Privacy Policy for Sites and Apps

Last updated on: October 2021

Thank you for visiting our website www.glydsphere.eu (“website”) and using our Glydsphere mobile app (“app”), as well as for your interest in our company.

When you visit our website and use our app, among other data, we also process your personal data within the meaning of Article 4 (1) of the GDPR (“data”). We know that the data which we are entrusted with is important. When processing your data, we attach great importance to the protection of your privacy and give due consideration to it in our business processes. Your data is handled in accordance with the legal requirements for data protection.

 

1. Contact details of the controller

 

The website and the app are operated by Space Gravity GmbH, Schillerstr. 9, 64859 Eppertshausen, e-mail: privacypolicy@space-gravity.com (“controller, we, our, etc.“).

 

2. Collection of personal data when using the website

 

Your data is processed on our website for various purposes. The legal basis for data processing may vary depending on the purpose of the processing. Below, we state the different purposes for which your data is processed on our website, together with the relevant legal basis and the duration of the storage of your data.

a) Server log files

For the purpose of operation, improvement of operation, security as well as the optimisation of our website, we collect data about every access to this website (so-called server log files). Access data includes: name of the accessed web pages and files, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (i.e. the previously visited website), IP address and the requesting provider.

This type of processing is based on Article 6 (1) (f) of the GDPR. Our legitimate interest consists in the provision of the operation, the improvement of the operation, the security and the optimisation of our website.

We store the data for (up to) one month following the end of use.

b) Newsletter

If you register for our newsletter on the website, your email address is the only mandatory information which we will process. We need your email address to carry out the double opt-in procedure and to send the

newsletter. You can choose to provide other data if you wish to be addressed personally.

The legal basis for the data processing associated with the sending of the newsletter is Article 6 (1) (f) of the GDPR. We have a legitimate economic interest in using your consent to receive our newsletter, which you have given to us, in order to contact you directly and inform you about our corporate group.

We will erase your data that we process in connection with the sending of our newsletter when you withdraw your consent to receive the newsletter, though not before the expiry of the statutory limitation periods in connection with the sending of the newsletter.

c) Cookies

For the purpose of ensuring quality and functionality, we use cookies on our website. Cookies are text files that are stored on your terminal device and which, among other things, allow us to determine the number of visits to our website. Our website uses transient and persistent cookies. Transient cookies are automatically deleted when you close your browser. These include in particular session cookies. Session cookies store a so-called session ID, which allow us to assign various requests made from your browser to one single session. These cookies make it possible for your device to be recognised when you visit our website again. You can delete cookies at any time by navigating to the security settings of your browser. You can configure your browser settings according to your requirements and, for example, reject third-party cookies or all cookies. However, please note that you may then not be able to use all functions of this website.

Where your personal data is processed among other data processed by individual cookies implemented by us, such processing takes place in accordance with Article 6 (1) (f) of the GDPR. Our legitimate interest consists in the best possible functionality and a customer-friendly and effective design of your visit to our website. Session cookies are deleted when you log out or close your browser. Persistent cookies are automatically deleted after a specified period, which may vary depending on the type of cookie, up to a maximum of two years for the types of cookies we use.

Insofar as any data is processed that goes beyond the scope required for the use of our website, such processing shall be based on your consent in accordance with Article 6 (1) (a) of the GDPR. Should you withdraw your consent, we will delete the cookies immediately.

d) Contact form

For the purpose of making contact and processing your request (e.g. using the contact form or email), we collect the contact and content data as stated on the respective form or in the email. We collect and use this data for the purpose of answering your request or contacting you.

The legal basis for the processing of your data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) of the GDPR. If your contact request is made in connection with the conclusion of a contract, the processing of your data by us shall additionally be based on Article 6 (1) (b) of the GDPR.

We will erase the data provided by you as soon as your contact request has been conclusively resolved. This is deemed to be the case when it can be inferred from the circumstances that the matter in question has been fully resolved.

e) Consent banner

On our website, we also use cookies that are not necessary from the technical point of view and which serve a variety of purposes. We will ask for your consent to the provision of these services. We use our consent banner to request, manage and document your consent. We store the data required for this purpose in your local storage or using a cookie, which allows us to recognise you when you visit our website again. We process your IP address and metadata of the connection at the time of your visit to our website, in particular information about your browser and terminal device.

The associated processing of your data is based on Article 6 (1) (f) of the GDPR. Our legitimate interest consists in enabling you to use our website in a way that is as user-friendly as possible and in facilitating our defence against legal claims made in connection with the use of services which use cookies that are not necessary from the technical point of view.

The data in your local storage or the cookie has a lifespan of one year, unless you delete it in your browser prior to the expiry of the one-year period.

f) Google Analytics

On our website, we use the Google Analytics tool from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google Ireland”).

By using Google Analytics, we are able to analyse and evaluate the use of our website and to compile reports on the website activities of our visitors on the basis of the information thus collected. Google Analytics also creates pseudonymised usage profiles for website visitors. Google Analytics uses cookies that are not necessary from the technical point of view, as well as online identifiers (including cookie identifiers), IP addresses and your device identifiers. We only use Google Analytics with the extension "Anonymise-IP", which means that part of your IP address is deleted before it is transferred to Google. Google Ireland is the service provider within the framework of the use of Google Analytics.

The use of Google Analytics is based on the consent you give us in accordance with Article 6 (1) (a) of the GDPR.

The information collected as part of our use of Google Analytics will be erased after 9 or 18 months (https://policies.google.com/technologies/ads). As part of our use of Google Analytics, Google Ireland acts as the service provider; you can access the order processing contract that also applies to Google Analytics under the following link: https://privacy.google.com/businesses/processorterms/. Should Google Ireland offer a contract on shared responsibility in the future, we intend to conclude such a contract.

The use of Google Analytics may result in your data being transferred to the USA. There is no adequacy decision by the European Commission in respect of data transfers to the USA. Data transfer to the USA is therefore based on your declaration of consent in accordance with Article 49 (1) (a) of the GDPR (for details, see Section 5).

You can also prevent data from being transferred to Google Ireland by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

g) Webshop

You can use our website to purchase our products in the Webshop. We process your personal data for the purpose of operating the Webshop, including the provision of the products, the processing of orders, the delivery of products and the processing of payments. We also process your data to fulfil warranty claims and to exercise our own claims.

The legal basis for this is Article 6 (1) (b) of the GDPR. A further legal basis is also Article 6 (1) (f) of the GDPR. Our legitimate interest consists in the effective and safe operation of the Webshop, the processing of orders, the exercise of our claims and the fulfilment of your claims.

We store your data for the duration of the contract. We also store your data in accordance with the statutory storage and retention periods, see Section 6.

 

3. Our app

 

We process your personal data when you download, register, log in and use our app. You can download the app from “Google Play” and the “Apple App Store”. Please note that when you download the app directly from the two above app stores, your data is processed at the same time, whereby we do not act as the controller of such processing. The respective operators of the app stores thus act as the controllers.

We process your data in detail with the purpose of enabling you to download and register in the app, setting up a user account for you, verifying authorisations when logging in and using the user account, answering your requests to reset your password, creating a secure environment for using the app, protecting your data as well as third-party data and confidential information, making the functions of the app available to you, preventing and eliminating malfunctions, enforcing our terms and conditions of use and all related rights and obligations, contacting you, sending you technical or legal notices, updates, security messages or other messages relating to the administration of the user account; The processing of your data in the context of a transfer to processors is carried out with the purpose of ensuring efficient and secure operation of the app, including its maintenance; your data may also be transferred to law enforcement authorities and other authorities as well as to injured third parties or legal advisers.

We process the following data for the purpose of downloading, registration, logging in and using the app: user information: e.g. surname, first name, email address, type of licence; app information: e.g. functions used, audio and sound files used, authorisations to access other apps on your terminal device; certificate information: e.g. existing certificates and their expiry date; information on the security status and security settings: e.g. enabled/disabled encryption , cloud backup, password protection, data protection; network information and metadata of the connection: IP address, volume of received and sent data, enabled/disabled hotspot usage and the WLAN network name (SSID). Please note that if the user grants authorisations which e.g. depend on the individual settings of the terminal device, other data may also be processed. All data is transferred in encrypted form.

For the purpose of downloading, registration and logging in as well as using the app, your aforementioned data will only be passed on to our consultants who specialise in the app and who have been carefully selected by us and, in exceptional cases, to law enforcement authorities and other authorities as well as to injured third parties or legal advisers.

The legal bases for downloading, registration, logging in and using the app are: Article 6 (1) (a) of the GDPR insofar as you have consented to the processing for the aforementioned purposes; Article 6 (1) (b) of the GDPR insofar as this is necessary for the performance of your contract; Article 6 (1) (c) of the GDPR insofar as we are subject to a legal obligation to pass on data, e.g. to law enforcement authorities; Article 6 (1) (f) of the GDPR insofar as we have a legitimate interest in passing on the data to third parties if there are indications of abusive conduct or if this serves the purpose of enforcing our terms and conditions of use or legal claims; Article 6 (1) (f) of the GDPR within the scope of our legitimate interests: in the functionality and error-free operation of the app in a safer environment, the protection of the data of our employees and third parties, the protection of our confidential information as well as the commissioning of professional service providers to ensure an efficient and safe operation of the app, as well as its professional maintenance.

We erase your data as soon as it is no longer required for the aforementioned purposes, unless, for example, we are under an obligation to store it for a longer period due to tax and commercial law retention and documentation obligations, or where further processing is necessary due to ongoing legal disputes, or where you have consented to further storage (for details, see Section 6).

The use of the app may result in your data being transferred to the USA. There is no adequacy decision by the European Commission in respect of data transfers to the USA. Data transfer to the USA is therefore based on your declaration of consent in accordance with Article 49 (1) (a) of the GDPR (for details, see Section 5).

 

4. Recipients

 

In certain cases, the aforementioned personal data may also be accessed by our service providers who are involved in the maintenance and updating of the website. In order to deliver your orders in our Webshop, we also transfer your data to shipping companies and payment service providers. Your IP address may also be transferred to Google Ireland Limited or other companies within the Google company group. In addition, your data may also be transferred or made accessible in any other way to tax consultants, auditors, as well as the tax authorities responsible for us, e.g. in the context of a company audit.

Such transfer takes place in accordance with Article 6 (1) (f) of the GDPR for the purpose of securing our claims and safeguarding our legitimate interest in the technically and economically optimised operation of our website or company. The transfer takes place on the basis of your consent in accordance with Article 6 (1) (a) of the GDPR, where such consent has been given by you. The legal basis in connection with the performance of our contracts with you is Article 6 (1) (b) of the GDPR.

 

5. Export and processing of data in countries outside the European Economic Area

 

Due to the use of the “Google Analytics” analysis service, your data may also be transferred to the USA, whereby your data may be stored and possibly profiled and evaluated in the USA. When you use our app, your data may also be transferred to the USA.

In the USA, there is no data protection level equivalent to that of the European Union. There is no adequacy decision by the European Union in respect of transfers to the USA, nor are there any suitable guarantees. American authorities may access and use your data. In accordance with American law, neither access nor the use of your data are regulated in a way equivalent to European law. American legislation does not contain any restrictions on the access or use of your data, nor can you enjoy any effective legal protection against the access and use of your data if you are not a US citizen.

The legal basis for the transfer of your data to the USA is your express consent in accordance with Article 4 (11) of the GDPR in conjunction with Article 49 (1) (a) of the GDPR.

 

6. Duration of data processing

 

Unless otherwise stated in Sections 3 and 4 or where you have given your consent to longer storage, we do not store or process any personal data of the users of our website beyond the end of actual use. This does not apply if we are obliged to disclose, store or otherwise process such data due to the respective applicable legal obligations such as disclosure obligations to a public prosecutor's office or due to retention periods (e.g. retention periods in line with commercial and tax law). The legal basis in this case is Article 6 (1) (c) of the GDPR in conjunction with the respective legal standard. Likewise, this does not apply if we process the data for the exercise and defence of our legal claims, e.g. for the purpose of storing your consent given to us using the consent banner. The legal basis in this case is Article 6 (1) (f) of the GDPR. Our legitimate interest consists in the defence and exercise of our legal claims.

Where legal obligations apply, we may store some of your data for up to 10 years after the end of the calendar year in which it was last processed. Where this is required for the purpose of safeguarding and defending our legal claims, we store the data for a period of 3 years (standard limitation period). The period begins on the first day of the year following the year in which we collected your data or received it from third parties. If it is necessary to store it beyond this period (e.g. in the event of legal proceedings), your data may also be stored for a longer period.

 

7. Necessity of data collection

 

In order to use our website or the app, the collection of your personal data, as described in more detail in Sections 3 and 4, is neither required by law nor contractually stipulated, although it is necessary for the implementation of the purposes described in each case.

 

8. Rights of the data subject

 

According to the GDPR, you have the following rights and claims in your legal relationship with the controller:

  • the right of access (Article 15 of the GDPR)
  • the right to rectification (Article 16 of the GDPR)
  • the right to erasure (Article 17 of the GDPR)
  • the right to restriction of processing (Article 18 of the GDPR)
  • the right to data portability (Article 20 of the GDPR)

 

9. Consents granted

 

You can withdraw your consent to data processing at any time, either in whole or in part, with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing of personal data up to the point of withdrawal.

 

10. The data subject’s right to object according to Article 21 of the GDPR

 

According to Article 21 of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (f) of the GDPR, with effect for the future.

We will then no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

If you wish to exercise your right to object, please simply send us an email to the address provided in Section 1.

 

11. Right to lodge a complaint with a supervisory authority

 

You have the right to lodge a complaint with a supervisory authority according to Article 77 of the GDPR. Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if the data subject believes that the processing of personal data relating to them infringes the GDPR.

However, you are also welcome to contact us first. As we all know, direct contact is often a very good way of resolving many issues.

Close