1 Privacy at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the "Controller Information" section of this privacy policy.
How do we collect your data?
Your data is collected when you provide it to us. This could be data you enter in a contact form, for example.
Other data is collected automatically or with your consent when you visit the website through our IT systems. This is primarily technical data (e.g., internet browser, operating system, or time of page access).
What do we use your data for?
Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other order inquiries.
You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future.
2 Hosting
IONOS
We host our website content with IONOS. The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. When you visit our website, IONOS collects various log files including your IP addresses.
Details can be found in the IONOS privacy policy: https://www.ionos.de/terms-gtc/terms-privacy
The use of IONOS is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website.
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
3 General Information and Mandatory Disclosures
Data Protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
We point out that data transmission over the Internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.
Controller Information
Herrnsheimer Hauptstraße 1b
67550 Worms
Germany
Phone: +49 6241 85 72 36 0
Email: info@suppora.eu
Storage Duration
Unless a more specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data.
Legal Basis for Data Processing
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data are processed.
Revocation of Your Consent
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.
Right to Lodge a Complaint
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged violation.
Right to Data Portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to yourself or to a third party in a common, machine-readable format.
SSL/TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
4 Data Collection on This Website
Cookies
Our websites use "cookies". Cookies are small data packets that do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device.
Cookies required to carry out the electronic communication process or to provide certain functions you have requested are stored on the basis of Art. 6 para. 1 lit. f GDPR.
Consent with Real Cookie Banner
Our website uses the consent technology of Real Cookie Banner to obtain your consent for the storage of certain cookies. The provider is devowl.io GmbH, Tannet 12, 94539 Grafling, Germany.
When you visit our website, Real Cookie Banner stores a cookie in your browser to document which consents you have given or revoked. The data collected is stored until you request deletion, delete the cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.
Real Cookie Banner is used to obtain the legally required consent for the use of cookies. The legal basis is Art. 6 para. 1 lit. c GDPR.
Details on data processing: Real Cookie Banner Privacy Policy
Inquiries by Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry including all resulting personal data will be stored and processed by us for the purpose of handling your request.
Processing is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures.
Communication via WhatsApp
For communication with our customers, we use the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Communication takes place via end-to-end encryption. However, WhatsApp has access to metadata created during the communication process.
Details: WhatsApp Privacy Policy
Microsoft Bookings
On our website, you have the option to schedule appointments with us. For appointment booking, we use Microsoft Bookings. The provider is Microsoft Ireland Operations Limited, Dublin, Ireland.
Details: Microsoft Privacy Statement
5 Social Media
Elements of the social network Facebook are integrated on this website. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland.
When the social media element is active, a direct connection is established between your device and the Facebook server. Use is based on your consent according to Art. 6 para. 1 lit. a GDPR.
Details: Facebook Privacy Policy
Functions of the Instagram service are integrated on this website. The provider is Meta Platforms Ireland Limited, Dublin, Ireland.
Details: Instagram Privacy Policy
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland.
Details: LinkedIn Privacy Policy
This website uses elements of the XING network. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
Details: XING Privacy Policy
6 Analytics Tools and Advertising
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Dublin, Ireland. Google Tag Manager itself does not create user profiles and does not store cookies. It only serves to manage and deliver the tools integrated via it.
Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited, Dublin, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. Use is based on your consent according to Art. 6 para. 1 lit. a GDPR.
Google Analytics IP anonymization is activated. This means that your IP address is shortened by Google within member states of the EU before transmission to the USA.
You can prevent Google from collecting data by installing the browser plugin: Google Analytics Opt-out
WP Statistics
This website uses the analytics tool WP Statistics. The provider is Veronalabs, Tallinn, Estonia. The data collected by WP Statistics is stored exclusively on our own server. We use WP Statistics with anonymized IP.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program by Google Ireland Limited. Use is based on your consent according to Art. 6 para. 1 lit. a GDPR.
Google Conversion Tracking
This website uses Google Conversion Tracking. With the help of Google Conversion Tracking, Google and we can recognize whether the user has performed certain actions.
Details: Google Privacy Policy
7 Newsletter
Newsletter Data
If you would like to receive the newsletter offered on the website, we need an email address from you as well as information that allows us to verify that you are the owner of the specified email address.
The processing of the data entered in the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke the consent you have given at any time, for example via the "unsubscribe" link in the newsletter.
After you unsubscribe, your email address may be stored in a blacklist to prevent future mailings. You can object to storage if your interests outweigh our legitimate interest.
8 Plugins and Tools
Wordfence Security
We have integrated Wordfence Security on this website. The provider is Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.
Wordfence serves to protect our website from unwanted access or malicious cyber attacks. For this purpose, Wordfence collects IP addresses, request data, referrer, and time of page access. Wordfence is integrated on our servers; however, a connection to Wordfence servers occurs for security updates and threat intelligence.
The use of Wordfence is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting our website from cyber attacks and malicious activity.
Data transfer to the USA is based on the EU Standard Contractual Clauses.
Details: Wordfence Privacy Policy
IP addresses flagged for malicious activity may be temporarily blocked. We have activated IP anonymization for logging purposes where technically feasible.
9 Audio and Video Conferencing
Data Processing
For communication with our customers, we use online conferencing tools. When you communicate with us via video or audio conferencing, your personal data is collected and processed by us and the provider of the respective conferencing tool.
The conferencing tools collect all data that you provide for use (email address, phone number), as well as metadata such as conference duration, start and end of participation, and number of participants.
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, Dublin, Ireland.
Details: Microsoft Privacy Statement
Microsoft has a certification under the "EU-US Data Privacy Framework" (DPF).
10 Custom Services
Handling of Applicant Data
We offer you the opportunity to apply to us (e.g., by email, by post, or via an online application form). We assure you that the collection, processing, and use of your data will be carried out in accordance with applicable data protection law and that your data will be treated in strict confidence.
Scope and Purpose of Data Collection
If you send us an application, we process your associated personal data insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is § 26 BDSG (German Federal Data Protection Act - initiation of an employment relationship) and Art. 6 para. 1 lit. b GDPR.
Data Retention Period
If we are unable to make you a job offer, we reserve the right to retain the data you have provided for up to 6 months from the end of the application process. Retention serves in particular as evidence in the event of legal disputes.
Inclusion in the Applicant Pool
If we cannot make you a job offer, there may be the possibility of including you in our applicant pool. Inclusion is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR).
Data from the applicant pool is irrevocably deleted no later than two years after consent is given. The data subject can revoke their consent at any time.
11 OperoGuide SaaS Service
Service Description
OperoGuide is an AI-powered assistant for JD Edwards EnterpriseOne users. The service processes user queries against uploaded documentation to provide contextual answers.
Account Data
When you register for OperoGuide, we collect:
- Name and email address
- Company name (optional)
- Password (stored encrypted)
- Account preferences and settings
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR (contract performance).
Uploaded Documents
Documents you upload to OperoGuide are:
- Stored securely on servers in Germany (IONOS)
- Processed to extract text and create searchable embeddings
- Only accessible by authorized users within your organization
- Deleted upon your request or account termination
Your documents are encrypted at rest and in transit. We do not access your documents except for technical support purposes with your explicit permission.
Query Processing
When you submit a query to OperoGuide:
- Query content is NOT stored – We do not save your questions or the AI responses
- Only metadata is logged: message length, response length, timestamp, and source count
- Query counts are tracked for plan limit enforcement
- Session IDs are used for conversation continuity
Usage Statistics
We collect anonymized usage statistics to improve our service:
- Number of queries per user/organization
- Feature usage patterns
- Performance metrics
This data is processed on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in service improvement).
Audit Logs (Business Plans and above)
For compliance purposes, audit logs record:
- Login/logout events
- Document uploads and deletions
- User management actions
- Security events (failed logins, 2FA changes)
Audit logs are retained for 90 days and do not contain query content.
12 AI Processing
Use of Large Language Models
OperoGuide uses AI technology hosted by IONOS to process your queries. When you submit a query:
- Your query and relevant document excerpts are sent to the AI model
- The AI generates a response based on your documents
- All processing occurs on servers within the European Union
Your data is NEVER used to train AI models. Queries and documents are processed solely to provide responses and are not retained by AI systems for training purposes.
Data Transmission
During AI processing, the following data may be transmitted:
- The text of your query
- Relevant excerpts from your uploaded documents
- Conversation context (if in a multi-turn conversation)
This data is transmitted via encrypted connections (TLS 1.3) and is not stored by the AI provider after processing.
Data Location
All AI processing for OperoGuide occurs on infrastructure located in Germany/European Union. No data is transferred outside the EU for AI processing.
13 Sub-Processors
We use the following sub-processors to provide our services:
Elgendorfer Str. 57, 56410 Montabaur, Germany
Purpose: Web hosting, AI infrastructure, data storage
Location: Germany 🇩🇪
354 Oyster Point Blvd, South San Francisco, CA 94080, USA
Purpose: Payment processing, subscription management
Location: USA (EU-US Data Privacy Framework certified) 🇺🇸
Stripe Privacy Policy
25 First Street, Cambridge, MA 02141, USA
Purpose: CRM, email communications, contact forms
Location: USA (EU-US Data Privacy Framework certified) 🇺🇸
HubSpot Privacy Policy
All sub-processors are contractually obligated to protect your data in accordance with GDPR requirements. For US-based processors, we rely on the EU-US Data Privacy Framework or EU Standard Contractual Clauses.
14 Browser Extension
Extension Functionality
The OperoGuide browser extension provides contextual assistance while using JD Edwards. The extension:
- Detects JDE application context (screens, forms, error codes)
- Extracts error messages for automatic troubleshooting
- Provides quick access to OperoGuide without leaving JDE
Data Collected by the Extension
The browser extension collects:
- Current JDE screen/form identifiers
- Error codes and messages displayed in JDE
- Selected text (when you explicitly select it for query)
The extension only activates on JD Edwards URLs configured by your organization. It does not collect data from other websites or applications.
Data Storage
The extension does not store data locally on your device. All data is transmitted directly to OperoGuide servers for processing and is subject to the same privacy protections as queries made through the web interface.
15 Data Retention & Deletion
Retention Periods
- Account data: Until account deletion + 30 days
- Uploaded documents: Until deletion by user or account termination
- Usage statistics: 12 months (anonymized after)
- Audit logs: 90 days
- Payment records: 10 years (legal requirement)
- Query content: Not stored
Account Deletion
You can request complete deletion of your account and all associated data at any time by:
- Using the "Delete Account" function in your dashboard
- Contacting us at privacy@operoguide.de
Upon deletion request, we will remove all your data within 30 days, except where retention is required by law.
Before deleting your account, you can export all your data (documents, settings, usage history) in a machine-readable format from your dashboard.