Privacy Policy

1 Privacy at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.

Data Collection on This Website

Who is responsible for collecting data?

Data processing on this website is carried out by the website operator. Their contact details can be found in the section "Data Controller" of this privacy policy.

How do we collect your data?

Your data is collected in part by you providing it to us — for example by entering it in a contact form. Other data is collected automatically or with your consent when you visit the website, by our IT systems. This is mainly technical data (e.g. internet browser, operating system, or time of page request).

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the data transmitted is also processed for contract offers, orders, or other order requests.

2 Hosting

IONOS

We host our website with IONOS. The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. When you visit our website, IONOS collects various log files including your IP addresses.

For details, please refer to the IONOS privacy policy: ionos.de/terms-gtc/terms-privacy

The use of IONOS is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website.

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with IONOS. This ensures that IONOS processes the personal data of our website visitors only on our instructions and in compliance with the GDPR.

3 General Information and Mandatory Disclosures

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

Data Controller

Retention Period

Unless a more specific retention period is mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing it.

Legal Basis for Data Processing

If you have given consent to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, if special categories of data are processed.

Withdrawal of Consent

Many data processing operations are only possible with your express consent. You can revoke consent already given at any time. The legality of data processing carried out up to the point of revocation remains unaffected by the revocation.

Right to Lodge a Complaint with a Supervisory Authority

In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged breach. The competent supervisory authority for Suppora GmbH is the State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to yourself or to a third party in a common, machine-readable format.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser address bar changes from "http://" to "https://" and by the lock symbol in your browser bar.

4 Data Collection on This Website

Cookies

Our website uses what are known as "cookies". Cookies are small data packets and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies).

Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested are stored on the basis of Art. 6(1)(f) GDPR.

Consent with Borlabs Cookie

Our website uses the consent technology of Borlabs Cookie to obtain your consent to the storage of certain cookies. The provider is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany.

Details on data processing: Borlabs Cookie documentation

Inquiries by Email, Phone, or Contact Form

If you contact us by email, phone, or via the contact form, your inquiry — including all personal data resulting from it (name, request) — will be stored and processed for the purpose of handling your concern.

The processing of this data is based on Art. 6(1)(b) GDPR, provided your inquiry is related to the performance of a contract or is necessary to carry out pre-contractual measures.

Communication via WhatsApp

We use the instant messaging service WhatsApp for communication with our customers. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Communication takes place using end-to-end encryption. However, WhatsApp has access to metadata generated during communication.

Details: WhatsApp Privacy Policy

HubSpot CRM & Contact Form

We use HubSpot for our CRM system and the processing of contact form inquiries. The provider is HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA. HubSpot is certified under the EU-US Data Privacy Framework.

When you use our contact form, your data is transmitted to HubSpot and stored there. The processing is based on Art. 6(1)(b) GDPR (contract performance) or Art. 6(1)(f) GDPR (legitimate interest in efficient customer communication).

Details: HubSpot Privacy Policy

Microsoft Bookings

On our website you can schedule appointments with us. For appointment booking we use Microsoft Bookings. The provider is Microsoft Ireland Operations Limited, Dublin, Ireland.

Details: Microsoft Privacy Statement

5 Social Media

Facebook

Elements of the social network Facebook are integrated on this website. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland. When the social media element is active, a direct connection is established between your device and the Facebook server. Use is based on your consent pursuant to Art. 6(1)(a) GDPR.

Details: Facebook Privacy Policy

Instagram

Functions of the service Instagram are integrated on this website. The provider is Meta Platforms Ireland Limited, Dublin, Ireland.

Details: Instagram Privacy Policy

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland. Each time a page of this website that contains LinkedIn elements is accessed, a connection to LinkedIn servers is established. Use is based on your consent pursuant to Art. 6(1)(a) GDPR.

Details: LinkedIn Privacy Policy

6 Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Dublin, Ireland. Google Tag Manager does not create user profiles of its own and does not store cookies. It serves exclusively to manage and deliver the tools embedded through it.

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited, Dublin, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. Use is based on your consent pursuant to Art. 6(1)(a) GDPR.

You can prevent the collection of your data by Google Analytics by installing the following browser plug-in: Google Analytics Opt-out

WP Statistics

This website uses the analytics tool WP Statistics. The data collected by WP Statistics is stored exclusively on our own server. We use WP Statistics with anonymized IP.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited. Use is based on your consent pursuant to Art. 6(1)(a) GDPR.

Details: Google Privacy Policy

7 Newsletter

Newsletter Data

If you would like to receive the newsletter offered on the website, we need an email address from you as well as information that allows us to verify that you are the owner of the email address provided.

Processing of the data entered into the newsletter signup form is exclusively based on your consent (Art. 6(1)(a) GDPR). You can revoke consent given for the storage of the data, the email address, and its use for sending the newsletter at any time — for example via the "unsubscribe" link in the newsletter.

8 Plugins and Tools

Ninja Firewall

We have integrated Ninja Firewall on this website. The provider is NinTechNet Limited, Hong Kong. Ninja Firewall protects our website against unwanted access or malicious cyberattacks. To this end, Ninja Firewall records IP address, request, referrer, and time of the page request.

Google Fonts (locally embedded)

This site uses Google Fonts for the consistent display of typefaces. The fonts are installed locally on our server. No connection is made to Google servers.

Font Awesome (CDN)

We use Font Awesome via the Cloudflare CDN. This may establish a connection to servers of Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. Details: Cloudflare Privacy Policy

9 Audio and Video Conferencing

Data Processing

We use online conferencing tools for communication with our customers. When you communicate with us via video or audio conference, your personal data is collected and processed by us and by the provider of the respective conferencing tool. The conferencing tools collect all data you enter to use the tools (email address, phone number) as well as metadata such as conference duration and participant count.

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, Dublin, Ireland. Microsoft holds certification under the EU-US Data Privacy Framework (DPF).

Details: Microsoft Privacy Statement

10 Our Services

Handling of Applicant Data

We offer you the opportunity to apply with us (e.g. by email, post, or via online application form). The following information describes the scope, purpose, and use of personal data collected from you during the application process.

Scope and Purpose of Data Collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes from job interviews etc.) insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is § 26 BDSG (German Federal Data Protection Act) and Art. 6(1)(b) GDPR.

Retention Period for Applicant Data

If we are unable to make you a job offer, we reserve the right to retain the data you have transmitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months after the end of the application procedure.

11 OperoGuide SaaS Service

Service Description

OperoGuide is an AI-powered assistant for JD Edwards EnterpriseOne users. The service processes user queries based on uploaded documentation and provides context-aware answers.

Account Data

When you register for OperoGuide we collect: name and email address, company name (optional), password (stored encrypted), and account settings. Processing is based on Art. 6(1)(b) GDPR (contract performance).

Uploaded Documents

Documents you upload to OperoGuide are securely stored on servers in Germany (IONOS), processed for text extraction and creation of searchable embeddings, accessible exclusively to authorized users within your organization, and deleted on request or upon account closure.

Query Processing

When you submit a query to OperoGuide: query contents are NOT stored. We store neither your questions nor the AI responses. Only metadata is logged: message length, response length, timestamp, and source count. Query counters are tracked to enforce plan limits.

Usage Statistics

We collect anonymized usage statistics to improve our service: number of queries per user/organization, feature usage patterns, and performance metrics. This data is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest).

Audit Logs (Business plans and higher)

For compliance purposes, audit logs record: sign-in and sign-out events, document uploads and deletions, user management actions, and security events (failed logins, 2FA changes). Audit logs are retained for 90 days and do not contain query contents.

12 AI Processing

Use of Large Language Models

OperoGuide uses AI technology hosted at IONOS to process your queries. When you submit a query, your query and relevant document excerpts are sent to the AI model. The AI generates an answer based on your documents. All processing takes place on servers within the European Union.

Data Transmission

During AI processing the following data may be transmitted: the text of your query, relevant excerpts from your uploaded documents, and conversation context (for multi-step conversations). This data is transmitted over encrypted connections (TLS 1.3) and is not stored by the AI provider after processing.

Data Location

All AI processing for OperoGuide takes place on infrastructure in Germany or the European Union. No data for AI processing is transferred outside the EU.

13 Sub-Processors

We use the following data processors for the provision of our services:

All sub-processors are contractually obligated to protect your data in accordance with GDPR requirements. For US-based processors we rely on the EU-US Data Privacy Framework or EU Standard Contractual Clauses.

14 Browser Extension (OperoGuide)

Extension Functionality

The OperoGuide browser extension provides context-aware assistance when using JD Edwards. The extension detects the JDE application context (screens, forms, error codes), extracts error messages for automatic troubleshooting, and provides quick access to OperoGuide without leaving JDE.

Data Collected by the Extension

The browser extension collects: current JDE screen/form identifiers, error codes and error messages displayed in JDE, and selected text (when you explicitly select it for a query).

Data Storage

The extension does not store any data locally on your device. All data is transmitted directly to OperoGuide servers for processing and is subject to the same data protection provisions as queries made through the web interface.

15 Data Storage & Deletion

Retention Periods

• Account data: Until account closure + 30 days
• Uploaded documents: Until deleted by the user or upon account closure
• Usage statistics: 12 months (anonymized thereafter)
• Audit logs: 90 days
• Payment records: 10 years (statutory requirement)
• Query contents: Not stored
• Applicant data: 6 months after completion of the application procedure
• Contact inquiries: Until the inquiry has been handled, unless a statutory retention obligation applies

Account Deletion

You can request the complete deletion of your account and all associated data at any time: via the "Delete Account" function in your dashboard or by email to info@suppora.eu.

Following a deletion request, we delete all of your data within 30 days unless a statutory retention obligation applies.