We appreciate your interest in our company. Data protection is extremely important for the management of Spherea GmbH (hereinafter also referred to as ‘controller’, ‘we’, ‘us’).
The use of the websites of the Spherea GmbH is generally possible without the disclosure of any personal data. However, when a data subject wishes to claim special services from our website, the processing of personal data may be necessary. If such processing is necessary and no other legal basis is applicable, we generally acquire the data subject’s declaration of consent.
The processing of personal data such as name, address, E-Mail address, or phone number is carried out under strict adherence to data protection laws, especially the European General Data Protection Regulation (GDPR). With this Privacy Notice, we want to inform the public about the nature, scope and purpose of the data processing on this website. Additionally, we wish to inform any data subjects about their rights according to applicable data protection laws.
The Spherea GmbH has taken appropriate technical and organizational measures to ensure the safety and security of your personal data which we process. Nevertheless, data transfers via the internet always bear some security risks. Therefore, any data subject can freely decide to communicate with us or disclose their data by other means, such as by telephone.
This Privacy Notice of the Spherea GmbH is based on the terminology used by the GDPR. We aim at the comprehensiveness and readability of this Notice – to ensure this, we provide you with an explanation of the terminology used.
We use the following terms in this Privacy Notice:
1.1 Personal Data
Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.2 Data Subject
The data subject is the identified or identifiable natural person, whose personal data are processed by the controller.
Processing means any operation on personal data such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.4 Restriction of Processing
Restriction of processing is the special marking of stored personal data with the aim of restricting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to assess certain personal aspects related to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, personal data, reliability, behavior, location or movements of that natural person.
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
The controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Recipient means a natural or legal person, authority, authority or other body to which the personal data is disclosed, whether it is a third party. However, authorities which may obtain personal data in the context of a particular investigation in accordance with Union or Member State law shall not be deemed to be recipients; the processing of such data by these authorities in accordance with the applicable data protection rules in accordance with the purposes of the processing.
1.10 Third Party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
The consent of the data subject means any freely given, specific, informed and unambiguous indication of the wishes of the data subject, by which he or she means consent to the processing of personal data concerning him or her by means of a declaration or a clear affirmative act.
An external data protection officer is responsible for the correct implementation of data protection. If you have any concerns regarding the processing of your personal data, you can also contact this office directly:
Please contact us by post at:
Data Protection Team
Or by e-mail to:
SPHEREA GmbH only collects, processes and stores your personal data if this is permitted by law or if you have given your consent. We obtain this data in two ways: either you have provided us with the data or we collect it when you use our services.
5.1 Data we receive through your use of our services
Some data is already collected automatically and for technical reasons when you visit our website. This data is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:
The IP address of the requesting computer
Date and time of access
Name and URL of the file accessed
Website from which access was made (referrer URL)
The browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The aforementioned data is processed by us for the following purposes:
Ensuring a smooth connection set-up of the website,
Ensuring a comfortable use of our website,
evaluation of system security and stability.
The above-mentioned data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
5.2 Data transfer to a third country or an international organisation
Your data will generally be processed in Germany and within the European Union. If, in exceptional cases, your data is also processed in countries outside the European Union (i.e. in so-called third countries), this is done insofar as you have expressly consented to this or it is necessary for our provision of services to you or it is provided for by law (Art. 49 DSGVO). In addition, your data will only be processed in third countries if certain measures ensure that an adequate level of data protection exists (e.g. adequacy decision of the EU Commission or so-called suitable guarantees, Art. 44ff DSGVO).
As a rule, you can use our website without providing us with any personal information directly. For some services, we will request personal information from you in order to be able to process the respective service quickly and in a user-friendly manner or to be able to offer the service at all.
5.3 External links – leaving our website and social media
Generally, you can use our website without providing any personal information directly to us. For some services we will ask you for personal information. There are also links on our site that will take you out of our site and to the SPHEREA Group site or our customer area.
5.3.1 SPHEREA Group
No data will be processed outside of the closed customer area.
5.3.3 Social media
We also offer you extensive personal support and the opportunity to stay in contact with us via our social media pages (Xing, LinkedIn, YouTube) on the basis of Art. 6 (1) sentence 1 lit. f DSGVO. These social media services may collect personal data themselves, e.g. via your profile created there.
It cannot be ruled out that every visitor to these sites is recorded by the companies listed above. The purpose and scope of the data collection and the further processing and use of the data by these companies, as well as your rights in this respect and setting options for protecting your privacy, can be found in the data protection information provided by:
For more information on the processing of your personal data by Instagram-Facebook, please see point 6.2.
6.1 Data collection and processing using the contact details on our contact page
The website of Spherea GmbH does not contain a contact form. You therefore have the option of quickly contacting our company electronically. If you contact us using the e-mail and address details provided on the contact page of this website, the personal data you provide will be automatically stored. Such personal data transmitted by you to us on a voluntary basis will be stored for the purpose of processing the enquiry or contacting you. This personal data will not be passed on to third parties.
6.2 Data collection and processing when contacting us via Instagram (Facebook Inc.)
If you send us messages via Instagram, we receive the following data from Instagram:
– Entered message
– Profile picture
– Voice messages
This personal data is used to process your request.
As the owner of the fan page, we do not store your personal Facebook/Instagram details, not even outside of Facebook, and do not pass them on to third parties.
SPHEREA collects and processes the personal data of applicants for the purpose of handling the application procedure. The processing may also take place by electronic means. This is in particular the case when an applicant submits relevant application documents to the controller by electronic means, for example by e-mail. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after the notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
You are welcome to obtain further information at email@example.com
As mentioned above, you also have the possibility to ask our data protection officer your data protection-related questions at any time.
Automated decision-making based on the personal data collected does not take place.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted if it is no longer required to achieve the necessary purposes.
Of course, you retain control over all personal data that you provide to us when visiting the website and using our services. You have the following rights, which you can exercise free of charge.
10.1 Right of access
You have the right to obtain information about your personal data stored by us at any time (Art.15 DSGVO).
10.2 Right to correction, deletion or restriction of processing
You have the right to have your personal data corrected (Art.16 DSGVO), erased (Art.17 DSGVO) or processing restricted (Art.18 DSGVO).
10.3 Right to data portability
You have the right to request a transfer of your personal data from us to another entity (Art. 20 DSGVO).
10.4 Right to object
To exercise your right to object, you must declare your objection to us. In some cases, this can be done directly online (e.g. in the case of cookies) or you can contact the data protection team (see above for contact details). If we process your personal data within the framework of a balancing of interests on the basis of our overriding legitimate interest, you have the right at any time to object to this processing with effect for the future on grounds arising from your particular situation (Art. 21 DSGVO).
If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
10.5 Right to revoke consent given
You have the right to revoke your consent to the processing of personal data at any time with effect for the future (Art. 7 (3) DSGVO). In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
10.6 Right to complain
We use the common SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.