Privacy Policy

Introduction

Any data you provide via the website https://susiandjames.com  will be collected and used in accordance with applicable data protection regulations. This privacy policy applies only to our websites. If you are redirected to other websites via links on our pages, please refer to their respective privacy policies for information on how they handle your data.

1. General

Personal data is any information that relates to you personally, such as your name, address, email address, and user behavior. The following provisions inform you about the type, scope, and purpose of the collection, processing, and use of your personal data.

The controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is:

SUSI&James GmbH
Turley Straße 8
68167 Mannheim, Germany

Telephone: +49 (0)621 48349342
Fax: +49 (0)6221 3188859
Email: mail@susiandjames.com

represented by the managing director Marcel Martini.

We have appointed a data protection officer in our company. You can reach them using the following contact details:

Nextwork GmbH
Email: datenschutz@nextwork.de

2. Automatic data collection

When you use our website for purely informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR): your IP address, the date and time of your website visit, the time zone difference to Greenwich Mean Time (GMT), the content of the request (specific page), the access status/HTTP status code, the amount of data transferred, the website from which the request originated, the browser you are using, your operating system and its interface, the name of your access provider, and the language and version of your browser software.

We process the aforementioned data for the following purposes:

• Ensuring a smooth connection to the website,
• Ensuring a comfortable user experience on our website,
• Evaluation of system security and stability, as well as for other administrative purposes.

This information is temporarily stored in a log file. The aforementioned information is collected automatically without your intervention and stored until its automated deletion. Under no circumstances do we use the collected data to draw conclusions about your identity.

3. Information about cookies

We use cookies on our website. These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device and do not contain viruses, Trojans, or other malware.

The cookie stores information related to the specific device you are using. However, this does not mean that we gain direct knowledge of your identity. The use of cookies serves, among other things, to make your use of our website more convenient.

 

Use of cookies:

1. a) We set so-called session cookies to recognize that you have already visited certain pages on our website. These are automatically deleted when you leave our site.

2. b) Furthermore, we also use temporary cookies to optimize user-friendliness. These cookies are stored on your device for a specific, predetermined period. When you revisit our site to use our services, it is automatically recognized that you have already been here and what entries and settings you have made, so you don't have to enter them again.

3. c) We also use cookies to collect statistical data on the use of our website and to analyze this data in order to optimize our services for you. These cookies allow us to automatically recognize that you have visited our site before when you return. These cookies are automatically deleted after a specified period of time.

The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Sentence 1 f GDPR. You can prevent cookies from being stored on your hard drive by selecting “do not accept cookies” in your browser settings. However, this may result in limited functionality of our services.

 

4. Making contact

 

If you have any questions, you can contact us. By doing so, you will provide us with your valid email address and/or telephone number, as well as your first and last name and your inquiry. This information is necessary so that we know who is contacting us and can respond to your request. You may voluntarily provide us with any other information. 

 

When you contact us (via contact form, email, and intelligent telephone assistant), the information you provide will be processed in accordance with Article 6(1)(b) GDPR (within the framework of contractual/pre-contractual relationships) for the purpose of processing and handling your inquiry. Offering these various channels is an additional service we provide to enable you to contact us quickly and easily (legal basis: Article 6(1)(f) GDPR). 

 

The personal data we collect as a result of your contacting us will be deleted as follows: 

• Contact form:  

We always assume that submissions via the contact form are for business purposes. Data is forwarded to our CRM system and processed there. It is deleted three years after the last contact, unless a contractual relationship has been established. If a contractual relationship has been agreed upon, we will retain the data for ten years for documentation purposes.  

 

• E-mail 

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of a business interest, the collected data will be further processed in our CRM system. Deletion will occur three years after the last contact, provided no contractual relationship has taken place. Once a contractual relationship has been agreed upon, we will retain the data for ten years for evidentiary purposes. 

 

• intelligent telephone assistant 

The intelligent telephone assistant answers calls, conducts interactive dialogues, and records the caller's request as well as relevant and necessary data for further processing, such as contact details and the content of the inquiry. This information is then provided to our staff via transcription to efficiently process your requests and wishes. 

 

The pursuit of the goal of optimizing our telephone accessibility and efficiently processing inquiries is based on our legitimate economic interest pursuant to Art. 6 para. 1 lit. f GDPR. Using the service as a caller is voluntary and is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Art. 9 para. 2 lit. h GDPR. If you have given your consent, you can withdraw it at any time with effect for the future by contacting us using the provided contact details. 

 

Your data will only be stored for as long as necessary to process your request. Your data, related to the call handling by the digital telephone assistant, will be deleted as soon as the purpose of data collection has been fulfilled. To process your submitted request, access to the data will be granted only to those departments that require it to perform their tasks in accordance with the need-to-know principle. 

 

Transfers to third countries are subject to the necessary security measures in accordance with applicable data protection regulations.

• The following data protection policy applies to contact with applicants: https://saj.jobs.personio.de/privacy-policy?language=de  

5. Support

For the organization, provision, and processing of support within the scope of using the "Smart Office" service, we use Atlassian's Service Manager ticketing system. When a support request is received, we process the requester's personal data, such as their email address and the content of the request, in order to provide the requested support. This processing of personal data for the purpose of providing support is based on our legitimate economic interest in maintaining and ensuring customer satisfaction in accordance with Article 6(1)(f) GDPR and for ensuring the contractual agreements within the framework of the business relationship and our legitimate interests in accordance with Article 6(1)(b) GDPR.

The service provider for the ticketing system, which acts as a data processor for us in accordance with Article 28 of the GDPR, is Atlassian, Inc., 1098 Harrison Street, San Francisco, California 94103, USA. Since the service provider is an American company, it cannot be ruled out that Atlassian also processes your data in the USA. Atlassian is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this page of the European Commission..

Furthermore, Atlassian uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Atlassian commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here..

More information about Atlassian's standard contractual clauses can be found at this linkYou can learn more about the data processed through the use of Atlassian in the privacy policy on Atlassian's privacy page..

 

6. Accounting & Invoicing

We use the SevDesk service for our accounting and invoicing (incoming and outgoing invoices). The provider is sevDesk GmbH, Im Unteren Angel 1, 77652 Offenburg, Germany. When using SevDesk, personal data (e.g., name, address, contact details) is processed and stored for 10 years. This storage is carried out in accordance with legal retention requirements and serves the purpose of proper accounting. You can find further information on data processing by SevDesk in SevDesk's privacy policy.

7. Newsletter

With your consent, you can subscribe to our newsletter, which will inform you about our current special offers. The advertised goods and services are specified in the consent form.

We use the so-called double opt-in procedure for newsletter registration. This means that after you register, we will send an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. We also store your IP address and the date and time of registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to investigate any potential misuse of your personal data.

The only mandatory information required to receive the newsletter is your email address. Providing further information is voluntary and will be used to personalize our communications with you. After your confirmation, we will store your email address for the purpose of sending you the newsletter. The legal basis for this is Article 6 Paragraph 1 Sentence 1 a GDPR.

You can withdraw your consent to receive the newsletter and unsubscribe at any time. You can declare your withdrawal by email to mail@susiandjames.com or by contacting us using the contact details provided in the legal notice.

8. Using ajax.googleapis.com/ jQuery

This page uses Ajax and jQuery technologies to optimize loading speeds. For this purpose, program libraries are retrieved from Google servers. Google's CDN (Content Delivery Network) is used. If you have previously used jQuery from the Google CDN on another website, your browser will access the cached copy. Otherwise, a download is required, during which data is transmitted from your browser to Google Inc. ("Google"). Your data will be transferred to the USA. For more information, please refer to the providers' websites.

9. Integration of Google Maps

This website uses Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.

By visiting our website, Google receives the information that you have accessed the corresponding subpage. In addition, the data mentioned in section 2 of this privacy policy is transmitted. This occurs regardless of whether Google provides a user account that you are logged into, or whether no user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not want this association with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research, and/or the needs-based design of its website. Such analysis is carried out in particular (even for users who are not logged in) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your related rights and settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield.

https://www.privacyshield.gov/EU-US-Framework.

10. Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

reCAPTCHA is used to verify whether data entered on our websites (e.g., in a contact form) is entered by a human or by an automated program. For this purpose, your input is transmitted to Google and processed there. The query includes sending your IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google. Google will use this information to evaluate your use of this service. Data processing is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web services from abusive automated data scraping and spam.

Further information about Google reCAPTCHA and Google's privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

11. Integration of Google Fonts

This website uses web fonts provided by Google (http://www.google.com/webfonts/) for consistent font display. When you access a page, your browser loads the necessary web fonts into its cache to display text and fonts correctly. For this purpose, your browser must connect to Google's servers. This allows Google to know that our website was accessed via your IP address. Data transmitted in connection with the page request is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. This data is not associated with any data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

You can configure your browser so that fonts are not loaded from Google servers (e.g., by installing add-ons like NoScript or Ghostery for Firefox). If your browser does not support Google Fonts or you block access to Google servers, the text will be displayed in the system's default font.

The use of Google Web Fonts is in the interest of a consistent and appealing presentation of our online services. Data processing is based on Article 6(1)(f) GDPR.

Information on the privacy policy of Google Webfonts can be found at: https://developers.google.com/fonts/faq#Privacy.

General information on data protection can be found in the Google Privacy Center at: http://www.google.com/intl/de-DE/privacy/.

12. Integration of Font Awesome

This website uses web fonts provided by Fonticons, Inc. for consistent font display. When you visit a page, your browser loads the necessary web fonts into its browser cache to display text and fonts correctly.

For this purpose, the browser you are using must connect to the servers of Fonticons, Inc. This allows Fonticons, Inc. to know that our website was accessed via your IP address. The use of web fonts is in the interest of a consistent and appealing presentation of our online content. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

If your browser does not support web fonts, a standard font from your computer will be used. Further information about Font Awesome can be found at https://fontawesome.com/help and in the Fonticons privacy policy.

Inc.: https://fontawesome.com/privacy.

 

13. Retrieving profile pictures from Gravatar

We use the Gravatar service from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, within our online services and especially in our blog.

Gravatar is a service where users can register and upload profile pictures and their email addresses. When users with that email address post or comment on other online platforms (especially blogs), their profile pictures can be displayed alongside their posts or comments. For this purpose, the email address provided by the user is encrypted and transmitted to Gravatar to check if a profile is associated with it. This is the sole purpose of transmitting the email address; it is not used for any other purpose and is subsequently deleted.

The use of Gravatar is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR, as we use Gravatar to offer authors of posts and comments the opportunity to personalize their posts with a profile picture.

The use of Gravatar is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR, as we use Gravatar to offer authors of posts and comments the opportunity to personalize their posts with a profile picture.

If users do not want a profile picture associated with their email address on Gravatar to appear in the comments, they should use an email address that is not registered with Gravatar when commenting. We would also like to point out that it is possible to use an anonymous email address or no email address at all if users do not wish their email address to be transmitted to Gravatar. Users can completely prevent the transmission of data by not using our commenting system.

14. Links to social networks

Facebook Page Insights – “Facebook Fanpage”

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information stored on your computer in the form of cookies. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of the page. These statistical data are accessible to us, the page operator, via Facebook's "Insights" feature. These statistics are generated and provided solely by Facebook. We, as the operator, have no influence on their generation or presentation. We cannot disable this function or prevent the generation and processing of this data.

Further information about “Insights” is available from Facebook at the following link: http://de-de.facebook.com/help/pages/insights.

The following data is provided to us by Facebook via "Insights":

Number of page views, "likes", page activity, reach, video views, post interactions, post reach, comments, shared content, replies, gender ratio, regional distribution of users (origin based on country and city), language, views and clicks in the shop, clicks on route planners and clicks on phone numbers.

The operation of this Facebook page and the associated processing of users' personal data is based on Article 6(1)(f) GDPR, our legitimate interest in providing a modern and supportive platform for information and interaction with the users and visitors of our Facebook page. As the operators of the fan page, we are jointly responsible with Facebook for this processing. Therefore, a so-called Page Insights Supplement was agreed upon with Facebook, outlining who fulfills which obligations under the GDPR. Facebook bears primary responsibility under the GDPR for the processing of Insights data. Accordingly, Facebook fulfills all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13, Articles 15 to 22, and Articles 32 to 34). You can assert your data subject rights against us or Facebook Ireland Limited ("Facebook Ireland"). If you, as a data subject under the GDPR, contact us regarding the processing of Insights data and the obligations assumed by Facebook Ireland within the framework of the Page Insights Supplement, we are obliged to forward all relevant information to Facebook Ireland.

 

The full Page Insights Addendum regarding the responsible party can be found at: https://www.facebook.com/legal/terms/page_controller_addendum

Facebook addresses and URLs with the privacy notice:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

15. Rights of data subjects

You have the right:

• In accordance with Article 15 of the GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if they were not collected by us, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved.
• In accordance with Article 16 GDPR, you have the right to request the immediate rectification of inaccurate or incomplete personal data concerning you that we hold;
• In accordance with Article 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• In accordance with Article 18 GDPR, you have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you oppose its erasure, we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Article 21 GDPR;
• In accordance with Article 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller;
• In accordance with Article 7(3) of the GDPR, you have the right to withdraw your consent at any time. This means that we will no longer be permitted to process your data based on this consent in the future.
• According to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. Generally, you can contact the supervisory authority of your habitual residence, your place of work, or our registered office.

Please send inquiries regarding your data subject rights by post to the following address:

SUSI & James GmbH
Turley Straße 8
68167 Mannheim, Germany

Please submit your claim by mail, including your name, address, and, if applicable, your customer number and the context of the personal data. If this information is missing, we cannot authenticate you and therefore cannot guarantee your rights under the GDPR.

16. Right of objection

If you have given your consent to the processing of your personal data, you can revoke it at any time. Such a revocation affects the lawfulness of processing your personal data after you have communicated it to us.

Where we base the processing of your personal data on a balancing of interests, you may object to this processing. This is the case, in particular, if the processing is not necessary for the performance of a contract with you, which we will explain in the following description of the functions. When exercising such an objection, please state the reasons why we should not process your personal data as we have been doing. In the event of your justified objection, we will review the situation and either cease or adjust the data processing, or demonstrate to you our compelling legitimate grounds for continuing the processing.

Of course, you can object to the processing of your personal data for advertising and data analysis purposes (e.g., the analysis of data for advertising purposes) at any time. You can inform us of your objection to advertising using the following contact details: mail@susiandjames.com.

17. Data security

During your visit to our website, we use the widely used SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption supported by your browser. This is typically 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognize whether an individual page of our website is transmitted in encrypted form by the closed padlock symbol in the lower status bar of your browser. The information you transmit to us is generally stored on servers within Germany or at least within the European Union.

We also employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

18. Updates and changes to this privacy policy

This privacy policy is currently valid and was last updated in February 2025.

Due to the ongoing development of our website and related services, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed at any time on our website at www.susi.me. von Ihnen abgerufen und ausgedruckt werden.