Datenschutz

Controller

Datasphere Analytics GmbH
Lippstädter Straße 42
48155 Münster, Germany

Represented by: Lukas Haemisch (Managing Director)
E-mail: hello@datasphere-analytics.com

Overview of Processing Activities

Categories of Data Processed

1. Master and contract data
2. Payment data
3. Location data
4. Contact and content data
5. Usage data
6. Meta and communication data
7. Log data

Categories of Data Subjects

1. Customers, clients, and prospects
2. Business partners
3. Users of our website and online services
4. Communication partners

Purposes of Processing

1. Fulfillment of contractual obligations
2. Communication and handling of inquiries
3. Security measures and IT operations
4. Direct marketing and promotional communication
5. Reach measurement and tracking
6. Office and administrative processes
7. Conversion and performance analysis
8. Audience segmentation and profiling
9. Feedback and improvement of user experience

Legal Bases

We process personal data in accordance with the GDPR and the German Federal Data Protection Act (BDSG). The main legal bases are:

1. Consent (Art. 6(1)(a) GDPR) – where you have given us explicit consent.
2. Contractual performance and pre-contractual measures (Art. 6(1)(b) GDPR) – where processing is necessary to perform a contract or respond to related requests.
3. Legal obligation (Art. 6(1)(c) GDPR) – where we are required by law to process data.
4. Legitimate interests (Art. 6(1)(f) GDPR) – where processing is necessary to protect our legitimate interests and your rights do not override them.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

1. Access restrictions and controls
2. Data encryption and secure storage
3. Logging and separation of data
4. Backup and recovery procedures
5. Procedures for deletion and exercising data subject rights
6. Privacy by design and by default

Disclosure of Data

We only share personal data with third parties when this is necessary to fulfill contracts, provide our online services, or comply with legal obligations. Typical recipients include IT service providers and providers of integrated services. We have agreements in place with all processors to safeguard personal data.

International Data Transfers

Data transfers to countries outside the EU/EEA occur only where legally permitted. For transfers to the USA, we rely primarily on the EU–US Data Privacy Framework (DPF), supplemented by EU Standard Contractual Clauses (SCCs).

A current list of certified companies can be found here: https://www.dataprivacyframework.gov/

For other third countries, SCCs or your explicit consent apply.

Data Retention and Deletion

We retain personal data only as long as necessary for the respective purpose or as required by law.

Typical retention periods under German law:

1. 10 years: accounting and tax records (e.g. financial statements, booking records)
2. 8 years: booking receipts (e.g. invoices)
3. 6 years: business correspondence
4. 3 years: data for defending or enforcing civil claims (regular limitation period)
5. 30 days: server log files

Rights of Data Subjects

Under the GDPR, you have the following rights:

1. Access to the data we process about you (Art. 15 GDPR)
2. Rectification of inaccurate or incomplete data (Art. 16 GDPR)
3. Erasure (“right to be forgotten”, Art. 17 GDPR)
4. Restriction of processing (Art. 18 GDPR)
5. Data portability (Art. 20 GDPR)
6. Objection to processing based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR)
7. Withdrawal of consent at any time (Art. 7(3) GDPR)
8. Right to lodge a complaint with a supervisory authority, e.g. the Data Protection Authority of North Rhine-Westphalia (Art. 77 GDPR)

Business Services

We process data of our clients, prospects, and business partners as part of our business relationships. This includes master and contact data, contractual information, payment details, and communication data.

Purposes: contract performance, communication, administration, and protection of our rights.

Legal bases: Art. 6(1)(b), (c), (f) GDPR.

Retention: until the business relationship ends, subject to statutory retention periods.

Provision of the Website and Hosting

When you access our website, technical data such as IP address, date and time, pages accessed, browser type/version, operating system, and referrer URL are processed. These are stored in server log files.

Purposes: delivery of content, system security, prevention of misuse.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

Retention: up to 30 days, then deleted or anonymized.

Contact and Request Management

When you contact us (e.g. via e-mail or phone), we process the data you provide (such as name, contact details, message content) solely to handle your request.

Legal bases: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interests).

Data are deleted once the request is completed, unless legal obligations require further storage.

Promotional Communication

We may use personal data to send information about our services by e-mail, phone, or post, where legally permitted.

You can object to such use at any time or withdraw consent given.

Online Marketing

We may process personal data for online marketing purposes such as interest-based advertising, reach measurement, or conversion tracking.

Legal bases: consent (Art. 6(1)(a) GDPR) or legitimate interests (Art. 6(1)(f) GDPR).

Retention: cookies and similar technologies may be stored for up to two years.

Withdrawal/opt-out: you can disable cookies in your browser or object via platforms such as www.youronlinechoices.eu.

Plug-ins and Embedded Content

We may integrate external content or features (e.g. maps, videos, fonts) into our website. For this, the providers necessarily process the IP address of users.

Legal bases: consent (Art. 6(1)(a) GDPR) or legitimate interests (Art. 6(1)(f) GDPR).

Providers may also use cookies or pixel tags for statistical or marketing purposes.

‍