information regarding products or services purchased, obtained, or considered) | Information you provide to us directlyYour interactions with our servicesInformation from our customers and partners |
Internet or Other Electronic Network Activity Information (e.g., browsing history, search history, and information regarding your interactions with our Services) | Your interactions with our servicesYour visits to third party sites that host e.g. our cookies |
Geolocation Data | Information you provide to us directly or indirectly through use of our services |
Professional or Employment-Related Information | Information you provide to us directlyInformation from our partners |
Inferences | Information you provide to us directly or through your interactions with our servicesInformation from our customers and partner |
Personal information described in Cal. Civ. Code §1798.80(e)(such as name, address, telephone number, education, employment history, credit card or debit card number) | Information you provide directly or through your interactions with our servicesInformation from our customers or partners |
Audio, electronic, visual or similar information | Information you provide directly or through your interactions with our services, customers or partners |
The CCPA Categories of Personal Information We Share for a “Business Purpose”
While we do not sell your personal information, we may share it to support our own operational purposes in providing services to you. These operational purposes, known as “business purposes” under the CCPA, are described below. In addition, we may share personal information at your direction, such as when you choose to communicate with other members through our services.
- Auditing Interactions
We may share the types of personal information listed above with partners, service providers and related companies, in order to audit interactions and transactions, such as to count or verify the positioning and quality of ad impressions.
- Security Purposes
In order to secure our Services, including to detect, prevent and investigate security incidents or violations of applicable laws, we may share the types of personal information listed above with our partners, service providers, law enforcement and related companies.
- Service Improvements
In order to improve our services (such as to identify bugs, repair errors or ensure that services function as intended) or conduct internal research and analysis to improve our technology, we may share the types of personal information listed above with our partners, service providers and related companies
- Service Providers and Other Notified Purposes
We may share personal information with Service Providers, as defined by the CCPA, in order to have them perform services specified by a written contract or with others for a notified purpose permitted by the CCPA (e.g., to respond to law enforcement requests).
19. Data Subject Web Form
To request access to or deletion of your personal data, please use our GDPR Web Form.