PRIVACY POLICY
SPHAER e.U.
This privacy policy describes how SPHAER e.U., FN 593532 t, (hereinafter "SPHAER") processes your personal data when you visit the website of SPHAER, use the SPHAER online shop or visit the SPHAER fan pages.
1. Responsible persons
The responsible person within the meaning of the General Data Protection Regulation ("GDPR")[1] is:
SPHAER e.U.
Traminergasse 1
1190 Vienna, Austria
E-Mail: contact@studiosphaer.com
Phone: +43 664 93045989
Website: https://www.studiosphaer.com
2. Personal data and data processing
Personal data is information that relates to an identified or identifiable natural person (so-called "data subject"). Examples are name, address, e-mail address, telephone number, date of birth, age, gender or national insurance number. There are also special categories of personal data (so-called "sensitive data"). The GDPR understands this to mean, for example, health data, data in connection with criminal proceedings or biometric data.
2.1 Data processing due to visits to the website / online shop and fan pages: Cookies are processed in the context of using the website (for more information, see point 7. of this privacy policy). Details on data processing when visiting the SPHAER fan pages can be found in points 10. (Facebook) 11. (Instagram) and 12. (LinkedIn) of this privacy policy.
2.2 Data processing for data entries in the online shop: If you place an order via the online shop or contact SPHAER otherwise, the data necessary to respond to your enquiry will be processed (legal basis: Art 6(1)a), b) and f) GDPR). This may include, in particular, the following personal data:
· First and last name
· E-mail address and, if necessary, telephone number
· Delivery and payment data
· Other personal data provided by you
2.3 Data processing when contacting SPHAER: If you contact SPHAER via e-mail, telephone, the website or otherwise (eg via fan pages), the data necessary to respond to your enquiry will be processed (legal basis: Art 6(1)a), b) and f) GDPR). This includes in particular:
· First and last name
· E-mail address and telephone number
· IP address
· Other personal data provided by you
If you do not wish to disclose personal data to SPHAER, SPHAER may not be able to establish a business relationship with you or respond to enquiries.
3. Automated decision making according to Art 22 GDPR
SPHAER does not use automated decision-making pursuant to Art 22 GDPR.
4. Legal bases for data processing
SPHAER only collects, processes, and uses your personal data if there is a legal basis within the meaning of Art 6(1) GDPR. Your data will be processed in particular on the basis of the following legal grounds:
4.1 Consent – Art 6(1)a) GDPR
Data processing is based on your consent, provided that you give your consent when contacting us. Sensitive data (as defined in Art 9 GDPR) and data for sending a newsletter, which you may disclose to SPHAER when using the website, are also processed on the basis of consent. The scope and purposes of the processing are determined by the underlying declaration of consent. You can revoke your consent at any time with effect for the future by informing SPHAER of your revocation by telephone under +43 664 93045989, by e-mail to contact@studiosphaer.com or by letter to SPHAER e.U., Traminergasse 1, 1190 Vienna, Austria.
4.2 For the performance of a contract – Art 6(1)b) GDPR
All processing carried out by SPHAER in connection with the fulfilment of a contract is based on the legal basis of Art 6(1)b) GDPR. This also includes data that SPHAER processes on the basis of any pre-contractual relationships and the sending of e-mails by SPHAER regarding information on payments, invoices, changes to the contract and important information on the product (e.g. necessary data changes).
4.3 Legal obligations – Art 6(1)c) GDPR
If SPHAER is subject to a legal obligation that requires the processing of personal data, Art 6(1)c) GDPR serves as the legal basis for such data processing.
4.4 Legitimate interest – Art 6(1)f) GDPR
If the processing of personal data is necessary for the purpose of legitimate interests pursued by SPHAER or a third party, Art 6(1)f) GDPR serves as the legal basis. A legitimate interest of SPHAER is in particular
i) to ensure the operation and administration of the website and to be able to operate fan pages;
ii) to be able to carry out direct marketing measures;
iii) to ensure network and data security, but only to the extent that the legitimate interest of SPHAER is consistent with applicable law and with the rights and freedoms of its users; and
iv) to be able to assert, exercise or defend legal claims.
5. Transfer of data to third parties
5.1 Due to the contemporary complexity of certain data processing procedures, it has become essential to provide certain services with the assistance of third parties. For this purpose, SPHAER uses external service providers, e.g. for web hosting and IT systems, to whom your data is made available. These service providers are processors within the meaning of Art 28 GDPR, who are contractually obliged to treat your data confidentially and to process your data only within the scope of the provision of their services.
5.2 The transfer of the data – in the respective individual case – takes place on the basis of the statutory provisions or the contractual agreement to the following bodies:
· Provider for the creation and operation of the SPHAER-website (in particular WIX.COM;
· Tax advisory, accounting and bookkeeping companies;
· marketing companies;
· Microsoft (Microsoft Ireland Operations Limited as well as Microsoft Corporation for the operation of the Microsoft Office programs and for cloud services);
· courts, if required;
· legal representatives;
· tax authority.
5.3 The possible recipient of your personal data may be located or process your personal data outside the European Union. The level of data protection in other (non-EU) countries may not be the same as in Austria. However, SPHAER will only transfer your personal data to countries that have an adequate level of data protection according to the EU Commission. Alternatively, SPHAER takes measures to ensure that all recipients have an adequate level of data protection, such as concluding agreements in accordance with the standard contractual clauses (Implementation Decision (EU) 2021/914[2]).
5.4 Under certain circumstances, SPHAER may be required by law to disclose your information to, for example, regulatory and law enforcement authorities. However, this is only to the extent necessary for the prevention and/or detection of fraud and other criminal offences or to ensure network and data security.
6. Newsletter
SPHAER only sends newsletters with your consent in order to inform you about news regarding the product range, offers and events concerning SPHAER and partners of SPHAER. The consent includes the processing of the personal data mentioned below, such as registration data and data based on the "web beacon". Registration is generally carried out by a double opt-in procedure. After registration, you will receive an e-mail in which you are asked to confirm your subscription. As a result, personal data will be processed, such as: name, e-mail, meta/communication data and usage data. The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the SPHAER server or the server of a processor when the newsletter is opened. Within the process of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of the retrieval, are initially collected. This information is used for the technical improvement of SPHAER's newsletter on the basis of the technical data and your reading behaviour according to your access locations (which can be determined with the help of the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients. You can cancel the subscription to our newsletter at any time or revoke your consent and cancel a further subscription. For this purpose, you will find a cancellation link at the end of each newsletter or you can use one of the contact options given above, preferably e-mail, for this purpose.
7. Cookies
7.1 SPHAER uses cookies as part of the online shop operation. Almost every website uses cookie technology. A cookie is a small text file that stores internet settings. It is downloaded by your internet browser the first time you visit a website. The next time you visit this website with the same device, the cookie and the information stored in it is either sent back to the website that generated it ("First Party Cookie") or sent to another website to which it belongs ("Third Party Cookie"). This allows the website to recognise that it has been visited with this browser before and, in some cases, to vary the content displayed. Some cookies are extremely useful as they can improve the user experience when you return to a website you have visited several times before. Provided that you are using the same device and browser as before, cookies remember, for example, your preferences, tell how you use a page and adapt the offers displayed to your personal interests and needs.
7.2 Essentially, there are the following types of cookies:
· Strictly necessary cookies ensure functions without which you would not be able to use this website as intended. These cookies are used exclusively by SPHAER and are therefore First Party Cookies. They are only stored on your computer/device during the current browser session. Such cookies ensure, for example, the functionality of a change from httpto https, if necessary, when changing pages and thus the compliance with increased security requirements for data transfer. In addition, such cookie also saves your decision regarding the use of cookies on the website.
· First party cookies requiring consent on this website: Cookies, which by purely legal definition are not absolutely necessary to be able to use the website, nevertheless fulfil important tasks. Without these cookies, functions that enable comfortable surfing on the website are no longer available and would therefore have to be retrieved again on every page. In addition to strictly necessary cookies, the website of SPHAER processes the following cookies: CookieConsent (used to store consent to cookie usage), functional cookies (to ensure the performance of the website) and performance cookies (to improve the user experience). Details of the cookies relating to the SPHAER website can be found on the cookie banner that appears when (first) visiting the website.
7.3 When visiting the website of SPHAER, the cookies used are in particular those that are used by the operator of the website (WIX), available at: https://support.wix.com/de/article/cookies-und-deine-website-bei-wix and https://www.wix.com/about/de-cookie-table.
7.4 The first time you visit the website of SPHAER you can disable the use of all cookies ("Cookie Opt-out"). If you delete all your cookies at a later point in time, it will be necessary to carry out the Cookie Opt-out process again; the same applies if you visit this website from other computers or other internet-enabled devices (smartphones, tablets, etc). If your security settings are too high and cookies are generally blocked, SPHAER will not be able to fulfil your opt-out request. In this case, you will be notified and should repeat the Cookie Opt-out process with lower security settings.
7.5 The website of SPHAER uses the third-party provider Google Maps: If you gave your consent, SPHAER uses Google Maps API (a mapping service of Google Inc.: 1600 Amphi-theatre Parkway, Mountain View, CA 94043, USA, hereinafter "Google") on the website to display an interactive map. By using Google Maps, specifically by clicking on the interactive map, information about your use of the website (e.g. your IP address and, if applicable, location data) can be processed by Google. By enabling the Do-Not-Track feature in your browser, no external Google Maps content will be loaded without your consent. If you do not select Google Maps API in the cookie banner, you will also not have access to an interactive map showing SPHAER's location. Further information on who (as recipients) your personal data is transferred to can be found specifically in Google's data protection information (https://www.google.de/intl/de/policies/privacy/). For more information on the transfer of personal data to third countries, please refer to point 5. of this privacy policy.
8. Server log files
In order to optimise the website in terms of system performance, user-friendliness and provision of useful information about services, the website provider automatically collects and stores information in so-called server log files, which your browser automatically transfers to SPHAER. This includes your internet protocol address (IP address), browser and language settings, operating system, referrer URL, your internet service provider and date/time as well as the content accessed. This data is not merged with personal data sources. SPHAER preserves the right to check this data retrospectively if concrete indications of illegal use become known.
9. Facebook, Instagram and LinkedIn buttons
The Facebook button, the Instagram button and the LinkedIn button are small buttons which take you to the fan pages set up by SPHAER on the mentioned social media platforms. By clicking on the buttons, a connection to the respective social media platform is established and your personal data is processed by the respective platform in accordance with points 10., 11. and 12. of this privacy policy. Beyond this, no social media plug-ins are currently integrated on the website of SPHAER.
10. Facebook fan page
10.1 SPHAER has a fan page on Facebook. This fan page is the company's user account for contacting users on Facebook. As a fan page operator, SPHAER can use the "Facebook Insight" function. This function compiles anonymized statistical data about visitors of the fan page. Facebook collects this data by setting cookies. Personal data is therefore processed each time this fan page is visited. This data is also processed if you are not logged in/registered on Facebook. As the operator of the fan page, SPHAER is therefore jointly responsible with Facebook within the meaning of Art 26 GDPR.
10.2 Registered users: As part of the registration process on Facebook, you agree to the terms of use, data protection and cookie provisions of Facebook/Meta. SPHAER has no control over these terms and provisions. If you visit the SPHAER fan page as a registered user, your data will be collected and processed as specified in these terms and provisions.
10.3 Non-registered users: By visiting a sub-page of the fan page, you give your consent for processing your personal data by Facebook/Meta (Art 6(1)a) GDPR).
10.4 The personal data is stored by Facebook and shared anonymously with SPHAER in statistical form, making it impossible for SPHAER to share it with third parties in identifiable form. The information on who (as recipients) your personal data is transferred to can be found more specifically in Facebook's/Meta's privacy information (https://www.facebook.com/privacy/explanation) and cookie policy (https://www.facebook.com/policies/cookies/).
10.5 Categories of data that SPHAER receives in anonymous form from Facebook:
i) Information about users and their interactions
(a) users who "like" the fan page: gender, residence, language, age;
(b) reached users: Users for whom SPHAER posts have been displayed in the last 28 days;
(c ) interacting users: users who have interacted with the page in the last 28 days (e.g. by tagging, "liking" etc);
(d) device of the user: whether the fan page content is accessed/interacted with via PC or mobile device;
(e) fan page views via Facebook or external links leading to the fan page;
(f) clicks on buttons (e.g. website, "plan route" button);
(g) the frequency of accesses via the fan page preview (when the mouse is hovered over the name or profile picture of the page);
(h) online times of users who "like" the fan page;
(i) information on the performance (reach and interaction) of the posts;
(j) interactions in detailed form: Negative (hidden posts, spam messages, "unlikes") and positive ("likes", other reactions to posts, etc) interactions.
ii) Information on "likes"
(a) total number for the fan page; number of new likes;
(b) breakdown of disclosures by origin, age, gender, language;
(c) the number of subscriptions to the page.
iii) Information on the reach/coverage
(a) for posts: Number of people to whom posts by SPHAER were provided, broken down by paid and organic reach;
(b) total reach, which is the number of users to whom actions on the page of SPHAER have been displayed to;
(c ) information about video views, including further information on the length of the views.
10.6 If you have given your consent to the processing of your data, you have the right to revoke this consent at any time, but this does not affect the lawful data processing that has taken place up to that point. If you wish to exercise your rights as a data subject or revoke your consent, please refer to the data protection information on Facebook's/Meta's Page Insights data (https://de-de.facebook.com/legal/terms/information_about_page_insights_data) and the forms contained/linked therein. Alternatively, you are free to contact Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland by post with your requests.
11. Instagram fan page
11.1 SPHAER has an Instagram fan page. This fan page is the company's user account for contacting users on Instagram. Fan page operators can use the "Instagram Insight" function. This function compiles anonymized statistical data about visitors to the fan page. Instagram collects this data by setting cookies. Personal data is therefore processed each time this fan page is visited. SPHAER, as the operator of the fan page, is therefore jointly responsible with Instagram (the operator here is also Facebook/Meta) within the meaning of Art 26 GDPR.
11.2 Registered users: As part of the registration process with Instagram, you agree to the terms of use, data protection and cookie provisions of Facebook/Meta. SPHAER has no control over these terms and provisions. If you visit the SPHAER fan page as a registered user, your data will be collected and processed as specified in these terms and provisions.
11.3 Non-registered users: By visiting a sub-page of the fan page, you give your consent for processing your personal data by Facebook/Meta (Art 6(1)a) GDPR).
11.4 The personal data is stored by Instagram and shared anonymously with SPHAER in statistical form, making it impossible for SPHAER to share it with third parties in identifiable form. The information on to whom (as recipients) your personal data is transferred to can be found specifically in the privacy information (https://de-de.facebook.com/privacy/policy/?entry_point=facebook_help_center_ig_data_policy_redirect) and cookie policies (https://de-de.facebook.com/help/instagram/1896641480634370/?helpref=hc_fnav&bc[0]=Instagram%20help%20section&bc[1]=Policies%20and%20Message) of Facebook and Meta respectively.
11.5 Categories of data that SPHAER receives in anonymous form from Instagram:
· "Overview": Overview of the last seven or 30 days on how many accounts were reached and how many interactions and subscribers were achieved in total.
· "Reached accounts": This metric provides SPHAER with information about the account's reach and impressions, e.g. profile views and website visits. When an action button is added, SPHAER can see how often it was tapped. SPHAER can then see, for example, information about clicks on call, email, sms, website and "plan route" buttons.
· "Content interactions": This metric provides SPHAER with breakdowns of content interactions, e.g. likes, comments, replies, as well as numbers indicating how often the content was shared or saved.
· "Total number of subscribers": These insights include information such as the growth of the number of subscribers, the main locations and age range of the subscribers, as well as at which times the subscribers of the SPHAER fan page are most active on Instagram.
· It is also possible to call up insights about individual contents; here, too, information on interactions and subscribers is provided.
11.6 If you have given your consent to the processing of your data, you have the right to revoke this consent at any time, but this does not affect the lawful data processing that has taken place up to that point. If you wish to exercise your rights as a data subject or revoke your consent, please refer to the data protection information on Facebook's Page Insights data (https://de-de.facebook.com/legal/terms/information_about_page_insights_data) and the forms contained/linked therein. Alternatively, you are free to contact Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland by post with your requests.
12. LinkedIn fan fage
12.1 SPHAER has a LinkedIn fan page. This fan page is the company's user account for contacting users on LinkedIn. Fan page operators can use the "LinkedIn Insight" function. This function compiles anonymized statistical data about visitors to the fan page. LinkedIn collects this data by setting cookies. Personal data is therefore processed each time this fan page is visited. SPHAER, as the operator of the fan page, is therefore is therefore jointly responsible with Linkedin (the operator here is the LinkedIn Ireland Unlimited Company) within the meaning of Art 26 GDPR.
12.2 Registered users: As part of the registration process with LinkedIn, you agree to the terms of use, data protection and cookie provisions. SPHAER has no control over these terms and provisions. If you visit the SPHAER fan page as a registered user, your data will be collected and processed as specified in these terms and provisions.
12.3 Non-registered users: By visiting a sub-page of the fan page, you give your consent for processing your personal data by LinkedIn (Art 6(1)a) GDPR).
12.4 The personal data is stored by LinkedIn and shared anonymously with SPHAER in statistical form, making it impossible for SPHAER to share it with third parties in identifiable form. The information on who (as recipients) your personal data is transferred to can be found specifically in LinkedIn's Privacy Policy (https://www.linkedin.com/legal/privacy-policy) and Cookie Policy (https://www.linkedin.com/legal/cookie-policy).
12.5 Categories of data that SPHAER receives in anonymous form from LinkedIn:
· statistics about members, their profession or industry sector
· calculation of placed or clicked advertisements
· demographic data of actual visitors
· additional Insight features can be found in LinkedIn's Privacy Policy and Cookies Policy linked above.
12.6 If you have given your consent to the processing of your data, you have the right to revoke this consent at any time, but this does not affect the lawful data processing that has taken place up to that point. If you wish to exercise your rights as a data subject or revoke your consent, please refer to LinkedIn's user agreement (https://de.linkedin.com/legal/user-agreement) and to the forms contained/linked therein. Alternatively, you are free to contact LinkedIn Ireland Unlimited Company ("LinkedIn Ireland"), Wilton Place, Dublin 2, Ireland, by post with your requests.
13. Data security and data retention
13.1 Your personal data is protected by appropriate organizational and technical precautions. These precautions particularly relate to the protection against unauthorized, illegal or even accidental access, processing, loss, use and manipulation of your personal data. Notwithstanding our efforts to maintain a reasonably high level of due diligence at all times, it cannot be ruled out that information which you disclose to SPHAER via the internet may be viewed/accessed and used by other persons. Please note that no liability whatsoever can therefore be accepted for the disclosure of information due to errors in data transmission not caused by SPHAER and/or unauthorized access by third parties (e.g. hacker attacks on e-mail accounts or telephone(s), interception of faxes).
13.2 Your personal data will be processed for as long as it is necessary to fulfil contractual or legal obligations (such as business storage obligations), to defend against any liability claims and for the duration of the declaration of consent. After this period, data is deleted or anonymized in such a way that it can no longer be related to a person. SPHAER will ensure that your personal data is treated in accordance with this privacy policy for the entire period.
13.3 SPHAER deletes contact data six months after contact is made, insofar as no contractual relationship or declaration of consent subsequently arises.
14. Your rights as a data subject
14.1 As a data subject within the meaning of the GDPR, you have the following rights, among others:
· The right to information about your stored personal data, its origin and recipient and the purpose of the data processing.
· Furthermore, you have the right to rectify and transfer your data and, if applicable, to object to or restrict the processing of data or delete processed data.
14.2 Your request for information, deletion, correction, objection and/or data transfer can be sent to the following e-mail address: contact@studiosphaer.com
14.3 If you believe that the processing of your personal data by SPHAER violates the applicable data protection law or that your data protection rights have been violated in any other way, you have the possibility to complain and report to the competent supervisory authority. In Austria, the competent authority is the data protection authority (www.dsb.gv.at).
15. Changes to the privacy policy
SPHAER has the right to adapt this privacy policy, if necessary, for example due to technical developments or legal changes, or to update it in connection with the offer of new services or products. The updated data protection information will be available on the website https://www.studiosphaer.com. Please check this page regularly.
Version: 09/2023
[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and Repeal of Directive 95/46/EC (General Data Protection Regulation or "GDPR").
[2] Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.