Privacy Policy

Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, in particular the GDPR and our country-specific implementation laws, which provide comprehensive information about the processing of your personal data by SUSPA UK Ltd. and your rights.

Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address. Anonymous data is available if no personal reference to the individual/user can be made. 

Responsible body and data protection officer

104 Dudley Road
West Midlands DY3 1TA
United Kingdom

Telephone: +44 (0) 1902 597216

Contact info of the data protection officer: datenschutz(at)  

Your rights as a data subject

We would first like to notify you of your rights as a data subject. These rights are set out in Articles 15 - 22 GDPR, and include: 

  • The right of access (Art. 15 GDPR),
  • The right to rectification (Art. 16 GDPR),
  • The right to data portability (Art. 20 GDPR),
  • The right to object to data processing (Art. 21 GDPR),
  • The right to erasure / right to be forgotten (Art. 17 GDPR),
  • The right to restriction of data processing (Art. 18 GDPR).

To exercise these rights, please contact: datenschutz(at) The same applies if you have any questions regarding data processing in our company. You also have a right of appeal to the relevant data protection supervisory authority. 

Right to object

Please note the following with respect to your right to object: 

When we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing. If you object to the processing for direct marketing, we will no longer process your personal data for such purposes. The objection is free of charge and can be made informally, where appropriate to: datenschutz(at)  

Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions. We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

Purposes and legal bases of data processing

The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 GDPR.

We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include marketing and direct marketing. Your consent also constitutes a data protection regulation. In this respect, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process, Art. 88 (1) GDPR.

Processing of special categories of personal data within the meaning of Art. 9 (1) GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data, Art. 88 (1) GDPR.

Data transfers / Disclosure to third parties

We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).

Data recipients / categories of recipients

In our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data. In many cases, service providers assist our specialist departments to fulfil their tasks. The necessary data protection contract has been concluded with all service providers. We transmit certain data, that accrue by browsing the web to marketing service providers to analyse the data.

Transfers of personal data to third countries

A data transfer to third countries (outside the European Union or the European Economic Area) takes place basically only insofar as this is necessary for the implementation of the obligatory relations, is required by law, or you have given your consent to do so. In case of (contact) requests, contact data may be forwarded to corresponding SUSPA entity (e.g. USA, UK, India, etc.) located in third countries.

Period of data storage

We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.

We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the standard limitation period is 3 years.

Secure transfer of data

We implement the appropriate technical and organisational security measures to ensure the optimal protection of the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards. The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website, and always use the current encryption protocols TLS 1.2. In addition, we offer our users content encryption in our contact forms and applications. We alone can decrypt this data. It is also possible to use alternative communication channels (e.g. surface mail).

Obligation to provide data

A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of the relevant contractual and legal obligations. The same applies to the use of our website and the various functions we provide. We have summarised the relevant details in the above point. In some cases, legal regulations require data to be collected or made available. Please note that it will not be possible to process your request or execute the underlying contractual obligation without this information.

Data categories, sources and origin of data

The data we process is defined by the relevant context: it depends on whether, for example, you place an order online, enter a request on our contact form or if you want to send us an application or submit a complaint. Please note that we may also provide information at specific points for specific processing situations separately where appropriate, e.g. when making a contact request.


We collect and process the following data when you visit our website:

  • Web browser and operating system used
  • Information on the website from which you visited us
  • The IP address by your allocated Internet service provider (anonymised)
  • Files accessed, volume of data transferred, downloads/file export
  • Information on websites accessed on our site, including date and time
  • Referer is transmitted and saved as referrer in the log

For reasons of technical security (in particular to safeguard against attempts to attack of our web server), this data is stored in accordance with Article 6 (1) lit f GDPR. Anonymisation of the IP address takes place immediately so that no reference is made to the user.

We collect and process the following data as part of a contact request:

  • Last name, first name
  • Contact information
  • E-Mail address
  • Country
  • Info on wishes and interests

We collect and process the following data as part of our CAD-Configurator contact request:

  • Last name, first name
  • Company name
  • Telephone number 
  • E-mail address
  • Address (address, ZIP code, country)
  • Amount
  • Comment

Selection of the language

When visiting our website we temporarily collect your full IP address to be able to automatically present the complete range of our internet pages in your local language. Your IP address will not be saved and will be cancelled after selection of the language. Insofar it will not be communicated to third parties. In this connection, we refer to our legitimate interest to offer an attractive and easily accessible internet site according to Article 6 I f EU-DSGVO.

Contact form / Contact via email

A contact form is available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the data you submitted in the contact form to respond to your queries and requests.

In so doing, we respect the principle of data minimisation and data avoidance, such that you only have to provide the information we require to contact you, which is your first and last name, email address and the message field itself. Your IP address will also be processed for technical reasons and for legal protection. All other data is voluntary, and additional fields are optional (e.g. to provide a more detailed response to your questions).

If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request. If you do not contact us using the forms provided, no additional data will be collected.

Contact form within the CAD configurator (Art. 6 (1) lit. a, b GDPR)

Within the framework of the CAD configurator, another contact form can be used to contact us electronically. If you write to us via the contact form, we process the data you provide to contact you and prepare an individual offer.

For this purpose, we may transfer your request to the responsible person at the relevant SUSPA entity. If you contact us from a country in which SUSPA does not have its own branch office, your data will be forwarded to our responsible local contact. This is done due to our legitimate interest in accordance with Art. 6 (1) lit. f GDPR on our part to contact you in an uncomplicated and quick way. You have the right to object to this. A list of the SUSPA companies that may be responsible for you can be found here:  

Your personal data (first and last name, e-mail address, telephone number, the company you work for, address, zip code, city, country, and indication of quantity) may be processed in order to contact you and prepare an individual offer.

To ensure the protection and confidentiality of your data as best as possible, we implement appropriate security measures. Your request is transmitted to us in encrypted form. In addition, your IP address is processed for technical necessity and for legal protection. 

We store your data for as long as it is needed to process your request. Please note that numerous retention periods may require that the data will to be stored for a longer period. This applies in particular to retention obligations under commercial or tax law (e.g. German Commercial Code, German Fiscal Code, etc.).

Automated decisions in individual cases

We do not use purely automated processing to make decisions.


Our website uses “cookies” at various locations, which serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser (locally on your hard disk).

Cookies enable us to analyse how users use our websites so we can design the website content in accordance with the visitor’s needs. Cookies also allow us to measure the effectiveness of a particular ad and, for example, to place it based on the user's interests. Most of the cookies we use are "session cookies", which will be automatically deleted after your visit. Persistent cookies are automatically deleted from your computer when their validity period (generally six months) has expired or you delete them yourself prior to expiry.

Most web browsers automatically accept cookies. You can generally change your browser's settings if you prefer not to send the information. You can still use the offers on our website without restrictions (exception: configurators). We use cookies to make our offers more user-friendly, effective and secure. We also use cookies to analyse how users use our websites so we can design the website content in accordance with the visitor’s needs. Cookies also allow us to measure the effectiveness of a particular ad and, for example, to place it based on the user's interests.

Cookies are stored on the user’s computer which then transmits them to us. As a user, you therefore exercise full control over the use of cookies. You can change the settings in your Internet browser to disable or restrict the sending of cookies. In addition, cookies that have already been saved on your computer can be deleted at any time via an Internet browser or other software programs. All this is possible in all the current Internet browsers.

Please note: If you deactivate the placing of cookies on your device, you may not be able to access all our website functions in certain circumstances.

Web tracking procedures

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer that allow an analysis of how you use the website. The information generated by the cookies about the use of this website is usually transmitted to a Google server in the USA and stored there. By activating the IP anonymization on this website, however, your IP address will be truncated by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases, will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

The contract required under data protection law has been concluded with the provider.

The legal basis for this is your informed consent Article 6 (1) a GDPR. The personal data of users will be deleted or anonymized after 14 months. For more information on terms of use and data protection, please visit and

You can prevent the storage of cookies by setting the browser software accordingly; however, we would like to point out that in this case you may not be able to make full use of all the functions of this website.

You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link [].

As an alternative to the browser add-on or within browsers on mobile devices, please click the link below to prevent detection by Google Analytics within this website in the future: An opt-out cookie will be stored on your device. If you delete your cookies, you will need to click the link again.

Please note that on this website Google Analytics has been extended to include the code  "gat. _ anonymizeIp () " to ensure an anonymised collection of IP addresses (so-called IP masking).

Right of objection:


Prevent the collection of data from this side by Google Analytics

Google Tag Manager

This website uses the Google Tag Manager of Google Inc. ("Google"). The Google Tag Manager serves to manage and trigger web page tags via a user interface. Google Tag Manager merely implements the tags used on the website and does not collect personally identifiable information itself. Also, the Google Tag Manager itself does not set cookies on the devices. However, Google Tag Manager has no control over whether its managed tags set Cookies themselves. If disabled at the domain or cookie level, the disabling will remain in effect for all tracking tags implemented through the Google Tag Manager.

Links to Social Media

On our website you will find links to the Social Media services of Facebook, YouTube and LinkedIn. You can recognize links to the websites of the Social Media services by the respective company logo. If you follow these links, you will reach the SUSPA GmbH corporate website at the respective Social Media service. When clicking on a link to a Social Media service, a connection to the servers of the Social Media service is established. This means that the servers of the Social Media service are informed that you have visited our website. In addition, further data is transmitted to the provider of the Social Media service. For example:

  • Address of the website on which the activated link is located
  • Date and time of accessing the website or activating the link
  • Information about the browser and operating system used
  • IP address

If you are already logged in to the relevant Social Media service at the time the link is activated, the provider of the Social Media service may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account to the Social Media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand. The Social Media service servers are located in the United States and other countries outside the European Union. The data can therefore also be processed by the provider of the Social Media service in countries outside the European Union. Please note that companies in these countries are subject to a data protection law that generally does not protect personal data to the same extent as is the case in the member states of the European Union. Please note that we have no influence on the scope, type and purpose of data processing by the provider of the Social Media service. You can find more information on the use of your data by the Social Media services integrated on our website in the data protection guideline of the respective Social Media service.

Data protection declaration in Social Media

SUSPA GmbH maintains appearances in the "Social Media", in this case on Facebook, YouTube and LinkedIn. As far as we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with. Below you will find the most important information on data protection law in relation to our fan pages.

Name and address of the Controllers: Besides SUSPA GmbH, the following companies are responsible for corporate appearances in the sense of the EU General Data Protection Regulation (GDPR) as well as other data protection regulations:

  • Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
  • Youtube(Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland)
  • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland)

However, you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). We would also like to point out that your data can be processed outside of the European Union. The contract required under data protection law has been concluded with the provider.

Purpose and legal basis: We ourselves maintain the fan pages in order to communicate with the visitors of these pages and to inform them about our offers in this way. We also collect data for statistical purposes in order to develop and optimize the content and to make our offer more attractive. The data required for this (e.g. total number of page views, page activities and data provided by visitors, interactions) are prepared by the social networks and made available to us. We have no influence on the generation and display. In addition, your personal data will be processed by the providers of Social Media, for market research and advertising purposes. Thus, it is possible that, e.g. based on your usage behavior and the resulting interests, user profiles are created. This means, among other things, that advertisements can be placed inside and outside the platforms that correspond to your interests. Cookies are usually stored on your computer for this purpose. Regardless of this, data that is not collected directly on your devices can also be saved in your user profiles. The storage and analysis also takes place across devices, this applies in particular, but not exclusively, if you are registered as a member and logged into the respective platforms. In addition, we do not collect personal data. SUSPA GmbH processes your personal data on the basis of our legitimate interests in effective information and communication in accordance with art. 6 para. 1 sentence 1 lit. f. GDPR. If you are asked for your consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis for the processing is art. 6 para. 1 sentence 1 lit. a., Art. 7 GDPR.

Your rights / right to object: If you are a member of a social network and do not want the network to collect data about you via our fan page and link it to your saved member data for the respective network, you must

  • log out of the respective network before visiting our fan page,
  • delete the cookies on your device and
  • close and restart your browser.

After logging in again, however, you will be recognizable to the network as a specific user again. For a detailed description of the respective processing and the opt-out options, we refer to the information linked below:




Overall, you have the following rights with regard to the processing of your personal data: Right to access; Right to rectification; Right to erasure; Right to restriction of processing; Right to object; Right to data portability; Right to complain to the responsible data protection authority about illegal processing of your personal data. However, since SUSPA GmbH does not have full access to your personal data, you should contact the providers of Social Media directly to assert them, because they have access to the personal data of their users and can take appropriate measures and provide information. Should you still need help, we will of course try to support you. Please contact datenschutz(at)

Notes on copyright and art copyright: If you want to publish pictures, texts, plans, videos, music etc. on our fan page, you should know that you may thereby transfer all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or rights holder.

YouTube PlugIn

YouTube is a video portal of YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter "YouTube"). Within our online services, we have integrated at least one PlugIn from YouTube. When you activate the PlugIn, your browser establishes a direct connection with YouTube servers. This transmits the information to YouTube that your browser has visited the corresponding page of our online services, even if you do not have a YouTube account or are not logged into your account. This information is transmitted by your browser directly to a YouTube server located in the US and stored there. If you are logged into your YouTube account at the same time, this would enable YouTube to assign your surfing behaviour directly to your personal profile.

If you wish to prevent this transmission and storage of your data and your behaviour on our online services by YouTube, you must log out of YouTube before visiting our site and delete any cookies placed by YouTube. For more information on the collection and use of your data by YouTube, please refer to their privacy policy at

Please note that in this context personal data may be processed in a third country, the US. Compliance with the European level of data protection for data transfer and processing in third countries is ensured by standard contractual clauses and additional guarantees. Data processing or storage in third countries can also take place on the basis of your consent (Art. 49 (1) lit. a GDPR), in which case you will be informed separately of this, as well as the possibility of revocation, when obtaining your consent. The legal basis for the use of the PlugIn is Art. 6 (1) lit. a GDPR, § 25 (1) TTDSG."

Online offers for children

Persons under the age of 16 may not submit personal data to us or give a declaration of consent without the authorisation of their legal guardian. We encourage parents and guardians to actively participate in the online activities and interests of their children.

Disclaimer of liability

The information on these pages are provided without any guarantee, in particular without explicit or tacit promise of suitability for saleability, the suitability for a specific purpose or the freedom from infringements. SUSPA GmbH does not accept any liability for the timing, topicality or the freedom from defects of the information on these pages.

Links to other providers

Our website also contains clearly identifiable links to the Internet sites of other companies. Although we provide links to websites of other providers, we have no influence on their content, and no guarantee or liability can therefore be assumed for such. The content of these pages is always the responsibility of the respective provider or operator of the pages.

The linked pages were checked at the time of linking for potential legal violations and identifiable infringements. No illegal content was identified at the time of linking. However, a permanent content control of the linked pages is not reasonable without concrete evidence of an infringement and, upon notification of a violation of rights, such links will be promptly removed.