top of page

Data Privacy Clause

1. Controllers

Responsible for data processing in connection with this website are, as joint controllers within the meaning of Art. 26 GDPR:

SURIRO GmbH

Dianastr. 36, 85540 Haar, Germany

Commercial Register: HRB 187657, Munich Local Court (Amtsgericht München)

Email: data-privacy@suriro.com  |  Managing Director: Maren Kordes

 

SURIRO Monto GmbH

Stumpfau 687, 6290 Mayrhofen, Austria

Company Register Number: FN 458187f, Innsbruck Regional Court (Landesgericht Innsbruck)  |  VAT ID: ATU71506756

Email: data-privacy@suriro.com  |  Managing Director: Maren Kordes

No data protection officer has currently been appointed, as the statutory requirements (Art. 37 GDPR, Sec. 38 German Federal Data Protection Act (BDSG)) are not met. Please direct any data protection queries to data-privacy@suriro.com.

2. General Information on Data Processing

We process personal data of our users only to the extent necessary to provide a functioning website together with our content and services, or where the user has given consent. Processing of personal data regularly takes place only with the user's consent (Art. 6(1)(a) GDPR), to perform a contract or pre-contractual measures (Art. 6(1)(b) GDPR), or on the basis of a legitimate interest (Art. 6(1)(f) GDPR), provided the processing is necessary to safeguard a legitimate interest and the interests, fundamental rights and freedoms of the data subject do not override it.

3. Provision of the Website and Server Log Files (Hosting)

This website is hosted by Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv, Israel ("Wix"). In doing so, Wix processes, as processor or in part as an independent controller, technical data automatically transmitted by your browser when you access the website (including IP address, date and time of the request, browser type, operating system used, page requested, referrer URL). This data is technically necessary to deliver the website and ensure operational security (Art. 6(1)(f) GDPR). Data may be transferred to Israel and/or the USA on the basis of the European Commission's adequacy decision for Israel and/or EU Standard Contractual Clauses. Details on data processing by Wix can be found in Wix's privacy policy: https://www.wix.com/about/privacy.

4. Cookies

This website uses cookies. Which cookie categories are used and how you can grant, decline or withdraw your consent is described in detail in our separate Cookie Policy: www.suriro.com/cookies. Cookies that are strictly necessary for the technical operation of the website are set on the basis of Art. 6(1)(f) GDPR; all other cookies (analytics, marketing) are set exclusively with your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Sec. 25 of the German Telecommunications-Telemedia Data Protection Act (TTDSG). You may withdraw your consent at any time with effect for the future via the cookie banner or your browser settings.

5. Contact (SuriroMeNow Form)

If you contact us via the contact form at www.suriro.com/suriromenow, we process the data you provide (first name, last name, email address, company, phone number, position) to handle your inquiry and any follow-up questions. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) where your inquiry relates to a possible engagement, otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

Data submitted via the form is stored both in Wix's own form/CRM system (Wix Forms/Ascend) and forwarded by email to the relevant contacts (Maren Kordes, Martin Hack). We use STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany, as our domain and email hosting provider; the email mailboxes themselves are operated via Microsoft 365, with Microsoft Ireland Operations Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland, as the contracting provider for the EU. Data processing agreements pursuant to Art. 28 GDPR are in place with both providers.

We delete inquiries submitted via the contact form once the respective conversation with you has concluded. A conversation is considered concluded when the circumstances indicate that the matter has been finally resolved, but no later than 6 months after the last contact with you, unless statutory retention obligations dictate otherwise.

6. Newsletter

If you sign up for our newsletter via the "Subscribe for SURIRO news" form in the website footer, we use your email address to regularly send you information about SURIRO. The legal basis is your consent (Art. 6(1)(a) GDPR).

Registration takes place via a double opt-in procedure: after signing up, you will receive a confirmation email; your registration only becomes effective once you confirm the link contained in that email. You may unsubscribe from the newsletter at any time via the unsubscribe link at the bottom of each newsletter email, or by contacting data-privacy@suriro.com. Your data will be deleted after unsubscribing, unless statutory retention obligations dictate otherwise.

7. Web Analytics with Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies or comparable technologies that enable an analysis of your use of the website (including page views, time spent, technical device data, approximate location). This data is transmitted to and processed on Google's servers, in some cases in the USA.

This service is used exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Sec. 25(1) TTDSG, which you grant or decline via the cookie banner. Without your consent, Google Analytics is not loaded. Any transfer of data to the USA is based on the EU-U.S. Data Privacy Framework and/or EU Standard Contractual Clauses. Further information: https://policies.google.com/privacy.

8. Google Tag Manager

We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to centrally manage and load the analytics and marketing tools embedded on this website (including Google Analytics, Google Ads, LinkedIn Insight Tag, Meta Pixel). Google Tag Manager itself does not set any cookies of its own and does not process personal data; data processing is carried out exclusively by the individual tools loaded via Tag Manager, each of which is described in the corresponding sections of this Privacy Policy. Google Tag Manager itself is likewise only loaded after your consent via the cookie banner, since consent-requiring tools may be loaded through it.

9. Google Ads / Conversion Tracking

We use the online marketing service Google Ads and the associated conversion tracking provided by Google Ireland Limited. If Google sets a cookie, Google and we can recognize that someone has clicked on an ad and been redirected to our website. The information gathered in this way is used to compile statistics on the success of our advertising campaigns.

This processing is carried out exclusively with your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Sec. 25(1) TTDSG, which you grant via the cookie banner. Further information: https://policies.google.com/privacy.

10. LinkedIn Insight Tag and Meta Pixel

To analyze and optimize our advertising activities on social networks, we use the LinkedIn Insight Tag provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, as well as the Meta Pixel provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Both technologies enable the collection of usage behavior and, where applicable, matching to your LinkedIn or Facebook/Instagram profile if you are logged in there, as well as retargeting advertising. Depending on the marketing campaign, either the LinkedIn Insight Tag, the Meta Pixel, or both tools simultaneously may be in use.

This processing is carried out exclusively with your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Sec. 25(1) TTDSG. Any transfer of data to the USA is based on the EU-U.S. Data Privacy Framework and/or EU Standard Contractual Clauses. Further information: https://www.linkedin.com/legal/privacy-policy and https://www.facebook.com/privacy/policy/.

11. Links to Social Networks

In the website footer, we link to our profiles on LinkedIn (the SURIRO company page as well as the personal profiles of Martin Hack and Maren Kordes). These are plain hyperlinks to external pages, not embedded social media plugins. Merely clicking the linked icons does not transmit any data to LinkedIn beyond what occurs when normally visiting a linked page. Once you click through, LinkedIn's own privacy policy applies.

12. Recipients / Processors
  • Wix.com Ltd. (hosting, forms, CRM/Ascend where applicable, blog)

  • STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany (domain and email hosting)

  • Microsoft Ireland Operations Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland (Microsoft 365 / email mailboxes)

  • Google Ireland Limited (Google Analytics, Google Tag Manager, Google Ads)

  • LinkedIn Ireland Unlimited Company (LinkedIn Insight Tag)

  • Meta Platforms Ireland Limited (Meta Pixel)

Data processing agreements pursuant to Art. 28 GDPR are in place with all processors listed above, or their Standard Contractual Clauses are relied upon.

13. Retention Period

We retain personal data only for as long as necessary for the respective purposes or as required by statutory retention periods (e.g., commercial and tax law retention periods of 6 or 10 years for business correspondence related to a contract). Contact inquiries without a subsequent contractual relationship are deleted no later than 6 months after the last contact. Analytics and marketing cookies are stored for the periods set out in our Cookie Policy or until you withdraw your consent.

14. Rights of Data Subjects

Under the GDPR you have the following rights:

  • Right of access to the personal data we process about you (Art. 15 GDPR)

  • Right to rectification of inaccurate data (Art. 16 GDPR)

  • Right to erasure ("right to be forgotten", Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object to processing on grounds relating to your particular situation (Art. 21 GDPR)

  • Right to withdraw a consent already given, with effect for the future (Art. 7(3) GDPR)

To exercise these rights, please contact data-privacy@suriro.com.

15. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority. For SURIRO GmbH, this is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA), Promenade 27, 91522 Ansbach, Germany, www.lda.bayern.de. For SURIRO Monto GmbH, this is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria, www.dsb.gv.at. You may also contact the supervisory authority of your habitual residence.

16. Automated Decision-Making

No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.

17. Currency and Amendment of this Privacy Policy

This Privacy Policy is current as of July 2026. As our website evolves, or due to changed statutory or regulatory requirements, it may become necessary to amend this Privacy Policy.

bottom of page