Privacy Policy

May 04, 2023 — Version 1.1

1.

General Information regarding Data Processing

1.1.

This privacy policy describes the collection and use of personal data in connection with the use of our Website and our products in accordance with the requirements of the General Data Protection Regulation ("GDPR"). Processing activities that are not covered by this privacy policy may be supplemented by further privacy policies that shall apply separately.

1.2.

Summie as Data Controller
Controller pursuant to the GDPR is

Solid Rock Ventures UG haftungsbeschränkt ("we/us" or "Summie")
Hofener Straße 55
74357 Bönnigheim
Germany

You can reach us:

  • by mail at:
    Solid Rock Ventures UG haftungsbeschränkt,
    Hofener Straße 55,
    74357 Bönnigheim, Germany

  • or by e-mail at: privacy@summie.ai

1.3.

Scope of Data Processing
Personal data are any information relating to an identified or identifiable natural person. Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data ("General Data Protection Regulation", GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).

1.4.

Your Rights
In accordance with the statutory provisions, you as the data subject have the following rights:

  • the right to access,

  • the right to rectification or erasure,

  • the right to restriction of processing,

  • the right to data portability,

  • If you have provided us with your personal data on the basis of a consent, you could withdraw the consent at any time with effect for the future,

  • You may object to the processing of your personal data, if your personal data are processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation.

To exercise these rights named above you may contact us at any, for example via email to privacy@summie.ai.

You have also the right to lodge a complaint with a supervisory authority at your choice (for example: Beauftragte für Datenschutz und Informationsfreiheit Baden Württemberg https://www.baden-wuerttemberg.datenschutz.de).

An overview of the Data Protection Authorities may be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

1.5.

Storing and Deleting Data
The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.

1.6.

Profiling and automated decision making
We do not use automated decision-making including profiling when processing data concerning our Website.

1.7.

Data Security
Summie is committed to ensuring the security of your personal data. To prevent unauthorized access, disclosure, or alteration of the information we collect, we have implemented a variety of technical and organizational measures. These measures include, but are not limited to:

  • Encryption: We use encryption technologies, such as Secure Socket Layer (SSL) certificates, to protect the transmission of your personal data when you interact with our website and services. This helps ensure that the data is transferred securely between your server and our systems.

  • Access Controls: We restrict access to your personal data to authorized personnel who have a legitimate need to access and process the information. All staff members with access to your data are trained on data protection and are bound by confidentiality agreements.

  • Regular Security Reviews: We regularly review and update our security practices to ensure they remain effective in protecting your personal data from unauthorized access, disclosure, or alteration. This includes conducting periodic risk assessments and implementing necessary improvements.

  • Incident Management: We have established a robust incident management process to identify, investigate, and respond to potential security breaches in a timely manner. In the event of a data breach, we will notify the relevant data protection authorities and affected individuals as required by applicable laws.

By employing these measures, we strive to maintain a high level of data security and protect your personal data from unauthorized access, disclosure, or alteration.

1.8.

Data Processing by Third Parties
We may use third party service providers that process your data for the purposes named in this privacy policy. We process your personal data by using third party providers in the EU and the USA, whereas data protection standards applicable in the EU are ensured and DPAs (data processing agreements) exist with every third party provider.

2.

Scope of Application and General Provisions

2.1.

Server Logs

Nature and purpose of data processing
We collect data on each visit to our Website (so-called Server log files), which include:

  • Name of the Website visited,

  • date and time of the visit,

  • data amount transferred,

  • information on a successful call,

  • browser type as well as version,

  • operating system of the user,

  • referrer URL (the page visited before),

  • IP address and the requesting provider

as well as the following, if a mobile end device is being used:

  • country code,

  • language,

  • name of device,

  • name and version of operating system.

We use these server log files only for statistical evaluations for the purpose of optimizing our services and in order to guarantee the stability and operational security of the Website.

Legal basis
When personal data (such as the IP-address) are stored the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and Website security.

Recipients
Recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Storage duration
The log files and IP addresses of Website visitors, which we process as described below, are deleted within 30 days.

2.2.

Newsletter

Nature and purpose of data processing
When registering for the newsletter, you have to provide an email address and your name. In our newsletter we inform you about our services and products also described on our Website. In case of registration for the newsletter we also store the IP address, the device name, the mail provider as well as the user's first and last name and the date of registration. We also analyze how users consume our newsletter. This includes tracking of newsletter openings and how the newsletter is consumed.

Legal basis
The data processing for sending and analyzing our newsletters as described above is based on your consent (Art. 6 (1) a GDPR).

Recipients
Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries
Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration
We will process your personal information until your consent is revoked.

Revocation of consent
If you do not want to receive any newsletters by us in the future and/or wish to object to the analysis of your data through such newsletters, please use the "unsubscribe" link contained in each newsletter or send us an email to privacy@summie.ai. In doing so, you will no longer receive any newsletter emails from Summie.

2.3.

Waiting List

Nature and purpose of data processing
To sign up for our waiting list, you will be asked to provide your name and email address. Registered persons will receive updates and notifications regarding new products and services before all other users.

Legal basis
The data processing for sending and analyzing our waiting list as described above is based on your consent (Art. 6 (1) a GDPR).

Recipients
Recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Storage duration
We will process your personal information until your consent is revoked or until the end of the testing period.

Revocation of consent
If you do not want to be part of the waiting list anymore and/or wish to object to the tracking of your data through the waiting list, please use the "unsubscribe" link contained in each waiting list email or contact us by email at privacy@summie.ai. In doing so, you will no longer be part of the waiting list and not receive any further emails from Summie.

2.4.

User Surveys

Nature and purpose of data processing
We sometimes perform online surveys related to our products in order to gain insights and improve our services. Generally, when completing our surveys the data entered with respect to various questions about your age, preferences and opinions in various possible fields, will be stored in an anonymized form. This means that such information will never be stored or brought in connection with any personal identifiable information, such as name or email address. However, in specific instances in particular related to waiting list subscribers or testers of our products or services we may wish to tie the above mentioned information to your person, to gain more insights specific to your experience. We will always make it clear to our users when surveys will not be anonymized. Where you have the opportunity to participate in a lottery for a prize, or if we offer gifts to participants of our surveys, we need to process your email address for these purposes. However, as described above, your email address will be submitted to us separately by our service provider and we have no way of connecting it to questions answered.

Legal basis
The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients
Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Retention period
We will process answers to your questions until your consent is revoked. Your email address will be deleted no later than 6 weeks after participating in a survey.

Revocation of consent
You may withdraw such consent with effect for the future at any time via email to privacy@summie.ai.

2.5.

Contacting Us

Nature and purpose of data processing
If you send us an e-mail, your contact data, name, email address and other data provided respectively, are processed by us in order to deal with your inquiry or to be able to contact you at a later time for follow up questions.

Legal basis
These data are processed only on the basis of our legitimate interests to offer efficient communications channels to the public (Art. 6 (1) f. GDPR), or on the basis of initiating a or communicating under an existing business relationship (legal basis Art. 6 (1) b. GDPR).

Recipients
Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

3.

Scope of Application and General Provisions

3.1.

Registration and Sign-in

Nature and purpose of data processing
When you register for an account or sign-in to an existing account, Summie needs to process certain personal data such as Profile data (name, email address) IP address, and Company Data. We will also communicate with you via your email address.

Legal basis
The data processing for creating or accessing your account as described above is based on and necessary for fulfilling a contract (Art. 6 (1) b GDPR).

Recipients
Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

3.2.

Payment Processing

Nature and purpose of data processing
When processing and monitoring payments for paid services, also through Apple App Store or the Google Play Store, you need to provide us with certain information that may contain personal information, such as Profile Data, Company Name, VAT Company Address, so that we can process your payment.

Legal basis
The data processing for creating or accessing your account as described above is based on and necessary for fulfilling a contract (Art. 6 (1) b GDPR).

Recipients
Recipients of the data are service providers in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries
Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration
We will process your personal information only as long as we need to or until you delete your account. However, given applicable tax laws, usually we will keep records of payments for 10 years.

3.3.

Basic Customer Support

Nature and purpose of data processing
You can send in requests to customer support for troubleshooting or bugs they may find when using the service. In order to answer basic customer support requests, which do not include access to your files, we use profile data, and usage Data (logfiles, device data), as well as company data to answer your query.

Legal basis
When personal data are processed the legal basis for this is Art. 6 (1) b. GDPR and it is based on the fulfillment of our service contract.

Recipients
Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

3.4.

Customer Support with File Access

Nature and purpose of data processing
You can send in requests to customer support for troubleshooting or bugs they may find when using the service. In order to answer specific customer support requests, we may need access to your files and any information stored therein, as well as use profile data, and usage Data (logfiles, device data), as well as company data to answer your query.

Legal basis
The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients
Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Storage duration
If personal data like an audio recording or a screenshot is shared with us, we delete it as soon as the issue is resolved.

Withdrawal of Consent
You may withdraw such consent with effect for the future at any time via email to privacy@summie.ai.

3.5.

Error Logging

Nature and purpose of data processing
We use services to track errors in Summie and monitor the availability of the service. In order to do this, we need to process the following information: profile data and usage data (logfiles, device data). We do this with the intention to improve our services for our customers.

Legal basis
When personal data are processed the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and app security.

Recipients
Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

3.6.

App-Analyses and Error Reporting

Nature and purpose of data processing
Apple and/or Google may share anonymised usage data of our apps with us - such as information on installs, sessions, devices as well information on crashes within the respective ecosystem - provided that you granted your permission to these respective services to share certain anonymised data. We use this information to get a better understanding of how the product is used, and how to improve it. You can find more information under the following two links: Privacy of App Store of Apple Inc. and Google Play Store Privacy of Google Inc.

Legal basis
When personal data are processed the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and app security.

Storage duration
As Apple and Google is bound by your permission, you need request data deletion or revoke your permission with these two companies.

4.

Data Processing on our Social Media Pages

4.1.

We operate pages on the following social media channels:

  • Facebook: facebook.com or mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy: https://www.facebook.com/policy.php,

  • Instagram: instagram.com or mobile app by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy: http://instagram.com/about/legal/privacy/,

  • Twitter: twitter.com or mobile app by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, please also refer to privacy policy: https://twitter.com/en/privacy,

  • LinkedIn: linkedin.com or mobile app by LinkedIn Corporation, Legal Department -- Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA / LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please also refer to: https://www.linkedin.com/legal/privacy-policy.

When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party. The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such a provider has direct access to the relevant information on the social media page and the processing of your data. However, you are also welcome to contact us if this should become necessary and we will then forward the request to them.When using Facebook, Instagram, Twitter, or LinkedIn data may also be processed outside the EU. Data Processing and Legal BasisWith our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to answer or communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place.Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyze and improve their services.Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 (1) a, b GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 6 (1) f GDPR).

4.2.

Cookies
We do not use cookies on our Website or web-based service.

4.3.

Questions?
For further information you may contact us any time, for example via email at privacy@summie.ai.