We appreciate your interest in our company. Data protection is extremely important for the management of Spherea GmbH (hereinafter also referred to as ‘controller’, ‘we’, ‘us’).
The use of the websites of the Spherea GmbH is generally possible without the disclosure of any personal data. However, when a data subject wishes to claim special services from our website, the processing of personal data may be necessary. If such processing is necessary and no other legal basis is applicable, we generally acquire the data subject’s declaration of consent.
The processing of personal data such as name, address, E-Mail address, or phone number is carried out under strict adherence to data protection laws, especially the European General Data Protection Regulation (GDPR). With this Privacy Notice, we want to inform the public about the nature, scope and purpose of the data processing on this website. Additionally, we wish to inform any data subjects about their rights according to applicable data protection laws.
The Spherea GmbH has taken appropriate technical and organizational measures to ensure the safety and security of your personal data which we process. Nevertheless, data transfers via the internet always bear some security risks. Therefore, any data subject can freely decide to communicate with us or disclose their data by other means, such as by telephone.
This Privacy Notice of the Spherea GmbH is based on the terminology used by the GDPR. We aim at the comprehensiveness and readability of this Notice – to ensure this, we provide you with an explanation of the terminology used.
We use the following terms in this Privacy Notice:
a) Personal Data
Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data Subject
The data subject is the identified or identifiable natural person, whose personal data are processed by the controller.
Processing means any operation on personal data such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of Processing
Restriction of processing is the special marking of stored personal data with the aim of restricting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to assess certain personal aspects related to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, personal data, reliability, behavior, location or movements of that natural person.
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
The controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Recipient means a natural or legal person, authority, authority or other body to which the personal data is disclosed, whether it is a third party. However, authorities which may obtain personal data in the context of a particular investigation in accordance with Union or Member State law shall not be deemed to be recipients; the processing of such data by these authorities in accordance with the applicable data protection rules in accordance with the purposes of the processing.
j) Third Party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
The consent of the data subject means any freely given, specific, informed and unambiguous indication of the wishes of the data subject, by which he or she means consent to the processing of personal data concerning him or her by means of a declaration or a clear affirmative act.
The controller’s Data Protection Officer (DPO) is:
In case of any questions with regards to data protection any data subject can directly contact our DPO by email: datenschutz@spherea.
The Spherea GmbH website collects data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server’s log files. The following information is collected:
- Browser type and version used
- Operating system used by the accessing device
- Website from which the device accesses our website
- Sub-websites that are accessed on our website
- Date and time of the access
- Internet protocol address (IP address)
- Internet service provider of the accessing device
- Other data and information that is used for security in the event of attacks on our IT system
Spherea GmbH does not use the data and information for any decision-making process about data subjects. This information is rather required in order to:
- Deliver the content of our website correctly
- Optimize the content and advertising on our website
- Ensure the long-term functionality of our IT systems and the technology of our website
- Provide law enforcement authorities with the necessary information in the event of criminal prosecution for cyber-attacks.
These anonymized data and information is therefore processed by Spherea GmbH for both statistical purposes and to increase data protection and data security in the company, ultimately ensuring an optimum level of protection for the personal data processed. The anonymous data in the server log files are stored separately from all personal data provided by the data subject.
The website of Spherea GmbH offers the possibility to establish a swift electronic contact with our company. If a data subject contacts us by E-Mail via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted to us by a data subject on a voluntarily basis are stored for the purpose of working on the requests or to contact the data subject. These personal data are not transferred to third parties.
The person responsible for the processing processes and stores personal data of the data subject only for the period that is necessary to achieve the storage purpose or that has been provided for by the legislator. If the storage purpose no longer applies or if a statutory storage period expires, the personal data will be routinely blocked or deleted in accordance with the regulations.
a) Right of Confirmation
Every data subject has the right to obtain confirmation from the controller as to whether personal data relating to him or her are being processed.
b) Right of Access
Every data subject has the right to receive information from us about the personal data stored about him or her and to receive a copy of this information. Furthermore, the data subject has the right to be informed about whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject shall also have the right to obtain information about the appropriate guarantees in connection with that transfer.
c) Right to Rectification
Every data subject has the right to obtain the rectification of inaccurate personal data concerning him or her without delay. He or she also has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
d) Right to Erasure (“Right to be forgotten”)
Any data subject has the right to demand that the personal data relating to him or her are deleted immediately, unless we have reasons for further storage.
e) Right to Restriction of Processing
Under certain conditions, every data subject has the right to request restriction of processing.
f) Right to Data Portability
Every data subject has the right to receive the personal data concerning him or her which he or she has provided to us in a structured, common and machine-readable format. Furthermore, he or she has the right to have the personal data transmitted directly from us to another controller, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other individuals.
g) Right to Object
Every data subject has the right to object to the processing of his or her personal data, unless we can demonstrate legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If Spherea GmbH processes personal data for the purpose of direct marketing, the data subject has the right to object at any time to the processing of personal data for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct marketing. If the data subject objects to Spherea GmbH processing for direct marketing purposes, Spherea GmbH will no longer process the personal data for these purposes.
h) Automated Individual Decision-making and Profiling
Every data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which results in legal effects concerning him or her or which significantly affects him or her in a similar way, except where the decision is (1) necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) authorized by Union or Member State law to which we are subject and provided that such law contains adequate safeguards with regard to the rights and freedoms and legitimate interests of the data subject, or (3) based on the explicit consent of the data subject.
i) Right to Withdraw a Consent
Every data subject has the right to withdraw his or her consent to the processing of personal data at any time. Such withdrawal does not affect the lawfulness of the previously processed personal data.
j) Right to Lodge a Complaint with the Supervisory Authority
Every data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data violates the GDPR.
The controller processes the personal data of applicants for the purpose of completing the application process. The processing may also be carried out by electronic means. This applies in particular if applicants submit their documents to the controller electronically, for example by E-Mail or via a web form on our website. If the controller concludes an employment contract with an applicant, the submitted data are stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, unless deletion is contrary to any other legitimate interests of the controller. Other legitimate interests may include, for example, the possible defense against a law suit based on the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG).
For the protection of your personal data, we use the so-called IP-anonymization method. Your IP address is automatically shortened within the EU and the European Economic Area before it is forwarded to the USA. This means that it is no longer possible to assign this address to you since it cannot be matched with other data that may be stored by Google.
Google uses the data collected on our behalf exclusively for the evaluation of the use of our offers and the activity on our pages as well as for the improvement and optimization of our online services. The following data is collected for this purpose:
- Your IP address (see above)
- The visited pages
- Technical data (browser, device etc.)
- The referrer-URL
Your data will be automatically deleted after 14 months.
Even after you have given your consent, you can still prevent the storage of cookies on your end device at any time by making the appropriate settings on your browser – however, this may mean that you may no longer see all of our content.
You can also use a browser add-on to prevent the information collected by cookies from being sent to Google: https://tools.google.com/dlpage/gaoptout?hl=de
For more information, please visit: https://support.google.com/analytics/answer/6004245?hl=de
The controller has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to display ads in Google’s search engine results as well as in the Google advertising network. Google AdWords allows an advertiser to specify pre-defined keywords that will cause an ad to appear in Google’s search engine results only when the user uses the search engine to retrieve a keyword relevant search result. In the Google advertising network, the ads are distributed to topic-relevant websites by means of an automatic algorithm and in accordance with the previously defined keywords.
Google AdWords is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to advertise our website by displaying interest-related advertising on the websites of third-party companies and in the search engine results of the Google search engine and by displaying third-party advertising on our website.
If a data subject reaches our website via a Google ad, a so-called conversion cookie is placed on the data subject’s IT system by Google. Such a cookie expires after thirty days and is not used to identify the person concerned. If the cookie has not yet expired, the conversion cookie is used to determine whether certain sub-pages, such as the shopping cart from an online shop system, have been accessed on our website.
The conversion cookie enables both us and Google to track whether a person that reached our website via an AdWords ad generated sales, i.e. whether he or she made or cancelled a purchase.
The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive any information from Google that could be used to identify a person.
The conversion cookie is used to store personal data, such as the websites visited by the data subject. Whenever our website is visited, personal data, including the IP address of the Internet connection used by the person concerned, is transferred to Google in the USA. This personal data is stored by Google. Google may pass on this personal data collected via the technical process to third parties.
The person concerned can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting in the Internet browser used, and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.
Furthermore, the data subject has the opportunity to object to interest-based advertising by Google. To do so, the data subject may access www.google.de/settings/ads from each of the Internet browsers he or she uses and make the desired settings there.
You can find more information and the current data policy of Google under: https://www.google.de/intl/de/policies/privacy/.
Art. 6 I 1 lit. a) GDPR serves our company as a legal basis for processing operations for which we obtain consent. If the processing is necessary for the performance of a contract to which the data subject is party the legal basis is Art. 6 I 1 lit. b) GDPR. This is the case, for example, when delivering goods or fulfilling other contractual obligations. The same applies to such processing operations which are necessary for pre-contractual measures, for example in case of enquiries about our products or services. If our company is subject to a legal obligation which makes it necessary to process personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I 1 lit. c) GDPR. Finally, processing operations can be based on Art. 6 I 1 lit. f) GDPR. On this basis the processing of personal data is lawful when the legitimate interests of the controller or by any third party outweigh the rights and freedoms of the data subject.
The criteria for the storage of personal data are derived from legal retention periods. After expiry of these periods, the data is routinely deleted, provided that it is no longer required for the fulfilment or the initiation of a contract.
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information about the contracting party). Sometimes it may be necessary that a data subject provides us with personal data that we have to process subsequently to conclude a contract. For example, data subjects are obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would result in the contract not being concluded with the person concerned. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee explains to the person concerned on a case-by-case basis whether the provision of personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of not providing the personal data.
As a controller we do not use automatic decision-making or profiling.
We will update this Privacy Notice at regular intervals in order comply with the current data protection regulations and to adhere to technical developments. It will be effective with its publishing here.