This Privacy Statement describes how the SUSE Group ("SUSE", "SUSE Group”, "we", "us" and "our") collects and uses personal data when you visit our website and/or use our services. “Personal Data” refers to all data which relates to you personally or with which you can be identified personally, e.g. name, address, e-mail address or user behaviour. At SUSE, we believe that the Personal Data you provide to us must be kept confidential and used in a legally compliant manner.
Name and Address of the Controller:
The Controller, according to Article 4(7) of the EU General Data Protection Regulation (GDPR) is:
SUSE Software Solutions Germany GmbH
90409 Nuremberg, Germany
Phone: +49 (0) 911 74053 0
Name and Address of our Data Protection Officer:
Our legally designated Data Protection Officer ("DPO") is:
TÜV Rheinland i-sec GmbH
Am Grauen Stein
51105 Cologne, Germany
Phone: +49 (0) 221 56783 504
Personal Data collected when you use our website or services without registration:
When you are simply visiting our website for information, without registering or logging in, we may nonetheless collect data which may include Personal Data from you, through your browser, such as:
- IP address and corresponding network location
- Exact time (including timezone) of your request
- Metadata and contents of your request
- Details of your browser and operating system
Personal Data collected when you register for and use our website or services:
In addition to the Personal Data collected when you use our website or services without registration, some functions of our website and services can only be used when you register and log in. The Personal Data we collect after your registration and/or logging in can include e.g.:
- Personal details such as name, e-mail, address, telephone
- Details about your company such as company name, e-mail, job title, address, telephone
- Login credentials and related information such as security questions/answers or tokens
- Products or services you may be interested in
- Billing information (where applicable) such as credit card or bank details
- Details you provide to us in the context of an employment application (where applicable)
- Any other details you provide using our online services, such as forum contributions, comments, survey submissions, etc
Such data is processed either based on a contract (Article 6(1)(b) of the GDPR) or your consent (Article 6(1)(a) of the GDPR). For the latter, you can revoke your consent at any time by sending us an informal message to the e-mail address listed above or by modifying your preferences accordingly on our website. Data collected during the registration or, for as long as your account continues, is stored by us for as long as you are registered on our website. Should you wish to terminate your account on our website you can do so at any time by sending a request to email@example.com. Please note that terminating your account will mean you will no longer be able to use our services. Certain data such as forum contributions and comments may be retained longer. The legal basis for this processing of your data is Article 6(1)(f) of the GDPR, which allows the processing of data to ensure e.g. a functioning and usable online services such as forums. Legal retention periods shall remain unaffected. To prevent misuse of our services, your IP address and the exact time of your registration and/or logging in will also be stored. The legal basis for this processing of your data is Article 6(1)(f) of the GDPR, which allows the processing of data that is technically required to ensure a stable, secure and functioning website.
Data Transfer within SUSE Group:
We process your Personal Data solely within the SUSE Group unless we expressly inform you otherwise. The data which we process to provide services is stored solely on SUSE Group servers in Provo, Utah, USA. Transfers of, and access to, your data to SUSE Group entities around the world are all protected using Standard Contractual Clauses.
Please note, however, that when you create a SUSE account, the account is currently also valid as a Micro Focus account. In order to legitimise and safeguard your Personal Data, SUSE and Micro Focus have entered into a comprehensive Data Processing Agreement (“DPA”). If you do not wish your Personal Data to be accessible from within the Micro Focus group of companies, you may delete your SUSE account by sending a request by email to firstname.lastname@example.org.
Your rights as Data Subject
You have the following rights as a Data Subject:
- Right to information
- Right to rectification or erasure of Personal Data
- Right to restriction of processing
- Right of objection to the processing
- Right to data portability
- Right to complain to a data protection supervisory authority about our processing of your Personal Data
If you have consented to the processing of your data, you can always revoke this consent at any time. After you have expressed such a revocation to us, it will influence the permissibility of processing your personal data and may impact the services that we can provide to you.
Provided that we are basing the processing of your personal data on the need to balance interests, you can raise an objection to this processing of your data. This is the case if the processing is not required (in particular to) fulfil a contract with you, a fact which we endeavour to outline in the subsequent description of the respective functions. When exercising such a right of objection, we request that you outline the reasons why we should not process your personal data in the manner we have described. If you present to us your reasons, we shall check the circumstances and either stop and/or adjust the processing of the data, or present compelling counterarguments for continuing with the data processing.
You may also contact SUSE's Data Protection Officer (see above) or the Supervisory Authority for SUSE which is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).
SUSE Customer Center:
When you use SUSE Customer Center (“SCC”) we may collect and process certain personal data from you in order to fulfil your support subscription using the SCC website and associated channels. Such data can include your contact details (e.g. name, email, telephone, address), data concerning your support subscription (subscriptions acquired, current system status, acceptance of terms and conditions, times and durations when logged in). The legal basis of this processing is Art 6(1)(b) of the GDPR for the personal data we process that forms the basis of a contract as well as Art 6(1)(f) of the GDPR which allows the processing of data that is technically required to ensure a stable, secure and functioning website. We store such data in SCC for as long as you retain your account with us.
SUSE Customer Support:
In the course of providing customer support we may request some Personal Data from you to enable us to provide the high quality support that you expect from us. Such Personal Data can include your contact details (e.g. name, email, telephone, address) and account creation and maintenance details (e.g. username, password, security questions). We use this Personal Data in order to create and maintain your account on our Customer Relationship Management (“CRM”) systems, to allow you to file and track support incidents (e.g. through our web interface or through our live support tools), to upload error and telemetry data associated with your support incidents and to statistically evaluate the effectiveness of the support that we provide to our customers. The legal basis for this processing of your data is Article 6(1)(b) of the GDPR for the Personal Data we process that forms the basis of a contract. We keep your account related Personal Data as well as any Personal Data which you voluntarily add to the support incident for the duration of your support agreement with us. With respect to error and telemetry data (e.g. log files, memory dumps) you send to us, you must ensure that that these, under no circumstances contain Personal Data. We delete such data within 30 days after the incident is resolved and so you must take steps to back up any such data before sending it to us.
We use Salesforce Inc's cloud platform to manage our customer and potential customer portfolio. In order to do so, we must collect and process certain Personal Data from you. Such Personal Data can include your contact details (e.g. name, email), account creation details (e.g. username, password, security questions) as well as details about your relationship with us (interest in products and services, previous purchase history). The legal basis for the processing are Article 6 (1)(b) of the GDPR, Article 6 (1)(f) of the GDPR under which it is within our legitimate interests to maintain an efficient method of managing our customers as well as with consent, under Art 6 (1)(a) of the GDPR.
We use Marketo Inc's cloud platform to manage how we market our products and services to our customers and potential customers as well as to manage and administer information about our customers. In order to do so, we must collect and process certain Personal Data from you. While certain categories of Personal Data may be shared through our use of the Salesforce cloud platform, Marketo also processes Personal Data such as your interest in our products and your preferences with regard to how and when we should contact you. The legal basis for the processing are Article 6 (1)(b) of the GDPR, Article 6 (1)(f) of the GDPR under which it is within our legitimate interests to maintain an efficient method of managing our customers as well as with consent, under Art 6 (1)(a) of the GDPR.
We use the Bugzilla infrastructure for filing and tracking errata in our products and services. If you wish to use our Bugzilla interface, we will need to collect and process Personal Data from you. Such Personal Data can include your contact details (e.g. name, email) and account creation and maintenance details (e.g. username, password, security questions) as well as any Personal Data that you voluntarily transfer in the course of using the Bugzilla interface. The legal basis for this processing is Article 6(1)(b) of the GDPR for our customers and partners and Article 6(1)(f) of the GDPR for all other data subjects. While your account may be deleted, certain data may be retained indefinitely in the bug reports that you filed or commented on. The legal basis on which such data is processed is Article 6(1)(f) of the GDPR, under which we may retain data necessary for the long term functioning and availability of our primary method of maintaining and presenting errata.
We use the FATE infrastructure for filing and tracking features for our products and services. If you wish to use our FATE interface, we will need to collect and process Personal Data from you. Such Personal Data can include your contact details (e.g. name, email) and account creation and maintenance details (e.g. username, password, security questions) as well as any Personal Data that you voluntarily transfer in the course of using the FATE interface. The legal basis for this processing is Article 6(1)(b) of the GDPR for our customers and partners and Article 6(1)(f) of the GDPR for all other data subjects. While your account may be deleted, certain data may be retained indefinitely in the feature requests that you filed or commented on. The legal basis on which such data is processed is Article 6(1)(f) of the GDPR, under which we may retain data necessary for the long term functioning and availability of our primary method of maintaining and presenting features.
You can subscribe to our newsletter, through which we inform you about our products, services and offers. We rely on your consent do subscribe and fulfil your newsletter request. We use a “double opt-in" procedure to subscribe you to our newsletter. After your initial subscription, we send an email to the email address you subscribed with, requesting your confirmation (e.g. by replying to the email or clicking a link therein). If you don’t confirm the subscription within the relevant time period, your subscription request will be automatically deleted. We also store the IP address you used and the time of registration and confirmation to enable us to verify your subscription and to prevent misuse. The legal basis for this processing of your data is Article 6(1)(f) of the GDPR, which allows the processing of data for our legitimate interests, that is technically required to ensure a stable, secure and functioning website.
Your email address is mandatory and necessary both to enable verification of your subscription request and actual sending of newsletter emails to you. Any other data you send us is entirely voluntary. After your confirmation, we store your email address to send you the newsletter. The legal basis for this is Art. 6 (1)(a) of the GDPR. You can revoke your consent for the newsletter any time and also unsubscribe from it. You can perform the revocation by clicking on the link provided in each email or by modifying your preferences accordingly on our website.
We may evaluate your user behaviour when we send you the newsletter, using "web beacons" (also known as Internet tags, pixel tags or clear GIFs). These web beacons allow third parties such as us, to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page and the information in cookies set by the third party. We may link the information collected from you above with that obtained from web beacons in newsletters to:
- understand which email messages we sent may have been opened by you;
- understand how you use and interact with our products and services;
- improve our products and services.
- optimise your html email experience;
- provide you more relevant content; and
- stop contacting you if over time we can see that you are no longer opening our email messages.
If you wish to prevent the use of web beacons, you may be able to prevent the use of some web beacons by setting your email application or software to display HTML emails as text only.
DoubleClick Ad Exchange:
Through the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected through use of this tool by Google and are therefore providing you with information based on what we know: Through the integration of DoubleClick, Google receives the information that you have accessed the relevant section of our website or that you have clicked on one of our adverts. If you are registered with a Google service, Google can link the visit to your account. Even if you are not registered with Google or are not logged in, the provider may learn and store your IP address.
You can prevent participation in this tracking process in a number of ways: a) by configuring your browser software accordingly; in particular, the suppression of third-party cookies means that you will not receive adverts from third-party providers; b) by disabling the cookies for conversion tracking, by setting your browser to block cookies from the domain "googleadservices.com", at https://www.google.com/settings/ads; this setting is deleted if you delete your cookies; c) by disabling interest-related adverts from providers who are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices; this setting is deleted if you delete your cookies; d) by permanently deactivating your Firefox, Internet Explorer or Google Chrome browser at the link http://www.google.com/settings/ads/plugin. Please note that in this case, you may not be able to use fully all the functions on this website.
The legal basis for the processing of your data is Art. 6(1)(1)(f) GDPR. Further information on DoubleClick by Google is available at https://www.google.com/doubleclick, and on data protection in general at Google: https://www.google.com/intl/en/policies/privacy . Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Social media plug-ins:
We currently use the following social media plug-ins on our website:
We use the two-click solution. This means that when you visit our site, no personal data is sent initially to the plug-in providers. You can identify the provider of the plug-in by the marking on the box, via the provider’s initial letters or logo. We give you the opportunity to communicate directly with the plug-in provider via the button. The plug-in provider will receive the information that you have visited the relevant page on our website only if you click on the marked field and thereby activate it. In addition, the data specified in Part 1, Section 3 of this policy will be transmitted. In the case of Facebook and Xing, according to these providers, the IP address is anonymised immediately after being collected in Germany. When the plug-in is activated, your personal data is therefore sent to the relevant plug-in provider and stored there (in the case of US providers, in the USA). Because the plug-in providers carry out data collection using cookies, we recommend deleting all cookies via the security settings in your browser before clicking on the greyed-out box.
We have no influence on the data collected or on the data processing operations, nor do we know the full scope of the data collection, the purposes of the processing or the retention periods. We also have no information regarding the erasure of the collected data by the plug-in providers.
The plug-in provider stores the data collected regarding you as usage profiles and uses these for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such use is carried out (including for users who are not logged in) for the purposes of displaying appropriate advertising and informing other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact the relevant plug-in provider. Via the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve the experience we offer and make it more interesting for you as a user. The legal basis for the use of plug-ins is Art. 6(1)(1)(f) GDPR.
The data transfer takes place irrespective of whether you have an account with the plug-in provider and are logged into your account. If you are logged into your account with the plug-in provider, your data collected on our website will be linked directly to this account. If you click on the activated button and e.g. link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend regularly logging out after using a social network, before activating the button, as in this way you can prevent a link being made by the plug-in provider to your profile.
Further information on the purpose and scope of the collection and processing of data by the plug-in provider is available in the privacy policies of these providers listed below. In these privacy policies, you can also find further information on your associated rights and setting options for protecting your privacy.
Addresses of the relevant plug-in providers and URLs for their privacy policies:
Google Ireland Limited, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland https://www.google.com/policies/privacy/partners/?hl=en . Google has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo . Facebook has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Integration of YouTube videos:
We may integrate YouTube videos in our website. These videos are stored on http://www.youtube.com and can be played directly from our website. The videos are all integrated in "enhanced data protection mode", meaning that no data regarding you as a user is transmitted to YouTube if you do not play the videos. The data specified in paragraph 2 is transmitted only when you play the videos. We have no influence over this data transmission.
Through the visit to the website, YouTube receives the information that you have accessed the relevant page on our website. In addition, the data specified in Part 1, Section 3 of this policy will be transmitted. This takes place irrespective of whether you have a user account with YouTube that you are logged into or whether no user account exists. If you are logged in on Google, your data will be linked directly to your account. If you do not want your data to be linked to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact YouTube.
SUSECON Digital 2020:
SUSECON is SUSE's annual conference. Due to the COVID19 pandemic, SUSECON 2020 will take place digitally. You can register for SUSECON Digital 2020 at SUSE's dedicated website https://www.susecon.com. For the purposes of processing your registration and to provide the services relating to your SUSECON Digital 2020 account as well as ensuring that you can participate in SUSECON, we must process certain Personal Data.
The categories of Personal Data that we process to enable your participation in SUSECON Digital 2020 are your contact details (name, email address, phone number, mailing address, emergency contact number) as well as information such as your audiovisual/mobility needs, technology certifications and your interest in SUSE technology. Any Personal Data that you share via the various communication channels provided as part of SUSECON Digital 2020 may also be processed – we highly discourage you from sharing any special categories (see Article 9 GDPR) of Personal Data.
To enable your participation in SUSECON Digital 2020 we typically process your Personal Data under Art 6 1(f) GDPR. It is within our legitimate interests, in enabling your participation in SUSECON Digital 2020, to process such Personal Data as is necessary to provide the digital conference. To balance our legitimate interests with your interests, we seek to keep the Personal Data that we process to a minimum and we have ensured that any processors which we use to provide SUSECON Digital 2020 are also bound to ensuring your Personal Data is processed in a GDPR compliant manner.
For certain services provided as part of SUSECON Digital 2020, such as the SUSECON Digital 2020 newsletter and update mailings, we rely on your consent (Art 6 1(a) GDPR) and we ask for this before your Personal Data is processed for such purposes. You may withdraw your consent to receiving such mailings at any time (without affecting your participation in SUSECON Digital 2020) using the unsubscribe link that is included in all such mailings.
You will be given the option to opt-in for communication from all conference sponsors. This opt-in will be considered consent for your Personal Data to be shared with those sponsors. In addition, if you choose to access content from individual SUSECON Digital 2020 sponsors (recorded sessions, keynotes, downloadable material, etc.) that sponsor will be provided with the Personal Data collected from you during the conference registration process. This policy will be clearly stated during the registration process and is reiterated on sponsor pages within the SUSECON Digital 2020 site. You are not required to access sponsor content or otherwise provide your information to sponsors in order to participate in SUSECON Digital 2020.