Submit Your Project Proposal

SPRIND
Federal Agency for Breakthrough Innovation

PRIVACY POLICY IN ACCORDANCE WITH ARTICLE 13 OF THE EU GENERAL DATA PROTECTION REGULATION (“GDPR”)

Thank you for visiting our website. Data protection and security is important to us. For this reason we want to provide you with information about what personal data we collect when you visit our website and submit your project proposal to us, the purposes for which it is used and the data protection rights you have associated with it.

The Controller responsible for data processing is SPRIND GmbH (hereafter “SPRIND”, “we” or “us”).

NOTE: CHANGES TO THIS PRIVACY POLICY

Due to changes in statutory or official requirements, and the continued evolution of technical standards and the services we offer, it may be necessary to make adjustments to this Privacy Policy. For this reason it will be regularly examined to see whether there is a need to change or update it. This Privacy Policy can therefore be changed at any time with future effect.

Status of this Privacy Policy: February 2026

I. DATA CONTROLLER AND DATA PROTECTION OFFICER
1. DATA CONTROLLER
The data controller within the meaning of the GDPR as well as other data protection regulations of the member states of the EU (German Federal Data Protection Act, hereafter the “BDSG”) and other data protection regulations is:

SPRIND GmbH, Lagerhofstr. 4, 04103 Leipzig, Management board: Ms. Berit Dannenberg and Mr. Rafael Laguna de la Vera Email: INFO@SPRIND.ORG

2. DATA PROTECTION OFFICER
If you have any questions about data protection, please contact the data protection officer acting for SPRIND GmbH at the business address: SPRIND GmbH, Lagerhofstr. 4, 04103 Leipzig, Email: DATENSCHUTZ@SPRIND.ORG.

II. DATA SECURITY
We implement technical and organizational measures to protect your data as comprehensively as possible from unauthorized access. Our website uses encryption. Your data is transferred over the Internet from your computer to our server, and vice versa, using TLS encryption. You can generally recognize this from the fact that the padlock symbol in the status bar of your browser is locked and the address line starts with https://.

III. PRINCIPLES
This Privacy Policy applies to the processing of data when you visit our website.

If we provide links to the websites of other providers, the privacy notices and policies of those providers shall apply.

1. SCOPE OF THE PROCESSING OF PERSONAL DATA
In general, we only process your personal data when necessary to be able to provide you with our website and service offerings and to maintain a functional website, in particular to facilitate:

• Use of our website by interested parties
• Responding to contact requests and communication
• Assessing your project proposal

2. LEGAL BASIS

• If the processing of personal data takes place on the basis of your consent, the legal basis for the processing is Article 6(1)(a) of the GDPR, Article 7 of the GDPR.
• When processing personal data to fulfill a contract, or carry out pre-contractual measures, in which the contracting party is the data subject, the legal basis is Article 6(1)(b) of the GDPR.
• When processing your personal data is necessary to fulfill a legal obligation to which SPRIND is subject, the legal basis is Article 6(1)(c) of the GDPR.
• When processing personal data is necessary to protect the vital interests of the data subject or another natural person, the legal basis is Article 6(1)(d) of the GDPR.
• If SPRIND has been assigned a task that is in the public interest or represents an exercise of state authority, the legal basis for the processing of personal data is Article 6(1)(e) of the GDPR.
• If the processing of personal data is undertaken to fulfill our legitimate interests or those of a third party, and this does not override the interests, fundamental rights and fundamental freedoms of the data subject, the legal basis for the processing is Article 6(1)(f) of the GDPR.

3. POSSIBLE RECIPIENTS OF PERSONAL DATA
We sometimes engage external service providers to enable us to provide our offers and services to you. When performing these services, they act on our behalf and according to our instructions (as data processors). In the context of performing their services, these service providers may receive personal data or come into contact with it. SPRIND shall ensure that these service providers, in accordance with Article 28 of the GDPR, demonstrate suitable technical and organizational measures and carry out the data processing in such a way that relevant data protection provisions are observed and the protection of the rights of data subjects is guaranteed.

Based on statutory obligations, SPRIND may be compelled to share the data we have collected with public bodies (e.g. financial authorities, the Federal Criminal Police Office, social insurance authorities). When legally permitted to do so, we also process personal data with our partners.

4. LOCATION OF THE PROCESSING OF PERSONAL DATA
Generally, the processing of your personal data takes place within the European Union (“EU”) or the European Economic Area (“EEA”). When specific tools or applications are used, however, it may be that information is transmitted to third countries. Third countries are countries outside of the EU and/or EEA in which an appropriate data protection level corresponding to European requirements cannot be taken for granted. When the information transmitted also includes personal data that cannot be transferred to the recipient in anonymized or pseudonymized form, we ensure that suitable safeguards are in place. This can be ensured on the basis of an “Adequacy Decision” by the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en), certification under the Data Privacy Framework (Link: https://www.dataprivacyframework.gov/) or the use of “EU-Standard Contractual Clauses” provided by the EU Commission (Link: https://commission.europa.eu/publications/publications-standard-contractual-clauses-sccs_de) in accordance with Article 46(2)(c) of the GDPR.

5. DATA ERASURE AND RETENTION DURATION
We only store your data for as long as necessary to achieve the purpose of the processing, or to fulfill our contractual or statutory obligations, or until the legal basis for retaining it expires.

In EU directives, laws or other regulations, European or national lawmakers have anticipated that retaining data and restricting its processing is a possible alternative to erasing it, especially in cases related to the following:

• The fulfillment of statutory retention obligations: German Tax Code (Section 147 Abgabenordnung (AO)) or the German Commercial Code (Section 257 Handelsgesetzbuch (HGB)), six to ten years;
• When there is a legitimate interest in continued storage: Statutory limitation periods for the purposes of potential legal defense (Sections 195 et seq. of the German Civil Code (BGB)), ranging from three to 30 years.

In any case, the data will be erased at the latest when a retention period prescribed by the previously mentioned standards expires. This does not apply, on an exceptional basis, when continued retention by SPRIND is required and a legal basis for it exists.

6. DATA CATEGORIES
In relation to the nature of the personal data concerned, we make the following key distinctions:

a) Metadata and log files
These are, for example, your IP address, session ID, the browser type used, the operating system and the time of your request.

b) Identity data
This is data you have made available to us that relates to your person or your company, in particular: Company, first name, surname, email address and telephone number.

7. NO OBLIGATION
In principle, you have no statutory or contractual obligation to provide your personal data to us. If you do not provide us with required data, however, it may be that we have to restrict the services we offer you, or not provide them at all.

IV. CONTACT VIA EMAIL OR PROJECT PROPOSAL SUBMISSION FORM
1. NATURE AND SCOPE OF THE DATA PROCESSING
When you contact us using the form provided or by email, we will use the data you have sent us such as

• Basic personal data (e.g. name, address, date of birth);
• Contact details (e.g. email address, telephone numbers);
• Content data (e.g. text input).

to deal with the matter.

2. PURPOSE AND LEGAL BASIS
All personal data is processed for the following purposes only:

• Responding to contact requests and communication;
• Assessing your project proposal;
• Continued retention in order to make contact later and re-assessing your project proposal in case of rejection;
• Evaluating the technical expertise you have demonstrated;
• Selection of experts for assessment of project ideas with the potential to be breakthrough innovations
• Coordinating and discussing the assessment of project ideas that have the potential to be breakthrough innovations with the SPRIND team, innovators and other experts as well as
• Initiating, establishing, executing and terminating contractual relationships;
• In order to offer support during SPRIND challenges with the SPRIND team, innovators and other experts.

Insofar as your consent is required, the legal basis for the processing of your personal data for the above-mentioned purpose is

• Article 6(1)(a) of the GDPR. You can withdraw the consent you have granted us at any time by contacting info@sprind.org;
• Article 6(1)(b) of the GDPR, if contact is made with the aim of establishing or implementing a contract;
• Article 6(1)(e) of the GDPR, if contact is made in relation to questions about possible SPRIND funding;
• Article 6(1)(f) of the GDPR, if contact is made for other purposes. The legitimate interest arises from the need to process your data in order to be able to respond to your query.

When you contact us directly by email, the legal basis for processing your data is Article 6(1)(e) and/or Article 6(1)(f) of the GDPR.

3. CONTINUED RETENTION FOR LATER CONTACT AND RE-ASSESSING YOUR PROJECT PROPOSAL IN CASE OF REJECTION
If you grant us your consent, we retain your personal data on the basis of Article 6(1)(a) of the GDPR (in particular contact details and project data) beyond the duration of the initial assessment for a maximum of three years, to enable us to contact you in future and perform an assessment again.

You can withdraw your consent at any time by contacting info@sprind.org (see also Section V. – “RIGHTS OF DATA SUBJECTS”).

4. SOURCES OF PERSONAL DATA
We process the data you have provided to us by email, post, telephone or form submission.

5. RETENTION PERIOD
The data processed by us will be erased or its processing will be restricted as laid down in Articles 17 and 18 of the GDPR. We erase your data once it is no longer required, provided that no statutory retention obligations (ten years pursuant to Section 147(1) of the AO (Tax Code); six years pursuant to Section 257(1) of the HGB (Commercial Code) prevent us from doing so. In principle, data is erased when it is no longer required for responding to your query. If the data relates to a contractual relationship, its retention duration will be in line with the term of the contract.

6. POSSIBLE CONSEQUENCES OF NON-PROVISION OF DATA
No legal obligation to provide the data exists. If you decline to do so, however, we may be unable to process your inquiry.

V. RIGHTS OF DATA SUBJECTS
As a data subject, the GDPR grants you specific rights in relation to your personal data.

1. These include:
a) Right to information (Article 15 of the GDPR)
You have the right to request confirmation that personal data related to you is being processed. If this is the case, you have a right to information about this personal data and the information detailed in Article 15 of the GDPR.

b) Right to rectification (Article 16 of the GDPR)
You have the right to request the correction of inaccurate personal data related to you without undue delay and, where appropriate, the supplementation of incomplete data.

c) Right to erasure (Article 17 of the GDPR)
You have the right to request the erasure of personal data related to you without undue delay, insofar as one of the grounds detailed in Article 17 of the GDPR applies.

d) Right to restriction of processing (Article 18 of the GDPR)
You have the right to request the restriction of processing when one of the prerequisites listed in Article 18 of the GDPR is fulfilled, for example, when you have lodged an objection against processing, for the duration of the assessment by the data controller.

e) Right to data portability (Article 20 of the GDPR)
In specific cases, which are listed individually in Article 20 of the GDPR, you have the right to receive the personal data related to you in a structured, current and machine-readable format or to request the transfer of this data to a third party.

f) Right to withdraw consent (Article 7 of the GDPR)
Insofar as the processing of data takes place on the basis of your consent, in accordance with Article 7(3) of the GDPR, you are entitled to withdraw the consent to the use of your personal data at any time. Please note that this withdrawal of consent only has future effect. Processing that has taken place prior to the withdrawal of consent is not affected by it.

2. Right to object (Article 21 of the GDPR)
IF DATA IS COLLECTED ON THE BASIS OF ARTICLE 6(1)(F) OF THE GDPR (DATA PROCESSING BASED ON LEGITIMATE INTERESTS) OR ON THE BASIS OF ARTICLE 6(1)(E) OF THE GDPR (DATA PROCESSING BASED ON LEGITIMATE INTERESTS OR THE EXERCISE OF STATE AUTHORITY), IN ACCORDANCE WITH ARTICLE 21 OF THE GDPR, ON GROUNDS ARISING FROM YOUR OWN PARTICULAR SITUATION, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING AT ANY TIME. WE SHALL NO LONGER PROCESS THE PERSONAL DATA UNLESS WE DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

TO EXERCISE YOUR RIGHT TO OBJECT, SIMPLY SEND AN EMAIL TO INFO@SPRIND.ORG.

3. Complaint to a supervisory authority
Further, in accordance with Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority when you believe that the processing of your personal data infringes the GDPR. For us the relevant supervisory authority is:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (“BfDI”)
Graurheindorfer Str. 153, 53117 Bonn

Telephone: +49(0)228 997799-0
Email: poststelle@bfdi.bund.de
De-Mail: poststelle@bfdi.de-mail.de
Contact: https://www.bfdi.bund.de/DE/Service/Kontakt/kontakt_node.html?logoutReason=restricted

Note: You can also file your complaint with any other supervisory authority.

4. Enforcement of your rights
For enforcement of your data subject rights please contact the body indicated in Section 1, when nothing has been stated to the contrary above.

5. Processing during the exercise of your rights
If you wish to exercise your rights pursuant to Articles 15 to 22 of the GDPR, we will process the personal data you have transmitted in order to give effect to these rights and provide proof of this to you. We will process it exclusively for the purpose of providing you with information and preparing stored data, and for the purpose of data protection monitoring, and otherwise restrict processing in accordance with Article 18 of the GDPR.