Menu
Language
Industries
Solutions
Learn more
About
We are firmly committed to protecting the privacy and security of your data. Therefore, we have designed our website and business processes with the aim of collecting and processing as little personal data as possible. This privacy policy explains which information we record during your visit to our website and our cloud platform and for which purposes and how this information is used.
This privacy policy was last updated in August 2023.
“We” or “us” in this privacy policy refers to VERSO GmbH, Agnes-Pockelsbogen 1, 80992 Munich, Germany and specifically to sustainabill branded products and services.
This privacy policy applies to the processing of personal data collected via our websites under sustainabill.de and cloud.sustainabill.io and we are the controller in this regard.
For any question regarding data protection, you can reach us at: privacy@sustainabill.de
If you provide data via the contact form, we will use this data only to comply with your request (legal ground may be Art. 6 Sec. 1 Clause 1 (a), (b) or (f) of the European General Data Protection Regulation, “GDPR“).
If you subscribe to our newsletter, we will store the given contact details for the purpose of delivering the newsletter (legal ground is Art. 6 Sec. 1 Clause 1 (a) or (b) GDPR). You will remain registered to receive the newsletter until you opt out. Each newsletter includes a link enabling you to opt out from the newsletter subscription. You may further opt out at any time with effect for the future by letting us know you wish to object or to withdraw your consent (see Sec. 8 below). If you opt out we will delete your data, unless we are entitled or obliged to further retain your data.
I. REGISTRATION / LOG-IN:
When you register your organization with us (i.e., the sustainabill platform, available under cloud.sustainabill.io), you must agree to our License Agreement and Terms of Use. Besides, we need information to set up and manage your organization’s account. This information is provided by you and includes, for example, your name, the name of your organization, your email address and password as well as (further) contact and payment details. We process this information to enter into and fulfil the agreement with your organization and reply to your requests (Art. 6 Sec. 1 Clause 1 (b), (c) and (f) GDPR). Particularly your email address will be used for log-in access to your account and to inform you about updates in the sustainabill platform which are relevant for the performance of the agreement with your organization (Art. 6 Sec. 1 Clause 1 (b) and (f) GDPR).
II. USAGE OF THE SUSTAINABILL PLATFORM:
When you use the sustainabill platform, we process information about you in our role as data processor on behalf of your organization in its role as data controller, i.e. we process your personal data to the extent necessary for the performance of the agreement with your organization (Art. 6 Sec. 1 Clause 1 (b) and (f) GDPR). Such personal data may include information entered by you when you log into your account (for example, your name and email address), contents of correspondence with you as well as your usage of the sustainabill platform, including the contents of the correspondence between yourself and others. Your organization is responsible for the processing of your personal data in the sustainabill platform. It may, for example, grant or withdraw access to a feature, access, analyse, modify, export, share and/or remove the data in the sustainabill platform and/or otherwise apply its policies to it. Please refer to your organization for further details.
III. INVITATION TO THE SUSTAINABILL PLATFORM AND/OR CONTACT DETAILS PROVIDED BY OUR CUSTOMERS
Customers may invite suppliers to the sustainabill platform which are not yet registered with us. If you are a supplier contact, you may receive such invitation. Alternatively, customers may ask you to allow them to share your data (address of your organizations as well as your contact details) on the sustainabill platform. For these purposes, VERSO acts as a data processor of the respective customer in the sense of Art. 4 Sec. 8, 28 GDPR. If VERSO intends to process your personal data beyond its role as the customer’s data processor, VERSO will inform you accordingly and will obtain your consent (Art. 6 Sec. 1 Clause 1 (a) GDPR) to such processing, if necessary.
Each time you visit our websites under sustainabill.de or our cloud platform under cloud.sustainabill.io, our web servers automatically process standardised information in a log file. This information includes but is not limited to the IP address and your internet access provider, the specific address of the visited web pages, possibly the web page from which you were directed to us (link source), the version and type of the web browser used, the operating system of your device, as well as the date and time of page requests. We partly require this information for technical reasons, i.e. in order to be able to display our website and ensure stability. In addition, we store IP addresses in log files to be able to pursue our rights and restore IT security in case of an attack against our IT (our legitimate interest; Art. 6 Sec. 1 Clause 1 (f) GDPR). For this reason, such data will be held for 14 days. We will not use this information for purposes other than those. We do not share this information with third parties. With the exception of your IP address, it is not possible for us to connect the log files information to you as a person. We only use IP addresses in log files for identification of users in case of an attack.
We use cookies on our websites under sustainabill.de. A cookie is a small piece of data (usually a code or a small image file) send from our websites and stored on your device by your web browser while you are browsing. It allows recognition of your device when you are browsing on our websites. You may block and delete cookies via the settings of your web browser or choose settings to indicate when a cookie is being sent. Furthermore, when you visit our websites, a cookie banner will inform you about our usage of cookies and enable you to agree to or block them.
| sustainabill Platform ([api.]cloud.sustainabill.io) | Website (sustainabill.de) |
| Bespoke analytics (all analytics data is stored on Open Telekom Cloud in Germany as securely as our platform data) | – |
| – | Google Analytics via Google Tag Manager |
| – | LinkedIn Insight Tag |
The sustainabill platform utilizes map services provided by Mapbox Incorporated, (short “Mapbox”). If you are using our cloud platform, VERSO transfers your organization’s address or GPS coordinates to Mapbox. In addition, when you access those parts of the platform which provide a map, your internet browser or application will connect to servers operated by Mapbox located in the United States of America. In order for the map to be displayed, your IP address will be forwarded to Mapbox and a session cookie (i.e. a temporary cookie which allows Mapbox to link the actions of a user during a browser session) may be set. The use of the aforementioned tools is based on Art. 6 Sec. 1 Clause 1 (f) GDPR: the data processing is done to improve the user-friendliness on the sustainabill platform and is in the interest of an appealing presentation of our services. It is therefore in our legitimate interest. VERSO has no control over such connections and processing of the aforementioned data by Mapbox. You can find more information on the processing of user data by Mapbox under the following link: https://www.mapbox.com/legal/privacy/. To prevent all of the connections and processing described above, use the settings feature in your sustainabill platform profile and turn off displaying maps. See Annex 1 (Subcontractors and Service Providers), [2] for additional details.
The sustainabill platform and the sustainabill website uses emails to communicate with you or your suppliers. To make sure that emails are delivered we use the technology of Mailjet SAS. This use of is based on Art. 6 Sec. 1 Clause 1 (f) GDPR: It is in our legitimate interest that emails are delivered and any problems with delivery (such as typing errors in email addresses or misuse) can immediately be identified and rectified. Mailjet will process any email address entered in the sustainabill platform or the sustainabill website to make sure that the email can be delivered. You can find more information on the processing of this data by Mailjet SAS under the following link: https://www.mailjet.com/security-privacy/. See Annex 1 (Subcontractors and Service Providers), [3] for additional details.
Whenever a email is sent to the aforementioned address this email is processed by our partner freshworks and stored in the ticketing system freshdesk. We use freshdesk to process your issues efficiently and make sure that our support agents can give you the best possible user experience when resolving your issues. All freshdesk data is stored securely in the EU.
On some forms on our website we add a Google Captcha to ascertain that the forms are likely filled by humans. This helps us to reduce the amount of spam and marketing emails send via our website.
Unless specified otherwise in the above, we delete your personal data when the contract between your organization and us ended, all claims have been met and we are neither obliged to further store your data (for example, due to statutory retention obligations) nor entitled to further store your data (for example, based upon consent).
We do not disclose or otherwise transfer your personal data to any third party without your prior consent except in the following situations:
5.1 We use third party IT providers in order to provide our services. Such providers act as our processors within the meaning of Art. 28 GDPR. Amongst others, we use the Telekom Deutschland GmbH’s Open Telekom Cloud to store and process all customer data. Telekom Deutschland GmbH itself stores and processes all data in Germany. Your data will leave the borders of Germany under no circumstances. See Annex 1 (Subcontractors and Service Providers), [1] for additional details.
5.2 We use services of third parties which are as such not part of our contractual services but still necessary in order to enter into or perform the contracts with our customers or to pursue claims or to defend against claims (our legitimate interests) and which require a disclosure/transfer of the data. Such third parties include advisors (in particular tax and legal advisors), providers of logistics and postal services, payment and claims management providers, courts and public authorities. In such case, the legal ground for disclosure/transfer is Art. 6 Sec. 1 Clause 1 (b), (c) or (f) GDPR.
5.3 The disclosure/transfer is necessary for compliance with a legal obligation to which we are subject (Art. 6 Sec. 1 Clause 1 (c) GDPR).
To protect your personal data against unauthorized access, loss and misuse, we have taken extensive technical and operational security precautions. Our security procedures are regularly reviewed and adapted to technological progress. Our employees are under obligation to maintain confidentiality.
We will conduct appropriate reviews of this privacy policy and will work to continuously improve it and revise it as necessary. Any changes made to the policy will be disclosed directly to users and/or posted on our websites.
8.1 Right to access the personal data we process about you
8.2 Right to rectification of your personal data
8.3 Right to erasure (“right to be forgotten”)
8.4 Right to restriction of processing
8.5 Right to data portability
8.6 Right to object: you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our legitimate interest, including profiling based on this. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to such processing, which includes profiling to the extent that it is related to such direct marketing.
8.7 To the extent we process your personal data based on your consent, you may withdraw such consent at any time. In such case, we shall no longer process the personal data, unless we are obliged or entitled to further process the personal data based on another legal ground.
8.8 Furthermore, you have the right to lodge a complaint with a supervisory authority. A list of supervisory authorities in Germany and their contact details you may find under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Please do not hesitate to contact us if you have any further questions, for example concerning the personal data recorded. You may use the following email: privacy@sustainabill.de.
| Company | Processing Location | Type of Service | Reason for Service/ Adequacy Decision / Appropriate Safeguards |
| Telekom Deutschland GmbH Landgrabenweg 151 53227 Bonn | Germany | Infrastructure and data storage (Platform only) | All sustainabill platform data is stored with OTC in Germany. No platform data will ever be transferred to a third country. |
| Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA | Germany* *other servers in the European Union may be used | Emails and data storage (Platform and website) | We use Office 365 to send and receive emails, make video calls, and store internal as well as customer data which is not processed in the sustainabill platform (e.g., data to be imported, bespoke customer projects). Office 365 is fully GDPR compliant. |
| Raidboxes GmbH Hafenstraße 32 48153 Münster | Germany | Infrastructure (Website only) | Our website is hosted with Raidboxes GmbH in Germany. This includes data such as IP connections of clients and email adresses of newsletter subscribers. |
| Pipedrive OÜ Mustamäe tee 3a 10615 Tallinn Estland | Germany | Customer Relationship Management (Website forms) | We use Pipedrive for customer care. Pipedrive ensures an adequate level of data protection, for example, by Implementing standard data protection clauses issued by the European Commission for the transfer of personal data (Art. 46 GDPR). |
| Mailjet SAS 13-13 bis, rue de l’Aubrac – 75012 Paris, France | Ireland, Belgium, Germany | Outgoing emails (Platform and website) | We use Mailjet to send outgoing emails, e.g. to invite new platform users or to sent newsletters. Mailjet is a GDPR Compliant subprocessor located in the European union. The Mailjet SAS Privacy Policy can be found at: https://www.mailjet.com/privacy-policy/ |
| Freshworks GmbH Freshworks Inc. 2950 S. Delaware Street Suite 201 San Mateo, CA 94403 USA | European Economic Area | Support workflows. Incoming and outgoing emails to support mailboxes (Support only) | We use Freshworks’ Freshdesk to improve the customer experience when customers engage with our support team. Freshdesk supports us to answer customer requests timely and to make sure our support agents are always informed about the status of all open support requests. |
| Mapbox, Incorporated 5th Floor 740 15th Street Northwest Washington, DC 20005 (Communication to Mapbox inc. can be disabled in the sustainabill settings) | United States of America, GDPR Compliant | Maps and Geolocation (Platform only) | The sustainabill platform uses Mapbox to make it convenient for users to search for addresses and display supplier locations on a map. To enable address searches, we send transfer queries (e.g. “Mediapark 5, Cologne”) to Mapbox. To display a map in the sustainabill plattform, we have to transfer the users IP address to mapbox as a technical necessity. We employ the “need to know” principle, that is no additional personal or company data is transferred. The Mapbox Privacy Policy can be found at: https://www.mapbox.com/legal/privacy |
| Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. | United States of America, GDPR Compliant | Analytics (Website only) | Google Analytics is integrated via the Goolge Tag Manager to analyze and improve the performance of our website as well as understand how we can improve our services. Google CAPTCHA is used to protect us from spam. For both services all technical measures have been taken to transfer only anonymized data to Google Inc. wherever possible. |
| LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland | United States of America, GDPR Compliant | Conversion Tracking and Retargeting (Website only) | Our website uses the LinkedIn Insight Tag for conversion tracking of our advertising campaigns. A cookie is stored to identify clicks and conversion measurements of our LinkedIn ads. The information is transferred to LinkedIn’s servers and not shared with third parties. You can prevent this by setting your browser to not store cookies. |
Ensure sustainable sourcing
The sustainabill cloud platform helps companies to create transparency in supply chains and thus manage risks, achieve social compliance, and mitigate climate impacts.
Industries
Solutions
About
Legal
Social
© 2024 sustainabill
