Privacy

(Status: January 2025)

‍

Thank you for your interest in our website www.sphairlab.com. We are aware that the protection of your privacy when using our website is important to you. For this reason, compliance with the statutory data protection regulations is a matter of course for us.

‍
In the following, we inform you about the collection and other processing (e.g. storage, retrieval, modification, disclosure) of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

‍

If we process personal data when you use our website or if we use contracted service providers for individual functions, offers or services on our website that relate to data processing or if we wish to use your data for advertising purposes, we will inform you in detail below about the respective processes, in particular which data is processed. We will also state the intended storage period or, in any case, the specified criteria for the storage period and the relevant legal basis for the respective processing.

‍

We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

‍

I. Name and address of the person responsible

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

sphairlab GmbH
Merzbrück 212
52146 Aachen
DEUTSCHLAND
Telefon: +49-163-2518059
E-Mail: info@sphairlab.com
Internet: www.sphairlab.com

‍

II. Collection and storage of personal data and the type, purpose, legal basis and duration of their use

‍

§ 1 When visiting the website

If you only use the website for informational purposes, i.e. if you do not transmit information to us in any other way, we only collect the personal access data in so-called server log files that your browser transmits to our server. The following data is collected as part of the server log files:

‍

• IP address

• Date and time of the request

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (specific page)

• Access status/HTTP status code

• Amount of data transferred in each case

• Website from which the request originates

• Browser

• Operating system and its interface

• Language and version of the browser software.

‍

This data is analyzed and subsequently discarded exclusively to ensure trouble-free operation of the site with regard to stability and security and to improve our offer. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the aforementioned purposes for data collection. ‍

‍

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

‍

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

‍

§ 2 When using other services, functions and offers on our website

In addition to the purely informational use of our website, we offer functions that you can use if you are interested. To do so, you must generally provide additional personal data that we use to provide the respective service and to which the aforementioned data processing principles apply. The functions are described in more detail below.

‍

(1) Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

‍
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

‍
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

‍

(2) Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, we will store and process your request, including all personal data (name, request), for the purpose of processing your request. We will not pass on this data without your consent.

The data you send to us via contact inquiries will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

‍

§ 3 Storage duration

Unless a more specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

‍

§ 4 Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It therefore cannot be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

‍

§ 5 Visitor tracking

We use the “Plausible Analytics” tool to record the number of visitors, length of stay and source of website visitors. Plausible Analytics only collects summarized and freely accessible information that does not allow any conclusions to be drawn about individual visitors. Individual visitors are not identifiable and no cookies are set or used. Further information about the way in which data is collected can be found in the Plausible Analytics data policy.

‍

Plausible Insights OÜ
Västriku tn 2, 50403, Tartu, Estonia

‍

III. Hosting

External hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

‍
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

‍
Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.

‍
We use the following hoster:
Webflow, Inc.
398, 11th Street, 2nd Floor
San Francisco, CA 94193
USA

‍
Further information on Webflow's privacy policy: https://webflow.com/privacy

‍
Conclusion of a contract for order processing
In order to guarantee data protection-compliant processing, we have concluded an order processing contract with our hoster.

‍

IV. Links to our social media presences

Our website contains hyperlinks to our social media presences:
• LinkedIn

• Instagram
When you visit our site, no personal data is initially passed on to the providers of the social network. Only if you click on the link and thereby access our page of the corresponding social network will the provider of the social network receive the information that you have accessed the corresponding website of our online offering. In addition, the data mentioned under II. §1 of this declaration will be transmitted. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By clicking on the link, your personal data is therefore transmitted to the respective provider of the social network and stored there (for US providers in the USA). As the provider collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the link.

‍
We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the provider of the social network.

‍
The provider of the social network stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective provider of the social network as the controller under data protection law to exercise this right. We offer you the opportunity to interact with the social networks and other users via the links so that we can improve our offering and make it more interesting for you as a user. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest arises from the aforementioned purposes.

‍
Data is passed on regardless of whether you have an account with the provider of the social network and are logged in there. If you are logged in, your data collected by us will be assigned directly to your existing account with the respective provider. If you click on the link and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before clicking on the link, as this will prevent you from being assigned to your profile with the provider.

‍
Further information on the purpose and scope of data collection and its processing by the provider of the social network can be found in the data protection declarations of these providers provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy.

‍
Addresses of the respective providers and URL with their data protection notices:

LinkedIn: LinkedIn Ireland Unlimited Company Attn: Legal Dept (Privacy Policy and User Agreement) Wilton Plaza Wilton Place, Dublin 2 Ireland

For more information, please visit: https://de.linkedin.com/legal/privacy-policy

Facebook: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, IrelandHowever, according to Facebook, the data collected is also transferred to the USA and other third countries.

For more information, please visit: https://de-de.facebook.com/privacy/explanation

Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, IrelandHowever, according to Facebook, the data collected is also transferred to the USA and other third countries.

For more information, please visit: https://de-de.facebook.com/privacy/explanation

‍

V. Integration of YouTube videos

This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

‍
When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.

‍
Furthermore, YouTube may store various cookies on your device or use comparable technologies to recognize you (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempted fraud.

‍
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

‍
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍
Further information on the handling of user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy?hl=de

‍

VI. Your rights

If your personal data is processed, you have the following rights vis-à-vis us with regard to the personal data concerning you:

‍

Right to information, Art. 15 GDPR:
You can request confirmation from the controller as to whether personal data concerning you is being processed by the controller. If such processing is taking place, you can request the following information from the responsible party:
• the purposes for which the personal data are processed;
• the categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed, in particular recipients in third countries or international organizations; in the latter cases, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer;
• the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
• the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the responsible party or a right to object to such processing;
• the existence of a right to lodge a complaint with a supervisory authority;
• all available information on the origin of the data if the personal data are not collected from the data subject;
• the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
‍

Right to rectification, Art. 16 GDPR:
You have a right to rectification and/or completion against the responsible party if the processed personal data concerning you is incorrect or incomplete. The responsible party must make the correction without delay.
‍

Right to erasure, Art. 17 GDPR:
a) Obligation to delete
You have the right to obtain from the responsible party the erasure of personal data concerning you without undue delay and the responsible party is obliged to erase such data without undue delay where one of the following grounds applies:
• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21 (1) GDPR (see Section VIII) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
• The personal data concerning you has been processed unlawfully.
• The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the responsible party is subject.
• The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
‍

b) Information to third parties
If the responsible party has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform responsible parties who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
‍

c) Exceptions
The right to erasure does not exist if the processing is necessary
• to exercise the right to freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which the responsible party is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible party;
• for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
• for the assertion, exercise or defense of legal claims.
‍

Right to restriction of processing, Art. 18 GDPR:
You may request the restriction of the processing of your personal data under the following conditions:
• if you contest the accuracy of the personal data concerning you for a period enabling the responsible party to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• the responsible party no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or
• if you have objected to the processing pursuant to Art. 21 (1) GDPR (see Section VIII) and it has not yet been determined whether the legitimate reasons of the responsible party outweigh your reasons.
‍

Where the processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.‍

If you have obtained restriction of processing in accordance with the above conditions, you will be informed by the responsible party before the restriction is lifted.
‍

Right to information, Art. 19 GDPR:
If you have asserted the right to rectification, erasure or restriction of processing against the responsible party, the responsible party is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the responsible party.

‍

Right to data portability, Art. 20 GDPR:
You have the right to receive the personal data concerning you, which you have provided to the responsible party, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another responsible party without hindrance from the responsible party to whom the personal data was provided, provided that
• the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
• the processing is carried out using automated procedures.
‍

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one responsible party to another responsible party, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.‍

‍

Your right to erasure remains unaffected.

‍

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible party.

‍

Right to object, Art. 21 GDPR:
You have the right to object on a case-by-case basis and the right to object to the processing of data for advertising purposes. Further information on this can be found in section VIII of this privacy policy.
‍

Right to revoke the declaration of consent under data protection law:

You can revoke your consent to the processing of your personal data at any time by contacting the responsible party. Please note that the revocation only takes effect for the future. The legality of the processing carried out on the basis of the consent until the revocation is not affected.

‍

Automated decision in individual cases including profiling, Art. 22 GDPR:
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and the responsible party,

(2) is authorized by Union or Member State law to which the responsible party is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

(3) is based on your explicit consent.
‍

In cases (1) and (3), the responsible party shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the responsible party, to state his or her own position and to challenge the decision.

‍

Furthermore, decisions based exclusively on automated processing may not be based on special categories of personal data in accordance with Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

‍

Right to lodge a complaint with a supervisory authority, Art. 77 GDPR:

You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. You can lodge your complaint with the supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. The supervisory authority with which the complaint has been lodged will inform you as the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

‍

VII. Right to object according to Art. 21 GDPR

Individual right to object:

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) of Article 6(1) GDPR (data processing in the public interest) and point (f) of Article 6(1) GDPR (data processing for the purposes of the legitimate interests pursued by the responsible party or by a third party); this also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

‍
Right to object to the processing of data for advertising purposes

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.‍

‍

The objection in the above cases can be made informally and should preferably be sent by email with the subject “Objection” to: sphairlab GmbH, Merzbrück 212, 52146 Aachen; telephone: +49-163-2518059; email: info@sphairlab.com

‍

VIII. Data security

We make every effort to take all technical and organizational measures to store your personal data in such a way that it is not accessible to third parties. We cannot guarantee complete data security when communicating by e-mail, so we recommend that you send confidential information by post.

‍

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

‍