Privacy Notice

We appreciate your interest in our company. Data protection is extremely important for the management of Spherea GmbH (hereinafter also referred to as ‘controller’, ‘we’, ‘us’).

The use of the websites of the Spherea GmbH is generally possible without the disclosure of any personal data. However, when a data subject wishes to claim special services from our website, the processing of personal data may be necessary. If such processing is necessary and no other legal basis is applicable, we generally acquire the data subject’s declaration of consent.

The processing of personal data such as name, address, E-Mail address, or phone number is carried out under strict adherence to data protection laws, especially the European General Data Protection Regulation (GDPR). With this Privacy Notice, we want to inform the public about the nature, scope and purpose of the data processing on this website. Additionally, we wish to inform any data subjects about their rights according to applicable data protection laws.

The Spherea GmbH has taken appropriate technical and organizational measures to ensure the safety and security of your personal data which we process. Nevertheless, data transfers via the internet always bear some security risks. Therefore, any data subject can freely decide to communicate with us or disclose their data by other means, such as by telephone.

This Privacy Notice of the Spherea GmbH is based on the terminology used by the GDPR. We aim at the comprehensiveness and readability of this Notice – to ensure this, we provide you with an explanation of the terminology used.

We use the following terms in this Privacy Notice:

1.1 Personal Data

Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.2 Data Subject

The data subject is the identified or identifiable natural person, whose personal data are processed by the controller.

1.3 Processing

Processing means any operation on personal data such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.4 Restriction of Processing

Restriction of processing is the special marking of stored personal data with the aim of restricting their processing in the future.

1.5 Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to assess certain personal aspects related to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, personal data, reliability, behavior, location or movements of that natural person.

1.6 Pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

1.7 Controller

The controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.8 Processor

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

1.9 Recipient

Recipient means a natural or legal person, authority, authority or other body to which the personal data is disclosed, whether it is a third party. However, authorities which may obtain personal data in the context of a particular investigation in accordance with Union or Member State law shall not be deemed to be recipients; the processing of such data by these authorities in accordance with the applicable data protection rules in accordance with the purposes of the processing.

1.10 Third Party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

1.11 Consent

The consent of the data subject means any freely given, specific, informed and unambiguous indication of the wishes of the data subject, by which he or she means consent to the processing of personal data concerning him or her by means of a declaration or a clear affirmative act.

Spherea GmbH
Magirus-Deutz-Straße 13
89077 Ulm

Phone.: +49 731 17630-0
Fax: +49 731 17630-109

An external data protection officer is responsible for the correct implementation of data protection. If you have any concerns regarding the processing of your personal data, you can also contact this office directly:

Please contact us by post at:

Data Protection Team
Magirus-Deutz-Strasse 13
89077 Ulm

Or by e-mail to:

4.1 Use of tracking techniques such as cookies, tags, scripts or pixels

Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.). Cookies do not contain viruses, Trojans or other malware.

In cookies, information is stored that arises in each case in connection with the specific end device used. This does not mean that we gain direct knowledge of your identity. The use of cookies serves to make the use of our offer more pleasant for you. The following types of cookies can be distinguished.

Absolutely necessary cookies are required for the operation of a website and are indispensable for navigating on it and using its functions. These cookies are not permanently stored on your computer or device and are deleted when you close the browser (session cookies).

Statistical, analytical and performance cookies allow the number of visitors and traffic sources to be recorded and counted in order to measure and improve the performance of the website. They are also used to find out if certain pages are experiencing problems or errors, which pages are most popular and how visitors navigate the website. Analytical / performance cookies deleted after a defined retention time.

Tracking cookies are used to track visits and individual activities on websites. They are used to statistically record and evaluate the use of websites. These cookies are automatically deleted after a defined period of time.


Tags is an umbrella term for sections of code that can be integrated into websites and used for various functions, such as simple counting (“pixel counter”) or complex data transmission (e.g. “conversion tag”).

Pixel (pixel tag, counting pixel)

This technology refers to a graphic which, due to its small size of 1×1 pixel, is not visually detectable when visiting a website and is usually transparent. A pixel can only transmit very limited information, e.g. signal “1” (goods purchased) or “0” (goods not purchased).

Script (JavaScript)

Analogous to a programming language, a script language is capable of executing more complex instructions.

4.1.1 Required tracking techniques and cookies

These tracking techniques and cookies are necessary for you to navigate the pages and use essential functions. They enable basic functions, such as order processing in the online shop and access to secure areas of the website. In addition, they serve the anonymous evaluation of user behaviour, which is used by us to continuously develop our website for you. The legal basis for these cookies is Art. 6 para. 1 lit. b) DSGVO.

4.1.2 Statistical, analytical and performance tracking techniques and cookies

These tracking techniques and cookies help us to better understand user behaviour or are used when additional functions, such as chat, are used. Analysis cookies enable the collection of usage and recognition data by first or third party providers, in so-called pseudonymous usage profiles. For example, we use analysis cookies to determine the number of individual visitors to a website or service or to collect other statistics relating to the operation of our products, as well as to analyse user behaviour on the basis of anonymous and pseudonymous information on how visitors interact with the website. It is not possible to draw any direct conclusions about a person. The legal basis for these cookies is Art. 6 para. 1 lit. a) DSGVO.

4.1.3 Marketing / Retargeting

These cookies and similar technologies are used to show you personalised and therefore relevant promotional content. Marketing cookies are used to display interesting advertising content and to measure the effectiveness of our campaigns. This is done not only on Telekom Deutschland GmbH websites, but also on other advertising partner sites (third-party providers). This is also known as retargeting, it is used to create a pseudonymous interest profile and to serve relevant advertising on other websites. It is not possible to draw any direct conclusions about a person. Marketing and retargeting cookies help us to display relevant advertising content for you. By suppressing marketing cookies, you will continue to see the same number of advertisements, but they may be less relevant to you. The legal basis for these cookies is Art. 6 para. 1 lit. a) DSGVO.

4.2 Tools, services and plug-ins used in detail

4.2.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc (“Google”), represented in Europe by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). Google Analytics uses marketing cookies that allow an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. We have activated IP anonymisation on this website so that your IP address is truncated beforehand by Google within member states of the European Union (EU) or in other contracting states to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Google Analytics cookies are only stored if you have selected the “Allow all cookies” option in the notice banner. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link:

Download page for the browser add-on to deactivate Google Analytics.

4.2.2 Google AdWords

We use “Google AdWords” on our website and in this context conversion tracking (visit action evaluation). Google Conversion Tracking is an analysis service of Google Ireland Limited (Google Ireland Limited, Gordon House, 4 Barrow st, Dublin, D04 E5W5, Ireland; “Google”). When you click on an ad placed by Google, a tracking cookie for conversion tracking is placed on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we will be able to recognise that you clicked on the ad and were redirected to that page. Each Google AdWords customer receives a different cookie. Thus, there is no way that cookies can be tracked across AdWords customers’ websites.
The information obtained with the help of the conversion cookie is used to create conversion statistics. Here, we learn the total number of users who clicked on one of our ads and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information with which users can be personally identified.

The processing is based on Art. 6 (1) lit. f DSGVO from the legitimate interest in targeted advertising and the analysis of the effect and efficiency of this advertising.

You can deactivate personalised advertising for you in Google’s advertising settings by setting your browser to block cookies from the “” domain.

You can find instructions on how to do this at Further information and Google’s privacy policy can be found at:

4.2.3 Instagram

Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

You can find more information on this in Instagram’s privacy policy:

4.2.4 XING

Spherea has integrated components of Xing on this website. Xing is an Internet-based social network that enables users to connect with existing business contacts and to make new business contacts. Individual users can create a personal profile of themselves on Xing. Companies can, for example, create company profiles or publish job offers on Xing.

The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

By accessing one of the individual pages of this website operated by SPHEREA on which a Xing component (Xing plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information on the Xing plug-ins can be found at Within the scope of this technical procedure, Xing receives information about which specific sub-page of our website is visited by the data subject.

If the data subject is logged in to Xing at the same time, Xing recognises which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the data subject. If the data subject activates one of the Xing buttons integrated on our website, for example the “Share” button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.

Xing always receives information via the Xing component that the data subject has visited our website if the data subject is simultaneously logged into Xing at the time of calling up our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing, he or she can prevent the transmission by logging out of his or her Xing account before accessing our website.

The data protection provisions published by Xing, which can be accessed at, provide information on the collection, processing and use of personal data by Xing. Furthermore, Xing has published data protection information for the XING Share button at

4.2.5 YouTube

SPHEREA has integrated YouTube components on this website.

YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all kinds of videos, which is why complete film and television programmes, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the individual pages of this website operated by SPHEREA is accessed and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at Within the scope of this technical procedure, YouTube and Google receive information about which specific sub-page of our website is visited by the data subject.

If the data subject is logged into YouTube at the same time, YouTube recognises which specific sub-page of our website the data subject is visiting when a sub-page containing a YouTube video is called up. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged into YouTube at the same time as calling up our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, he or she can prevent the transmission by logging out of his or her YouTube account before accessing our website.

The data protection provisions published by YouTube, which can be accessed at, provide information on the collection, processing and use of personal data by YouTube and Google.

SPHEREA GmbH only collects, processes and stores your personal data if this is permitted by law or if you have given your consent. We obtain this data in two ways: either you have provided us with the data or we collect it when you use our services.

5.1 Data we receive through your use of our services

Some data is already collected automatically and for technical reasons when you visit our website. This data is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

The IP address of the requesting computer
Date and time of access
Name and URL of the file accessed
Website from which access was made (referrer URL)
The browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The aforementioned data is processed by us for the following purposes:

Ensuring a smooth connection set-up of the website,
Ensuring a comfortable use of our website,
evaluation of system security and stability.

The above-mentioned data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

In addition, we use cookies when you visit our website. You can find more detailed explanations of this in section 4 of this data protection declaration.

5.2 Data transfer to a third country or an international organisation

Your data will generally be processed in Germany and within the European Union. If, in exceptional cases, your data is also processed in countries outside the European Union (i.e. in so-called third countries), this is done insofar as you have expressly consented to this or it is necessary for our provision of services to you or it is provided for by law (Art. 49 DSGVO). In addition, your data will only be processed in third countries if certain measures ensure that an adequate level of data protection exists (e.g. adequacy decision of the EU Commission or so-called suitable guarantees, Art. 44ff DSGVO).

As a rule, you can use our website without providing us with any personal information directly. For some services, we will request personal information from you in order to be able to process the respective service quickly and in a user-friendly manner or to be able to offer the service at all.

5.3 External links – leaving our website and social media

Generally, you can use our website without providing any personal information directly to us. For some services we will ask you for personal information. There are also links on our site that will take you out of our site and to the SPHEREA Group site or our customer area.

5.3.1 SPHEREA Group

When you use the SPHEREA Group link, you immediately leave our website and thus our area of responsibility. Further data processing is the responsibility of SPHEREA Test & Services SAS. For further information, please refer to the privacy policy mentioned there.

5.3.2 Helpdesk

When using the helpdesk link, you will immediately leave our website and land on the login page of the Atlassian service desk. Further data processing remains our responsibility. Data will continue to be processed in accordance with all the information in this Privacy Policy and in accordance with the agreement made with you at the time of registration.

No data will be processed outside of the closed customer area.

5.3.3 Social media

We also offer you extensive personal support and the opportunity to stay in contact with us via our social media pages (Xing, LinkedIn, YouTube) on the basis of Art. 6 (1) sentence 1 lit. f DSGVO. These social media services may collect personal data themselves, e.g. via your profile created there.
It cannot be ruled out that every visitor to these sites is recorded by the companies listed above. The purpose and scope of the data collection and the further processing and use of the data by these companies, as well as your rights in this respect and setting options for protecting your privacy, can be found in the data protection information provided by:


For more information on the processing of your personal data by Instagram-Facebook, please see point 6.2.

6.1 Data collection and processing using the contact details on our contact page

The website of Spherea GmbH does not contain a contact form. You therefore have the option of quickly contacting our company electronically. If you contact us using the e-mail and address details provided on the contact page of this website, the personal data you provide will be automatically stored. Such personal data transmitted by you to us on a voluntary basis will be stored for the purpose of processing the enquiry or contacting you. This personal data will not be passed on to third parties.

6.2 Data collection and processing when contacting us via Instagram (Facebook Inc.)

If you send us messages via Instagram, we receive the following data from Instagram:

– Entered message
– Name
– Profile picture
– Attachments
– Voice messages

This personal data is used to process your request.

If you contact us via email or other Instagram functions (e.g. comments), the information you provide as well as your username and other information about your usage behaviour will be stored by Facebook Inc (Instagram). For information on data processing by Facebook, please refer to Facebook’s privacy policy mentioned above.

As the owner of the fan page, we do not store your personal Facebook/Instagram details, not even outside of Facebook, and do not pass them on to third parties.

SPHEREA collects and processes the personal data of applicants for the purpose of handling the application procedure. The processing may also take place by electronic means. This is in particular the case when an applicant submits relevant application documents to the controller by electronic means, for example by e-mail. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after the notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

You are welcome to obtain further information at

As mentioned above, you also have the possibility to ask our data protection officer your data protection-related questions at any time.

Automated decision-making based on the personal data collected does not take place.

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted if it is no longer required to achieve the necessary purposes.

Of course, you retain control over all personal data that you provide to us when visiting the website and using our services. You have the following rights, which you can exercise free of charge.

10.1 Right of access

You have the right to obtain information about your personal data stored by us at any time (Art.15 DSGVO).

10.2 Right to correction, deletion or restriction of processing

You have the right to have your personal data corrected (Art.16 DSGVO), erased (Art.17 DSGVO) or processing restricted (Art.18 DSGVO).

10.3 Right to data portability

You have the right to request a transfer of your personal data from us to another entity (Art. 20 DSGVO).

10.4 Right to object

To exercise your right to object, you must declare your objection to us. In some cases, this can be done directly online (e.g. in the case of cookies) or you can contact the data protection team (see above for contact details). If we process your personal data within the framework of a balancing of interests on the basis of our overriding legitimate interest, you have the right at any time to object to this processing with effect for the future on grounds arising from your particular situation (Art. 21 DSGVO).

If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

10.5 Right to revoke consent given

You have the right to revoke your consent to the processing of personal data at any time with effect for the future (Art. 7 (3) DSGVO). In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

10.6 Right to complain

You have the right to complain to a supervisory authority or to our company, insofar as you should have a reason for complaint (Art. 77 DSGVO). To exercise your rights against our company, please contact the contact persons listed at the end of this privacy policy.

We use the common SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.