Privacy policy

Home

Privacy policy

Name and address of the controller

The controller is the body which alone – or jointly with others – determines the purposes and means of the processing of personal data. The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Spherotech GmbH
René Schieder
Dieselstrasse 11
36041 Fulda
Tel.: +49 661 9026 90
Fax: +49 661 9026 950
Email: balls@spherotech.net
Website: www.spherotech.de

Name and address of the data protection officer

The data protection officer of the controller can be reached at the following contact details:

SYNTARGO GmbH
FAO DSB Spherotech GmbH
Oberer Graben 66
97980 Bad Mergentheim
Telephone: +49 7931 - 4986300
Email: datenschutz@spherotech.net

1. General information on data processing

1. Scope of processing personal data

The controller collects and uses the personal data of its users (hereinafter also referred to as “data subject”, “person concerned” or “visitor”) only insofar as this is necessary to provide a functional website and to display the content and services. The collection and processing of users' personal data for other purposes only takes place regularly with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for factual reasons, the processing is based on pre-contractual or contractual measures, the processing of the data is permitted by law and/or the controller has a legitimate interest in the processing.

Your personal data is as a rule collected directly from you, e.g. when you contact us, consent to services on this website or use forms on this website. In addition, technical data that is absolutely necessary for the operation of the site is automatically collected when you enter the site.

2. Legal basis for the processing of personal data

Insofar as the controller obtains the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. If special categories of data are processed in accordance with Art. 9 para. 1 GDPR, Art. 9 para. 2 lit. a GDPR shall apply as the legal basis. For any transfer to a non-secure third country, processing shall be carried out on the basis of Art. 49 para. 1 sentence 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device, the data processing is also carried out on the basis of Section 25 para. 1 TTDSG.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which the controller is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another private individual require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR shall serve as the legal basis.

If the processing is necessary to safeguard a legitimate interest of the controller or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 sentence 1 lit. f GDPR shall serve as the legal basis for the processing.

3. Data erasure and duration of processing

If no exact storage period has been specified in this data protection information, the personal data of our website visitors shall remain with us until the data processing purpose no longer applies. The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply or any consent given by the data subject is revoked or processing is objected to. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the above standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

4. Requirement to provide personal data

The provision of your personal data is not required by law or contract. There is no obligation to provide. However, non-provision may mean that you cannot use functions, services, forms and other processing on our website. We recommend that you only provide personal data that is required, for example to process your inquiry, to perform your desired offer and to use the functions we offer. If the provision of your personal data is required by law or contract, we shall inform you of this by means of a separate reference to the respective processing in this data protection information.

The collection of technical data (and possibly the collection of your IP address as a piece of personal date) for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website and takes place automatically when you access this website. If you do not want this, you must leave this page.

2. Rights of the data subject

If we process your personal data, you as the data subject have the following rights vis-à-vis us as the controller:

1. Right to information, Art. 15 GDPR

Within the framework of the applicable legal provisions, you have the right to(free) information about your collected and stored personal data at any time. This includes, among other things, information about the purposes of the processing, its origin and recipients, the storage period and the existence of various rights.

2. Right to rectification, Art. 16 GDPR

You have a right to rectification (also in the sense ofcompletion) of your data vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete for the purpose of processing. The controller must make the rectification immediately.

3. Right to erasure, Art. 17 GDPR

You may request the erasure of your personal data at any time under the conditions of Art. 17 GDPR,unless there are still circumstances that entitle or obligate the controller tocontinue processing your personal data(such as statutory retention obligations).

4. Right to restriction of processing, Art. 18 GDPR

If the legal requirements are met, you may request a restriction on the processing of your personal data within the scope of Art. 18 GDPR.

5. Notification obligation, Art. 19 GDPR

If your personal data has been processed by recipients to whom the controller has disclosed the data, the controller is obligated to inform them of yourrequests for rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You may request that the controller informs you about these recipients.

6. Right to data portability, Art. 20 GDPR

If you have provided us with personal data and automated processing is carried out on the basis of your consent or on the basis of a contract, you have the right to transfer the data provided by you within the scope of Art. 20 GDPR, provided that this does not adversely affect the rights and freedoms of other persons. The data is provided in a common, machine-readable format. If you request the directtransfer of the data to another controller, this shall only be done to the extent that it is technically feasible.

7. Right to object, Art. 21 GDPR

You have the right to object to the processing of your data at any time,provided that the processing is carried out on the basis of a balancing of interests. This is the case if the controller relies on the public interest or its legitimate interest for processing(see Art. 6 para. 1 sentence 1 lit. e and f). The prerequisite is that you assert reasons arising from your particular situation which outweigh the interests of the controller. The controller shall no longer processthe personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Art. 21 para. 2 GDPR contains a special, deviating regulation if the personal data concerning you is used for direct marketing. Here you havethe right to object to the processing of your personal data at any time without further requirements. Your personal data shall no longer be processed for the purpose of direct marketing. If profiling isassociated with direct advertising, you may also object to this.

In connection with the use of information society services,you have the option of exercising your right to object by means of automated procedures that use technical specifications.

8. Automated decision in individual cases, Art. 22 GDPR

Pursuant to Art. 22 GDPR, you have the right that decisions whichproduce legal effects concerning you or similarly affect you are not based solely on automated processing, including profiling. Exceptions may exist if appropriate measures for the protection of your person are guaranteed and there are necessary contractual regulations or a legal provision or you have expressly consented.

9. Right to withdraw your consent, Art. 7 para. 3 GDPR

You have the right to withdraw your declaration of consent under data protection law at any time. The legality of the data processing carried out until the revocation remains unaffected by the withdrawal. You may send your withdrawal to the controller by email or by post.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information. If you are in another federal state or not in Germany, you may also contact the data protection authority there.

3. SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons andto protect the transmission of confidential content, such as the requests you send to us as the site operator. An encrypted connection can be recognized by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in the address bar. If SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. External hosting

1. Description and scope of data processing

This website is hosted by an external service provider (a hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, page views and otherdata generated via a website.

2. Rechtsgrundlage für die Datenverarbeitung

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR for the provision of the website.

3. Purpose of data processing

The hoster is used for the purpose of secure, fast and efficient provision of our online services and the reliable presentation and provision of our website by a professional provider. Our legitimate interest lies in these purposes.

4. Duration of storage, objection and removal options

The data shall be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user

5. Conclusion of an order processing contract

In connection with the data processing described above, the data shall be passed on and processed by our external host: Host Europe GmbH, Hansestrasse 111, 51149 Cologne. We have concluded an order processing contract with our hoster. This is a contract prescribed by data protection law, which ensures that Host Europe GmbH processes the personal data of our website visitors only in accordance with our instructions and in compliance with data protection regulations (GDPR, BDSG, etc.).

5. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the system of the accessing device.

The following data is collected in this process:

  1. Information about the browser type and version used
  2. The user's operating system
  3. The user's internet service provider
  4. The user's IP address
  5. The date and time of access
  6. Websites from which the user's system accesses our website
  7. Websites that are accessed by the user's system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

3. Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Duration of storage, objection and removal options

The data shall be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this shall be the case after 3 months at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign them to the accessing end device.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

6. Contact by email and/or telephone

1. Description and scope of data processing

Email addresses and telephone numbers are provided on our website and in our signatures, which can be used to contact us electronically and/or by telephone. In this case, the personal data of the data subject transmitted with the email shall be stored. If you contact us by telephone, personal data may also be stored in order to process your inquiry.

No data shall be passed on to third parties in this context. The data shall only be used to contact you and to conduct the conversation.

2. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email or during a telephone call is Art. 6 para. 1 sentence 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

3. Purpose of data processing

The processing of personal data serves us solely to process the contact. This also constitutes the necessary legitimate interest in the processing of the data.

4. Duration of storage, objection and removal options

The data shall be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data sent by email or transmitted by telephone, this is the case when the respective conversation with the data subject has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If a contract is concluded as a result of the contact, the corresponding (statutory) retention obligations and regulations apply.

If a data subject contacts us by email or telephone, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us shall be deleted in this case.

7. Contact form

1. Description and scope of data processing

There is a contact form on our website which you can use to contact us electronically. If a user makes use of this option, the data entered in the input mask shall be transmitted to us and stored. This data is:

  1. Name
  2. Email address
  3. Other personal data that you send us via the message field in the contact form.
  4. IP address of the user
  5. Date and time of contact

For processing the data, reference is made to this data protection information as part of the sending process. No data shall be passed on to third parties in this context. The data shall be used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of data transmitted via the contact form is Art. 6 para. 1 sentence 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

The legal basis for the processing of all other personal data processed during the sending process that is transmitted via the contact form is Art. 6 para. 1 sentence 1 lit. f GDPR.

3. Purpose of data processing

The processing of the personal data from the input mask serves us solely to process the contact. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. Our legitimate interest also lies in these purposes.

4. Duration of storage, objection and removal options

The data shall be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input screen of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

If a user contacts us via the form, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us shall be deleted in this case.

8. Online application

1. Description and scope of data processing

The data controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing MAY also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by email or via a web form on the website.

In the course of your online application, we shall collect and process the following personal application data from you:

  1. Your master data (such as first name, surname, name affixes, date of birth)
  2. Work permit / residence permit, if applicable
  3. Contact details (e.g. private address, (cell) telephone number, email address),
  4. Skill data (e.g. special knowledge and skills)
  5. if relevant for the advertised position: medical suitability
  6. Other data that you transmit to us as part of the application process.

As a rule, your personal data shall be collected directly from you as part of the recruitment process, in particular from the application documents, the job interview and the personnel questionnaire. Furthermore, we may process personal data from publicly accessible sources, e.g. websites, professional networks) which we use permissibly and only for the respective purpose.

If you would like to be included in our applicant pool in the event of a rejection, we require a declaration of consent from you. You can make it electronically during the application process.

Your personal application data shall not be passed on without your express prior consent.

2. Legal basis for data processing

The legal basis for the processing of applicants' data is Art. 6 para. 1 sentence 1 lit. b GDPR in conjunction with Section 26 para. 1 BDSG for the establishment of an employment relationship.

Storage in our applicant pool takes place on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR (your consent).

The legal basis for the processing of all other personal data processed during the sending process, which is transmitted via your online application, is Art. 6 para. 1 sentence 1 lit. f GDPR.

3. Purpose of data processing

Your personal application data is collected and processed exclusively for the purpose of filling vacancies within our company. The primary purpose of data processing is therefore to establish an employment relationship with the controller.

Your data shall only be forwarded to the internal and specialist departments of our company responsible for the specific application process.

The other personal data processed during the sending process is used to prevent misuse of the application form and to ensure the security of our information technology systems. Our legitimate interest lies in these purposes.

4. Duration of storage, objection, withdrawal and removal options

If you are hired, we shall transfer your application documents to your personnel file. After termination of the employment relationship, the personal data that we are legally obligated to retain shall continue to be stored. This regularly results from legal obligations to provide evidence and retain records, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods are then up to ten years. In addition, personal data may be retained for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years).

In the event of rejection, your application documents shall be deleted no later than 6 months after completion of the application process, unless you have given us your consent for longer storage (applicant pool).

You have the right to withdraw your declaration of consent under data protection law for inclusion in our applicant pool at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You may withdraw your consent at any time using the contact details provided in the legal notice.