SK-Synergie
Privacy information for the website, digital systems, customer portal and SK-Synergie platforms.
Privacy Policy
of Seibl Klaus Synergie
(hereinafter also referred to as “SK” / “SK-Synergie”)
We are pleased about your interest in our company.
1. Definitions
Seibl Klaus Synergie (hereinafter also referred to as “SK-Synergie”, “SK” or “we”) is pleased about your interest in our digital services, systems and platforms. The protection of your personal data is very important to us. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.
The use of our websites and systems is generally possible without providing personal data. However, if you use our special services, in particular our digital governance, signature, review and voting systems, the processing of personal data may become necessary. In these cases, processing is carried out exclusively in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations.
This Privacy Policy provides comprehensive information about the type, scope, purpose and legal basis of the processing of personal data when using:
• the website www.sk-synergie.com
• the ticket and support system
• the platforms, including:
o SK-OneSign
o SK-OneVote
o SK-OneCheck
o SK-EVM
o Sk-DOCS
o SK-PDF
o SK-RESOURCES
o SK-EXECUTIVE
o SK-AUFMASS
o SK-SKPROCUREMENT
and further tool (sub)pages
2. Controller within the meaning of the GDPR
The controller within the meaning of the General Data Protection Regulation and other data protection provisions is:
Seibl Klaus Synergie
Hans-Carossa-Straße 17
84323 Massing
Germany
Email: info@sk-synergie.com
Website: www.sk-synergie.com
3. Definitions
This Privacy Policy uses the terms of the General Data Protection Regulation. For the purposes of this policy, the following terms in particular apply:
a) Personal data
All information relating to an identified or identifiable natural person, for example name, email address, IP address, user ID or document contents.
b) Data subject
Any natural person whose personal data is processed by SK-Synergie.
c) Processing
Any operation relating to personal data, in particular collection, storage, use, transmission, evaluation or deletion.
d) Controller
The body that determines the purposes and means of processing – in this case SK-Synergie.
e) Processor
An external service provider that processes personal data on behalf of SK-Synergie, for example hosting or payment service providers.
4. Principles of data processing
We process personal data exclusively in accordance with the following principles:
• lawfully
• for specified purposes
• limited to what is necessary
• accurate
• limited in time
• securely and confidentially
We take appropriate technical and organisational measures to protect your data against loss, misuse, unauthorised access, disclosure or manipulation.
5. Hosting and technical infrastructure
Our website, platforms and SaaS systems are operated by:
STRATO AG
Pascalstraße 10
10587 Berlin
Germany
STRATO processes personal data as a processor exclusively according to our instructions and on the basis of a data protection-compliant agreement pursuant to Art. 28 GDPR.
6. Server log files and access data
Whenever our website or systems are accessed, technical data is automatically stored in server log files. This includes in particular:
• IP address
• date and time of access
• page or file accessed
• HTTP status code
• browser type and browser version
• operating system
• referrer URL
• user agent
This data is processed in order to:
• ensure the technical stability and security of our systems
• detect attacks, misuse or malfunctions
• enable the proper provision of the services
This data is not combined with other personal data.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in IT security, system stability and prevention of misuse).
7. Data security
We use modern security mechanisms, in particular:
• encrypted data transmission (TLS)
• access restrictions
• logging of security-relevant operations
• separate data areas for users, systems and logs
Nevertheless, we point out that internet-based data transmissions may generally have security vulnerabilities. Absolute protection cannot be guaranteed.
8. Processing within our SaaS systems
SK-Synergie operates digital governance, signature, review and voting systems, in particular:
• SK-OneSign – digital signing of documents
• SK-OneVote – digital resolution and voting systems
• SK-OneCheck – review, verification and documentation systems
• EVM-SK – project and budget controlling (Earned Value Management)
When using these systems, personal data is processed to the extent required for the technical and legal implementation of the respective functions.
This includes in particular:
• user accounts (name, email address, organisation)
• IP addresses
• timestamps
• system IDs
• roles (e.g. signer, voter, administrator)
• documents, voting data, review results
9. Processing of documents, signatures and voting data
If you upload documents, sign documents or participate in votes, the contents and accompanying metadata are processed, in particular:
• document contents
• hash values and integrity records
• signing times
• identification features used
• assignment to user accounts or invitation tokens
• votes and rankings
This data is used exclusively to carry out the operations initiated by you, in particular:
• evidence that a document was signed
• evidence that a vote was cast
• assignment of authorisations
• generation of review and status logs
The legal basis is Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in traceability, integrity and system security).
10. Logging and traceability
To ensure the technical and organisational integrity of the systems, SK-Synergie stores log data (audit logs), in particular:
• times of actions
• user or token IDs
• IP addresses
• system actions performed (e.g. signature, vote, approval, deletion)
These logs are used for:
• documentation
• prevention of misuse
• error analysis
• ensuring functionality
Evaluation is carried out only for the specified purpose.
11. Ticket system, support and communication
If you use our ticket or support system, email or contact forms, we process the data you provide, in particular:
• name
• email address
• message contents
• technical metadata
This data is stored to process your request, communicate with you and document the process.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures / performance of a contract).
11.1 Contract withdrawals
If you use our electronic withdrawal form, we process the information you provide for the purpose of handling your withdrawal request.
This may include in particular:
• name
• email address
• contract, invoice or order reference
• voluntary additional information
• technical log data (e.g. IP address, time of submission)
The processing is carried out exclusively for the handling and documentation of the withdrawal as well as for compliance with legal obligations.
As part of the processing, confirmations of receipt may be sent by email.
The legal basis is Art. 6(1)(b) GDPR (contract processing) and Art. 6(1)(c) GDPR (compliance with legal obligations).
Withdrawal-related data is stored only for as long as necessary for processing, documentation or due to statutory retention obligations.
12. Automated processing in the systems
The systems SK-OneSign, SK-OneVote, SK-OneCheck and EVM-SK use automated procedures for:
• calculating voting results
• checking quorums
• determining signature and review status
• generating logs
This automated processing is carried out exclusively on the basis of actions initiated by users.
There is no automated decision-making within the meaning of Art. 22 GDPR that produces legal effects without the possibility of human intervention.
13. Transfer of data
Personal data is not passed on to unauthorised third parties.
Data is transferred only:
• to processors (e.g. hosting, payment providers)
• if required by law
• if necessary for the performance of a contract
14. Data storage within the systems
Documents, signatures, votes and logs are stored as long as:
• an active contractual relationship exists
• they are required for documentation or record-keeping purposes
• statutory retention obligations exist
Afterwards, they are deleted or anonymised.
15. Cookies
Our websites use cookies. Cookies are small text files stored on your device and contain information that allows your browser to be recognised.
Cookies are used in particular to:
• provide technical website functions
• store login states
• remember language settings
• implement security mechanisms
Some cookies are automatically deleted after your visit ends (session cookies). Other cookies remain stored on your device until you delete them.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a functional and secure website) and, where required, your consent pursuant to Art. 6(1)(a) GDPR.
You can configure your browser to allow cookies only in individual cases or to reject them generally.
16. Google Analytics
We use Google Analytics with IP anonymisation on selected parts of our website.
Provider:
Google Ireland Limited
Gordon House, Barrow Street
Dublin, Ireland
Google Analytics uses cookies to analyse user behaviour. The IP address is shortened before storage.
Processed data:
• IP address (anonymised)
• page views
• duration of stay
• source of access
Purpose: analysis of use to optimise our website.
Legal basis: Art. 6(1)(a) GDPR (consent).
You can deactivate Google Analytics via a browser plugin:
https://tools.google.com/dlpage/gaoptout
16.1. Google Ads and Conversion Tracking
We use Google Ads, an online advertising service provided by Google Ireland Limited,
Gordon House, Barrow Street, Dublin 4, Ireland.
As part of Google Ads, we use conversion tracking.
If you access our website via a Google advertisement,
Google may store a cookie on your device.
The following data may be processed in particular:
• IP address (shortened or anonymised where technically possible)
• information about pages visited
• clicks on advertisements
• conversion data
• device and browser information
Purpose of processing:
• measuring the success of advertising campaigns
• optimising advertisements
• reach analysis
• remarketing and audience creation
Processing is carried out exclusively on the basis of your consent
in accordance with Art. 6(1)(a) GDPR.
Further information:
https://policies.google.com/privacy
You may withdraw your consent at any time via the cookie settings.
16.2 YouTube
We may use content from the YouTube video platform on our website to display product, training, informational and presentation videos.
Provider:
YouTube LLC
901 Cherry Ave.
San Bruno, CA 94066
USA
The responsible entity for users within the European Union is:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
When accessing a page containing an embedded YouTube video, the video is not loaded automatically at first. Only after you have given your consent via our consent management system and activated the video will a connection to YouTube servers be established.
This may include in particular:
• IP address
• date and time of the page visit
• information about the browser and operating system used
• visited page
• device information
• interactions with the embedded video
If you are logged into Google or YouTube at the same time, YouTube may associate your visit with your user account.
Where technically available, we use YouTube's enhanced privacy mode. However, once a video is started, further data processing by YouTube may take place over which we have no control.
Purposes of processing:
• provision of product videos
• provision of training and informational content
• improvement of user-friendliness
• presentation of our software solutions and services
Legal basis:
YouTube videos are loaded only after your explicit consent. Before your consent, no connection to YouTube servers is established. The legal basis for processing is therefore your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future via the cookie settings.
Further information:
https://policies.google.com/privacy
https://support.google.com/youtube/answer/7671399
https://policies.google.com/technologies/cookies
16.3 LinkedIn
We may maintain a company page on LinkedIn and provide links to our LinkedIn profile on our website.
Provider:
LinkedIn Ireland Unlimited Company
Wilton Plaza
Wilton Place
Dublin 2
Ireland
Simply accessing our website does not transfer any data to LinkedIn.
Only when you click a LinkedIn link and thereby access the LinkedIn website does LinkedIn process personal data in accordance with its own privacy policy.
This may include in particular:
• IP address
• browser and device information
• date and time of the visit
• referrer information
• interactions with content on LinkedIn
Purposes of processing:
• provision of further company information
• communication with interested parties and customers
• publication of news
• presentation of our services and software solutions
Legal basis:
Our website merely contains a link to our LinkedIn profile. When visiting our website itself, no data is transferred to LinkedIn. Only when you voluntarily click the link do you leave our website and LinkedIn's privacy policy applies.
Further information:
https://www.linkedin.com/legal/privacy-policy
16.4 Instagram
We may maintain a company page on Instagram and provide links to our Instagram profile on our website.
Provider:
Meta Platforms Ireland Limited
Merrion Road
Dublin 4
D04 X2K5
Ireland
Simply accessing our website does not transfer any data to Instagram.
Only when you click an Instagram link and thereby access the Instagram website does Meta process personal data in accordance with its own privacy policy.
This may include in particular:
• IP address
• browser and device information
• date and time of the visit
• referrer information
• interactions with content on Instagram
Purposes of processing:
• presentation of our company
• publication of information and news
• communication with interested parties and customers
• marketing and reach enhancement
Legal basis:
Our website merely contains a link to our Instagram profile. When visiting our website itself, no data is transferred to Instagram. Only when you voluntarily click the link do you leave our website and Meta's or Instagram's privacy policy applies.
Further information:
https://privacycenter.instagram.com/policy
16.5 Google Fonts
We use fonts (Google Fonts) on our website to ensure a consistent and appealing presentation of our content.
Where technically possible, Google Fonts are provided locally on our server. In this case, no data is transferred to Google.
If Google Fonts are exceptionally loaded directly from the servers of Google Ireland Limited, the following data in particular may be processed:
• IP address
• browser and device information
• date and time of the page visit
• information about the requested font
Provider:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
Legal basis:
If Google Fonts are provided locally, no personal data is transmitted to Google. If, in exceptional cases, an external integration is used, the fonts are loaded only after your consent. The legal basis is then Art. 6(1)(a) GDPR.
Further information:
https://policies.google.com/privacy
16.6 Google Maps
Google Maps may be used on individual pages to display interactive maps.
Provider:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
A connection to Google servers is established only after you have consented to the use via our consent management system and activated the map.
This may include in particular:
• IP address
• browser and device information
• date and time of the page visit
• location data (if you have enabled it)
• usage information of the map function
Purposes of processing:
• display of interactive maps
• display of locations
• improvement of user-friendliness
Legal basis:
Google Maps is loaded only after your explicit consent. Before your consent, no connection to Google is established. The legal basis is therefore Art. 6(1)(a) GDPR.
Further information:
https://policies.google.com/privacy
16.7 Content Delivery Networks (CDNs)
Content Delivery Networks (CDNs) may be used for fast and secure provision of individual contents or libraries.
Depending on the function used, the following providers may be used, for example:
• Google Hosted Libraries
• jsDelivr
• unpkg
When files are retrieved via a CDN, the following data in particular may be processed:
• IP address
• browser and device information
• date and time of retrieval
• requested files
Purposes of processing:
• faster provision of content
• improvement of loading speed
• increase in availability and stability of our website
Legal basis:
If libraries are provided locally from our server, no data is transferred to external CDN providers. If external CDNs are used, their use takes place exclusively after your consent via our consent management system pursuant to Art. 6(1)(a) GDPR.
17. Payment services (PayPal & Stripe)
PayPal
Provider:
PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg
If PayPal is selected, payment and identification data is transmitted to PayPal.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
Stripe
Provider:
Stripe Payments Europe Ltd., Dublin, Ireland
Stripe processes payment data (e.g. credit cards, SEPA).
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
18. Storage period
Personal data is stored:
• as long as a contractual relationship exists
• as long as statutory retention obligations exist
• as long as legitimate documentation interests exist
Afterwards, the data is deleted or anonymised.
19. Rights of data subjects
You have the right at any time to:
• access (Art. 15 GDPR)
• rectification (Art. 16 GDPR)
• erasure (Art. 17 GDPR)
• restriction of processing (Art. 18 GDPR)
• data portability (Art. 20 GDPR)
• objection (Art. 21 GDPR)
• withdrawal of consent granted
Please send requests to:
info@sk-synergie.com
20. No automated decision-making
SK-Synergie does not carry out automated decisions or profiling with legal effect.
21. Changes to this Privacy Policy
This Privacy Policy will be adapted if legal requirements or technical changes make this necessary. The current version is available on our website.
Status: 2026