1) GENERAL REMARKS AND PRINCIPLES OF DATA PROCESSING

We are pleased that you are visiting our website. The protection of your privacy and your personal information, the so-called personal data, whilst using our website is an important matter to us.

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person; This includes, for example, information such as your first name and surname, your address, your telephone number, your email address, but also your IP address.

Data that does not provide any reference to your person, such as anonymized data, does not qualify as personal data. According to Art. 4 No. 2 GDPR, processing (e.g., data collection, recording, organization, storage, sorting, retrieval, use, transmission, erasure or destruction) always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose underlying the processing has been fulfilled and there is no longer a legal obligation to archive the data.

You can find information about how your personal data is treated when visiting our website here. We must collect personal data about you to provide the functions and services available on our website.
We also explain to you the nature and scope of the respective data processing, the purpose underlying it and the corresponding legal basis as well as the respective storage period.

This privacy policy only applies to this website. It does not apply to other websites to which we merely refer via a hyperlink. We cannot assume any liability for the confidential treatment of your personal data on the websites operated by such third parties as we do not have any influence on whether these operators comply with the requirements of data protection laws. Please find the information on the way your personal data is treated by these operators directly on these websites.

Separate privacy policies apply to project tenders and job applications which can be found on our website under the contacts link.

See below for the contact data of the applicable controllers and data protection officers.


2) CONTROLLERS

The controller who bears responsibility for processing personal data on this website is (see the imprint):

SprinD GmbH
, Markt 9
, 04109 Leipzig
Management: Ms. Berit Dannenberg and Mr. Rafael Laguna de la Vera
Email: INFO@SPRIND.ORG


3) DATA PROTECTION OFFICER

The data protection officer of SPRIND is available to answer any questions on data protection at our business address: SPRIND GmbH, Markt 9, 04109 Leipzig, Email: DATENSCHUTZ@SPRIND.ORG


4) COLLECTION OF GENERAL DATA AND INFORMATION

a) Nature and scope of data processing
Every time our website is called up, our web server collects a range of general data and information. This general data and information is stored in the log files of the server. The data and information that can be collected includes
  • the type of browser used and its version;
  • the operating system used by the system accessing the website;
  • the site from which the system accessing our website originated its request (referrer sites);
  • the pages of our website that the system accessing our website accesses;
  • the date and time of day our website is accessed;
  • the internet protocol address (IP address);
  • the internet provider of the system accessing our website;
  • other similar data and information that serves to defend against cyberattacks to our IT systems.

b) Purpose and legal basis
SPRIND does not draw any conclusions about the data subject when using this general data and information. Rather, this information is needed to deliver the content of our website correctly and to optimize it, to ensure the functionality of our IT systems and the technology used by our website over the long-term as well as to provide the information required by the crime office to make a prosecution in the event of a cyberattack. We therefore analyze this anonymized data and information statistically and, more importantly, with the goal of elevating the level of data protection and data security in our organization in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymized data in the server logfiles is stored separately from all personal data provided by the data subject.
The legal basis for this processing is provided by Art. 6 (1) lit. f) GDPR. The processing of the data referred to above is necessary to provide the website and therefore the legitimate interests pursued by our organization.

c) Duration and storage
As soon as the personal data referred to above is no longer needed to present the website, it is deleted. The collection of the data needed to present the website and the storage of the data in logfiles is essential for the operation of the website. Consequently, users of the website do not have any right of refusal in this regard. It is also possible that the data may be stored beyond the above parameters if this is required by law.


5) COOKIES AND WEB ANALYTICS USING MATOMO

The websites of SPRIND use cookies. Cookies are text files that are filed and stored on a computer system via an internet browser.

Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which websites and servers can be allocated to the specific internet browser where the cookie is stored. This allows the websites and servers that are visited by the user to distinguish the individual browser of the data subject from other internet browsers which contain different cookies. A particular internet browser can be recognized and identified by the unique cookie ID.
The use of cookies allows us to provide more user-friendly services on our website which would not be possible without setting a cookie.

As stated above, cookies enable us to recognize a user returning to our website. The purpose of this recognition of returning visitors is to facilitate the use of our website for the users. For example, the user of a website that uses cookies does not have to reenter his or her registration data each time as this action is performed by the website and the cookie stored on the computer system of the user. Another example is the cookie used for the shopping basket of an online shop. The online shop records the articles that the customer has placed in their virtual shopping basket using a cookie.
You may prevent cookies being set by our website via the corresponding settings of your internet browser which allows you to permanently refuse cookies being set. Moreover, you can delete any cookies that have already been set by your internet browser or other applications. This is possible in all customary internet browsers. If you deactivate cookies, it is possible that not all functions of our website will be available for you to use in some circumstances.

We use “Matomo” open source web analytics software on our website to analyze visits to our website. We operate our own Matamo system because we wanted to refrain from using the customary external analysis by Google Analytics. Using Matamo, we analyze where visitors come from, which content is relevant to them, and where there may be any problems on our website. We do not conduct any specific monitoring of users as identifiable persons. All data, including the IP address is automatically anonymized before being stored.

Matamo uses so-called cookies, text files that are saved on your computer and that enable an analysis of website use. The information generated by the cookie is stored solely on servers in Germany. You can prevent the installation of cookies by adjusting your browser settings; please note, however, that in this case some functions of this website may not be available for use to their full extent.

Due to the purpose described above, the legal basis for the processing of your personal data using cookies is provided by Art. 6 (1) lit. f) GDPR. If you provide your consent to the use of cookies via a cookie banner set by us on the website, the legal basis is also provided by Art. 6 (1) lit. a) GDPR.

You can also revoke any possible prior and express consent you may have already given to the use of cookies. If you wish to decide against the use of cookies, click the following link to place the deactivation cookie on your browser:

As soon as data transmitted to us by the cookie for the purpose described above is no longer needed, it is deleted from our server. It is also possible that the data may be stored beyond the above parameters if this is required by law.


6) NEWSLETTER VIA CLEVERREACH

With your consent, you can subscribe to our newsletter, which will keep you up to date with the latest information from SPRIND.

We use the so-called double-opt-in procedure to subscribe to our newsletter. This means that after your registration, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If your registration is not confirmed, your personal data will be blocked and automatically deleted after one week. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

Your e-mail address is the only mandatory information for sending the newsletter. The provision of further, separately marked personal data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address and, if necessary, other voluntary details for the purpose of sending the newsletter and optimizing the newsletter service. The legal basis is Art. 6 para. 1 p.sentence 1 lit. a GDPR.

You can revoke your consent to the sending subscription of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail, by sending an e-mail to info@sprind.org or by sending a message to the contact details given in the imprint. Your personal data will be deleted within one week after receipt of the newsletter, provided that the deletion does not conflict with any legal storage obligations.

We would like to point out that the sendingdistribution of our e-mail newsletters is carried out via the technical service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany ("CleverReach"), to whom we pass on the data provided by the user during the newsletter registration. A corresponding agreement for commissioned data processing exists has been concluded. The data entered by users for the purpose of subscribing to the newsletter (e.g. email address) is stored on CleverReach's servers in Germany or Ireland. CleverReach uses this information to send and statistically evaluate the newsletter on our behalf. For evaluation purposes, the sent newsletters contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This way it can be determined whether a newsletter message was opened and which links were clicked if necessary. Technical information is also collected (e.g. time of access, IP address, browser type and operating system).

We use the data thus obtained to create a user profile in order to tailor the newsletter to the interests of the newsletter subscribers in the future. In doing so, we record whether and when you read our newsletters and which links you click on in these newsletters. This data is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.

Such tracking is not possible if you have deactivated the display of images by default in your e-mail program. In this case, the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the tracking mentioned above will take place.


7) USAGE OF VIMEO PLUG-INS

For the integration and display of video content, our website uses plugins from Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York City, New York 10011, USA.

When you visit one of our sites equipped with a Vimeo plugin, a connection to the Vimeo servers is established. This allows Vimeo to know which of our pages you have visited. Vimeo also learns your IP address, even if you are not logged in to the video portal or do not have an account there. If you have a Vimeo account and are logged in, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA.

Please note that the Vimeo terms of use are not under the control of SPRIND. We have no influence on the collection of data and its further use by Vimeo. For example, there is no knowledge of the extent to which, where, and for how long the data will be stored, the extent to which Vimeo will comply with existing deletion obligations, what evaluations and links will be made to the data, and to whom the data will be passed on. What rights and setting options you have to protect your privacy can be found in Vimeo's privacy policy at https://vimeo.com/privacy.


8) PROCESSING OF PERSONAL DATA IN THE COURSE OF USAGE OF SOCIAL NETWORKS

As part of its public relations work, SPRIND maintains online profiles within social networks (Twitter and LinkedIn) in order to inform the users active there about SPRIND and to enter into an exchange with them. The references are indicated on our website by a link to our profile on the corresponding social networks. No social plug-ins are used.

We would like to point out that the conditions of use of the services mentioned and linked on our homepage and their operators are not subject to the control of SPRIND and that you use them on your own responsibility. These services and their operators store and process personal data of their users (including IP address, the application used, details of the end device, including the device ID and application ID, information on websites accessed, your location and your mobile phone provider). The data collected about you when using the services will be processed by Twitter Inc. and LinkedIn in accordance with their own guidelines and may be transferred to countries outside the European Union. This data is assigned to the data of your respective account or profile. SPRIND has no influence on the data collection and its further usage by the social networks. For example, there is no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. Please refer to the respective privacy policy of Twitter and LinkedIn to find out which rights and setting options you have to protect your privacy.

Because some of the companies are providers outside the European Union, with a European branch only in Ireland, they are not bound by European and German data protection regulations. This concerns, for example, your rights to information, blocking or deletion of data or the possibility to object to the use of usage data for advertising purposes.

You can find out what data is processed by Twitter and for what purposes and your rights in this respect in the Twitter privacy policy at https://twitter.com/en/privacy.

You can limit the processing of your data in the general settings of your Twitter account as well as in the section "Privacy and security". In addition, you can restrict Twitter access to contact and calendar data, photos, location data etc. on mobile devices (smartphones, tablet computers) in the settings there. However, this is dependent on the operating system used. For more information on these matters, please visit the following Twitter support pages:
support.twitter.com/articles/105576#.

For information on what data is processed by LinkedIn and for what purposes, please refer to the LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.


9) DATA TRANSFER TO THIRD PARTIES

We only transfer your personal data to third parties if:

  • you have provided your express consent pursuant to Art. 6 (1) lit. a) GDPR;
  • it is permitted by law and it is necessary to perform a contract with you or to take steps prior to entering into a contract pursuant to Art. 6 (1) lit. b) GDPR;
  • the transfer is necessary for compliance with a legal obligation pursuant to Art. 6 (1) lit. c) GDPR;

we are obliged to transfer the data to public authorities;
  • the transfer pursuant to Art. 6 (1) lit. f) GDPR is necessary to protect a legitimate business interest, insofar as this is necessary to establish, exercise or defend against legal claims and there is no reason to assume that you have an overriding interest in the data not being transferred;
  • we rely on third-party service providers (contract processors) in keeping with Art. 28 GDPR who are obliged to handle your data with due care.

In the event that we process your data in a third country (i.e., a country outside of the European Union (EU) or the European Economic Area (EEA)) or this occurs within the framework of using the services of a service provider or when disclosing or transferring your data to third parties, such processing will only be performed to fulfill our (pre-)contractual duties, on the basis of your consent, due to a legal obligation or in the pursuit of our legitimate interests. Subject to applicable legal or contractual permissions, we only process data or have it processed in a third country if the criteria of Art. 44 et seq. GDPR are met. This means that processing is only performed on the basis of a specific guarantee to the effect that the same level of data protection afforded by the EU is met (e.g., by means of the “Privacy Shield” in the USA) or officially recognized contractual obligations apply (“standard contractual clauses”).


10) ADVERTISING AND MARKET RESEARCH

Your personal data is stored for the sole purposes listed above. Your data is not used, analyzed or transferred to others for other purposes. We do not use your data for the purposes of advertising or market research. Transfer of your personal data is ruled out (with the exception of the purposes listed under 6).


11) YOUR RIGHTS

You have the right at all times
  • to revoke any consent you may have given pursuant to Art. 7 (3) GDPR. As a consequence, any processing of your data based on your consent may no longer be continued;

to obtain information about your personal data in accordance with Art. 15 GDPR. In particular, you have the right to obtain information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority, where the personal data are not collected from the data subject, any available information as to their source, the existence of automated decision-making, including profiling and details thereon;
  • to rectify or complete inaccurate personal data stored by the controller in accordance with Art. 16 GDPR without undue delay;
  • to obtain from the controller the erasure of personal data in accordance with Art. 17 GDPR, provided that the processing of your personal data is not required for the exercise of the freedom of expression and information, to meet a legal obligation, reasons of public interest or to establish, exercise or defend against legal claims;
  • to obtain from the controller a restriction of the processing of personal data pursuant to Art. 18 GDPR, provided you contest the accuracy of your personal data, the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead and the controller no longer needs the personal data but you require the data to establish, exercise or defend against legal claims or you object to processing pursuant to Article 21(1);
  • pursuant to Art. 20 GPDR to receive the personal data which you provided in a structured, commonly used and machine-readable format and to transmit those data to another controller, and
  • to lodge a complaint with a supervisory authority pursuant to Art. 77 GPDR. Generally, you can contact the supervisory authority of your habitual residence or workplace or to the jurisdiction in which we have our registered office.

12) ERASURE OF DATA

The data we process are erased in keeping with Art. 17 GPDR or their processing is restricted in accordance with Art. 18 GPDR. Unless stated expressly otherwise elsewhere in this privacy policy the data we have stored is deleted as soon as it is no longer needed for the stated purpose and there is no legal archiving duty requiring otherwise. If the data are not deleted because they are needed for another legally permitted purpose, their processing is restricted accordingly. This means the data are blocked and not used for other purposes. This applies, for example, to data that needs to be stored under the terms of the applicable commercial code or tax legislation.

The provisions of Sec. 257 (1) HGB [“Handelsgesetzbuch”: German Commercial Code] specify that documents (commercial business records, inventories, opening balance sheets, financial statements, business correspondence, journal vouchers, etc.) must be archived for 6 years and Sec. 147 (1) AO [“Abgabenordnung”: German Tax Code] specifies a retention period of 10 years (bookkeeping, records, management reports, journal vouchers, business correspondence, documents relevant for tax purposes, etc.).


13) RIGHT TO OBJECT

You have the right to object to the processing of your personal data at any time in the future in accordance with the terms of Art. 21 GPDR. In particular, the right to object can be asserted against the processing of personal data for advertising purposes.

Simply send an email to DATENSCHUTZ@SPRIND.ORG to exercise your right to object.