Privacy Notice2020-08-03T16:39:57+02:00

Privacy Notice

We appreciate your interest in our company. Data protection is extremely important for the management of Spherea GmbH (hereinafter also referred to as ‘controller’, ‘we’, ‘us’).

The use of the websites of the Spherea GmbH is generally possible without the disclosure of any personal data. However, when a data subject wishes to claim special services from our website, the processing of personal data may be necessary. If such processing is necessary and no other legal basis is applicable, we generally acquire the data subject’s declaration of consent.

The processing of personal data such as name, address, E-Mail address, or phone number is carried out under strict adherence to data protection laws, especially the European General Data Protection Regulation (GDPR). With this Privacy Notice, we want to inform the public about the nature, scope and purpose of the data processing on this website. Additionally, we wish to inform any data subjects about their rights according to applicable data protection laws.

The Spherea GmbH has taken appropriate technical and organizational measures to ensure the safety and security of your personal data which we process. Nevertheless, data transfers via the internet always bear some security risks. Therefore, any data subject can freely decide to communicate with us or disclose their data by other means, such as by telephone.

1. Definitions

This Privacy Notice of the Spherea GmbH is based on the terminology used by the GDPR. We aim at the comprehensiveness and readability of this Notice – to ensure this, we provide you with an explanation of the terminology used.

We use the following terms in this Privacy Notice:

a) Personal Data

Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data Subject

The data subject is the identified or identifiable natural person, whose personal data are processed by the controller.

c) Processing

Processing means any operation on personal data such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of Processing

Restriction of processing is the special marking of stored personal data with the aim of restricting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to assess certain personal aspects related to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, personal data, reliability, behavior, location or movements of that natural person.

f) Pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller

The controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, authority, authority or other body to which the personal data is disclosed, whether it is a third party. However, authorities which may obtain personal data in the context of a particular investigation in accordance with Union or Member State law shall not be deemed to be recipients; the processing of such data by these authorities in accordance with the applicable data protection rules in accordance with the purposes of the processing.

j) Third Party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

The consent of the data subject means any freely given, specific, informed and unambiguous indication of the wishes of the data subject, by which he or she means consent to the processing of personal data concerning him or her by means of a declaration or a clear affirmative act.

2. Name and Address of the Controller

Spherea GmbH
Magirus-Deutz-Straße 13
89077 Ulm

Tel.: +49 731 17630-0
Fax: +49 731 17630-109
E-Mail: info@spherea.de
Webseite: www.spherea.de

3. Name and Address of the Data Protection Officer

The controller’s Data Protection Officer (DPO) is:

ditis Systeme
James Putnam
Lise-Meitner-Straße 15
89081 Ulm

In case of any questions with regards to data protection any data subject can directly contact our DPO by email: datenschutz@spherea.

4. Cookies

The Spherea GmbH website uses cookies. Cookies are small text files that are saved and stored on the computer system via the web browser.

A multitude of websites and servers use cookies. Many cookies include a so-called cookie ID. A cookie ID is a unique identifier for cookies. It consists of a string of characters which can be used to assign Internet pages and servers to the specific Internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific web browser can recognize and identify the unique cookie ID.

By using cookies, Spherea GmbH can provide users of this website with more user-friendly services that would not be possible without the cookies.

A cookie can be used to optimize the information and offers on our website in the interests of the user as cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to enter his or her log in information each time he or she visits the website when this is done by the website and the cookie stored on the user’s computer system.

The data subject can prevent cookies from being set by our website at any time by means of the right setting in the Internet browser used and thereby permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via the Internet browser or other software programs; this is possible with all common Internet browsers. If the person concerned deactivates the setting of cookies in the browser, it may be possible that not all functions of our website can be used to their full extent.

5. Collection of Data and Information

The Spherea GmbH website collects data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server’s log files. The following information is collected:

  • Browser type and version used
  • Operating system used by the accessing device
  • Website from which the device accesses our website
  • Sub-websites that are accessed on our website
  • Date and time of the access
  • Internet protocol address (IP address)
  • Internet service provider of the accessing device
  • Other data and information that is used for security in the event of attacks on our IT system

Spherea GmbH does not use the data and information for any decision-making process about data subjects. This information is rather required in order to:

  • Deliver the content of our website correctly
  • Optimize the content and advertising on our website
  • Ensure the long-term functionality of our IT systems and the technology of our website
  • Provide law enforcement authorities with the necessary information in the event of criminal prosecution for cyber-attacks.

These anonymized data and information is therefore processed by Spherea GmbH for both statistical purposes and to increase data protection and data security in the company, ultimately ensuring an optimum level of protection for the personal data processed. The anonymous data in the server log files are stored separately from all personal data provided by the data subject.

6. Contact via the Website

The website of Spherea GmbH offers the possibility to establish a swift electronic contact with our company. If a data subject contacts us by E-Mail via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted to us by a data subject on a voluntarily basis are stored for the purpose of working on the requests or to contact the data subject. These personal data are not transferred to third parties.

7. Retention Period of Personal Data

The controller processes and stores the data subject’s personal data only for the period of time necessary for the purposes for which it is being processed or as required by law. If the purpose of the storage ceases to apply or if a statutory storage period expires, the personal data is blocked or deleted as a matter of routine and in accordance with data protection regulations.

8. Rights of the Data Subject

a) Right of Confirmation

Every data subject has the right to obtain confirmation from the controller as to whether personal data relating to him or her are being processed.

b) Right of Access

Every data subject has the right to receive information from us about the personal data stored about him or her and to receive a copy of this information. Furthermore, the data subject has the right to be informed about whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject shall also have the right to obtain information about the appropriate guarantees in connection with that transfer.

c) Right to Rectification

Every data subject has the right to obtain the rectification of inaccurate personal data concerning him or her without delay. He or she also has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

d) Right to Erasure (“Right to be forgotten”)

Any data subject has the right to demand that the personal data relating to him or her are deleted immediately, unless we have reasons for further storage.

e) Right to Restriction of Processing

Under certain conditions, every data subject has the right to request restriction of processing.

f) Right to Data Portability

Every data subject has the right to receive the personal data concerning him or her which he or she has provided to us in a structured, common and machine-readable format. Furthermore, he or she has the right to have the personal data transmitted directly from us to another controller, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other individuals.

g) Right to Object

Every data subject has the right to object to the processing of his or her personal data, unless we can demonstrate legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If Spherea GmbH processes personal data for the purpose of direct marketing, the data subject has the right to object at any time to the processing of personal data for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct marketing. If the data subject objects to Spherea GmbH processing for direct marketing purposes, Spherea GmbH will no longer process the personal data for these purposes.

h) Automated Individual Decision-making and Profiling

Every data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which results in legal effects concerning him or her or which significantly affects him or her in a similar way, except where the decision is (1) necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) authorized by Union or Member State law to which we are subject and provided that such law contains adequate safeguards with regard to the rights and freedoms and legitimate interests of the data subject, or (3) based on the explicit consent of the data subject.

i) Right to Withdraw a Consent

Every data subject has the right to withdraw his or her consent to the processing of personal data at any time. Such withdrawal does not affect the lawfulness of the previously processed personal data.

j) Right to Lodge a Complaint with the Supervisory Authority

Every data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data violates the GDPR.

9. Data Protection for Applications and in the Application Process

The controller processes the personal data of applicants for the purpose of completing the application process. The processing may also be carried out by electronic means. This applies in particular if applicants submit their documents to the controller electronically, for example by E-Mail or via a web form on our website. If the controller concludes an employment contract with an applicant, the submitted data are stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, unless deletion is contrary to any other legitimate interests of the controller. Other legitimate interests may include, for example, the possible defense against a law suit based on the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG).

10. Privacy Policy on the Use of Google Analytics (Anonymization)

With your consent (Art. 6 I 1 lit. a) GDPR, please also see below) we use Google Analytics on our website. Google Analytics is an analysis service from our contractual partner Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States), which uses Cookies and stores the data on servers in the USA. In this context, Google complies with the data protection regulations of the EU-US Privacy Shield and thus guarantees the security and confidentiality of your data.

For the protection of your personal data, we use the so-called IP-anonymization method. Your IP address is automatically shortened within the EU and the European Economic Area before it is forwarded to the USA. This means that it is no longer possible to assign this address to you since it cannot be matched with other data that may be stored by Google.

Google uses the data collected on our behalf exclusively for the evaluation of the use of our offers and the activity on our pages as well as for the improvement and optimization of our online services. The following data is collected for this purpose:

  • Your IP address (see above)
  • The visited pages
  • Technical data (browser, device etc.)
  • The referrer-URL

Your data will be automatically deleted after 14 months.

Even after you have given your consent, you can still prevent the storage of cookies on your end device at any time by making the appropriate settings on your browser – however, this may mean that you may no longer see all of our content.

You can also use a browser add-on to prevent the information collected by cookies from being sent to Google: https://tools.google.com/dlpage/gaoptout?hl=de

For more information, please visit: https://support.google.com/analytics/answer/6004245?hl=de

11. Policy on the Use of Google-AdWords

The controller has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to display ads in Google’s search engine results as well as in the Google advertising network. Google AdWords allows an advertiser to specify pre-defined keywords that will cause an ad to appear in Google’s search engine results only when the user uses the search engine to retrieve a keyword relevant search result. In the Google advertising network, the ads are distributed to topic-relevant websites by means of an automatic algorithm and in accordance with the previously defined keywords.

Google AdWords is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by displaying interest-related advertising on the websites of third-party companies and in the search engine results of the Google search engine and by displaying third-party advertising on our website.

If a data subject reaches our website via a Google ad, a so-called conversion cookie is placed on the data subject’s IT system by Google. Such a cookie expires after thirty days and is not used to identify the person concerned. If the cookie has not yet expired, the conversion cookie is used to determine whether certain sub-pages, such as the shopping cart from an online shop system, have been accessed on our website.

The conversion cookie enables both us and Google to track whether a person that reached our website via an AdWords ad generated sales, i.e. whether he or she made or cancelled a purchase.

The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive any information from Google that could be used to identify a person.

The conversion cookie is used to store personal data, such as the websites visited by the data subject. Whenever our website is visited, personal data, including the IP address of the Internet connection used by the person concerned, is transferred to Google in the USA. This personal data is stored by Google. Google may pass on this personal data collected via the technical process to third parties.

The person concerned can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting in the Internet browser used, and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the opportunity to object to interest-based advertising by Google. To do so, the data subject may access www.google.de/settings/ads from each of the Internet browsers he or she uses and make the desired settings there.

You can find more information and the current data policy of Google under: https://www.google.de/intl/de/policies/privacy/.

12. Legal Bases for the Processing

Art. 6 I 1 lit. a) GDPR serves our company as a legal basis for processing operations for which we obtain consent. If the processing is necessary for the performance of a contract to which the data subject is party the legal basis is Art. 6 I 1 lit. b) GDPR. This is the case, for example, when delivering goods or fulfilling other contractual obligations. The same applies to such processing operations which are necessary for pre-contractual measures, for example in case of enquiries about our products or services. If our company is subject to a legal obligation which makes it necessary to process personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I 1 lit. c) GDPR. Finally, processing operations can be based on Art. 6 I 1 lit. f) GDPR. On this basis the processing of personal data is lawful when the legitimate interests of the controller or by any third party outweigh the rights and freedoms of the data subject.

13. Retention Period

The criteria for the storage of personal data are derived from legal retention periods. After expiry of these periods, the data is routinely deleted, provided that it is no longer required for the fulfilment or the initiation of a contract.

14. Contractual or Statutory Provisions Making the Personal Data Available; Necessity for the Conclusion of a Contract; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of not Providing the Data

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information about the contracting party). Sometimes it may be necessary that a data subject provides us with personal data that we have to process subsequently to conclude a contract. For example, data subjects are obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would result in the contract not being concluded with the person concerned. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee explains to the person concerned on a case-by-case basis whether the provision of personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of not providing the personal data

15. Automated Decision-Making

As a controller we do not use automatic decision-making or profiling.

16. Updating this Privacy Notice

We will update this Privacy Notice at regular intervals in order comply with the current data protection regulations and to adhere to technical developments. It will be effective with its publishing here.