Status of the information: 30th september, 2025
When you visit our website, various personal data is processed depending on the nature and scope of your visit. Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). A natural person is considered identifiable if they can be identified directly or indirectly (e.g., by assigning them an online identifier). This includes information such as name, address, telephone number, date of birth, or IP addresses.
With this privacy policy, we inform you in accordance with Art. 12 et seq. GDPR which personal data is processed when you visit and use our website. Below you will find information in particular about which data we collect in connection with your visit and use of our website, what we use the collected data for, and for which purposes the data is collected. You will also find information about your rights in connection with the processing of your personal data.
We reserve the right to amend this privacy policy with future effect, in particular in the event of further development of our website, the use of new technologies, or changes to the legal basis or relevant case law. This privacy policy applies to all pages of our website (https://sphin-x.de). It does not extend to any linked websites or internet presences of other providers.
The responsible party pursuant to Art. 4 No. 7 GDPR is
sphin-X e. V.
Hainstraße 16
04109 Leipzig, Germany
Email: kontakt@sphin-x.de
If you have any questions about data protection in relation to our association or our website, please contact our Data Protection Officer. You can reach our Data Protection Officer via email ats.schuldt@lawandbeyond.com or at the following postal address:
beyond compliant GmbH
Stephan Schuldt
Karl-Tauchnitz-Straße 3
04107 Leipzig
For security reasons and to protect your personal data when it is transmitted to us, we use SSL or TLS encryption to protect your data from access by unauthorized persons. You can recognize an encrypted connection by the string https:// and the lock symbol in the address bar of your browser.
5.1 Accessing and Visiting Our Website – Server Log Files
For the technical provision of our website, it is necessary for us to process certain information automatically transmitted by your browser so that our website can be displayed and used in your browser. This information is automatically collected each time you access our website and stored in so-called ‘server log files’. The information transmitted by your browser and stored in the server log files is as follows:
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– Amount of data transferred
– Website from which access is made (referrer URL)
– Browser type and browser version
– Operating system used
The storage of the aforementioned access data is necessary for technical reasons in order to provide our website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under certain conditions, may at least theoretically enable your personal identification. Beyond the purposes mentioned above, we use server log files exclusively for the needs-based design and optimization of our website, purely for statistical purposes and without any reference to your person. This data is not merged with other data sources, nor is it evaluated for marketing purposes.
The access data collected during the use of our website is stored for the period of time required to achieve the above purposes. Your IP address is stored on our web server for a maximum of seven days for IT security purposes.
If you visit our website to find out about our range of services or to use them, the basis for the temporary storage and processing of access data is Art. 6 (1) lit. b GDPR, which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 (1) lit. f GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest in this regard is to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.
5.2 Contact
If you contact us via the contact options provided on our website, in particular via our contact form, the content of your inquiry, including all personal data arising from it, will be processed for the purpose of processing your inquiry, insofar as this is relevant or necessary for responding to your inquiry.
The processing of the personal data you provide in your inquiry is based on Art. 6 (1) lit. b GDPR, insofar as your inquiry is related to the establishment or implementation of a contractual relationship. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR), if such consent has been obtained.
If you have given your consent, we will process the personal data provided by you in the contact form for the purpose of regularly and specifically sending and providing information about the association’s activities, including events, surveys, and news. The processing of your personal data for advertising purposes is based on your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect by contacting sphin-X e. V. online via the corresponding ‘unsubscribe link’ in each mailing you receive (for the email channel) or generally via email to kontakt@sphin-X.de or by post to sphin-X e. V., Hainstraße 16, 04109 Leipzig, Germany. No special fees (beyond the transmission fees of your telephone or internet provider or the postage due) are incurred for the objection.
In the event of revocation of consent, your data will be deleted; if deletion is not possible, it will be blocked instead. Corresponding mailings can then no longer be sent to you, and it will no longer be possible to provide you with the relevant information by telephone.
To obtain your consent, we use the so-called double opt-in procedure, i.e., we will only send you the requested information once you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. This is to ensure that only you, as the holder of the email address provided, can register to receive the requested information. Your confirmation must be made promptly within seven days of receiving the confirmation email, otherwise your data/email address and other information will be automatically deleted from our mailing database.
The data you provide or transmit in the context of your inquiry will be stored by us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions, in particular statutory retention periods, remain unaffected.
5.3 Use of Cookies and Associated Plugins/Tools
5.3.1 Cookies
We use so-called ‘cookies’ on our website. Cookies are small text files that are stored on the hard drive of the device you use to access our website Characteristic strings contained in cookies enable the browser you are using to be identified when you visit our website.. Cookies cannot execute programs or transfer viruses to the device you are using. They serve to make our website more user-friendly, effective, and secure, and to enable the provision of certain functionalities of our website.
Cookies may contain data that enables recognition of the device you are using. In some cases, cookies only contain information about certain settings (e.g., language settings) that cannot be linked to a specific person..
You can refuse the use of cookies and delete cookies at any time by adjusting the settings on your device: Most browsers are preset to automatically accept cookies. You can change this setting by activating the ‘do not accept cookies’ setting in your browser. For more information, please contact your browser provider. Cookies that have already been stored can be deleted at any time. For more information on deleting cookies, please contact your browser provider.
Like the use of cookies, rejecting or deleting them is linked to the device and browser used. You must therefore reject or delete cookies separately for each of your devices and, if you use multiple browsers, for each browser.
If you activate the ‘do not accept cookies’ function in your browser, it is possible that not all functions of our website will be available to you or that some functions will only be available to a limited extent.
A distinction is made between so-called ‘session cookies’, which are deleted as soon as you close your browser, and so-called ‘permanent cookies’, which are stored beyond the individual session and are only deleted after a defined period of time.
In terms of their functions, we have divided the cookies used on our website into the following categories:
– Essential cookies
Essential cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
– Statistics cookies
Statistics cookies collect usage data that provides us with information about how our visitors interact with our website.
The legal basis for storing essential cookies is Section 25 (2) No. 2 TDDDG. We store statistics cookies exclusively on the basis of your express and active consent in accordance with Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR.
5.3.2 Cookie Management
If consent is required for the storage of cookies on your device, this website uses the cookie consent technology of Borlabs GmbH, Hamburger Straße 11, 22083 Hamburg (hereinafter ‘Borlabs’) to obtain your consent and document it in accordance with data protection regulations.
In connection with the use of Borlabs’ cookie consent technology, information is stored in your browser’s local storage (cookie lifetime, cookie version, domain and path of the website, consents, UID) in order to manage and store the consents you have given. The UID is a randomly generated ID.
If you wish to revoke your consent or change your selection, simply delete the information stored by Borlabs in your browser’s local storage. The next time you visit our website, you will be asked again for your cookie selection (consent). Alternatively, you can revoke the consents you have given or change your selection by clicking on the cookie consent button at the bottom left of the home page.
The legal basis for storing information on your device and accessing it in connection with the use of Borlabs is Section 25 (2) No. 2 TDDDG.
5.3.3 Matomo
If you have given your consent, this website uses the open source web analysis service Matomo. Matomo uses technologies that enable cross-page recognition of users to analyze user behavior. The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.
With the help of Matomo, we are able to collect and analyze data about how users use our website. This enables us, among other things, to identify when page views were made and which region the respective user comes from. We also collect various log files (e.g., IP address, referrer, browsers and operating systems used) and can measure whether visitors to our website perform certain actions (e.g., clicks, purchases, etc.).
The storage of cookies in connection with the use of Matomo Analytics is based on your consent in accordance with Section 25 (1) TDDDG. The legal basis for the processing of your data in connection with the use of Matomo Analytics is your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future. For more information on revoking your consent, please refer to the section (‘Cookie Management’) in this privacy policy.
5.4 Application
Our website offers the opportunity to apply for open positions in our association. The application process requires that you, as an applicant, provide us with detailed information about yourself. The personal data required for the application process is specified in the respective job advertisement.
You also have the option of attaching relevant documents to your application, such as a cover letter, your resume, and references. These may contain additional personal data such as your date of birth, address, etc.
In addition to the data you provide, we may process further information about you that we obtain during the application process. This may include information from an interview with you, as well as information that we have lawfully obtained from publicly available sources (e.g., professional networks).
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), insofar as this is necessary for the decision whether to establish an employment relationship. The legal basis for this is Art. 88 GDPR in conjunction with Section 26 BDSG and, if applicable, Art. 6 (1) lit. b GDPR for the initiation or implementation of contractual relationships.
Furthermore, your personal data may be processed to the extent necessary to fulfill legal obligations (Art. 6 (1) lit. c GDPR) or to defend against asserted legal claims. The legal basis for this is Art. 6 (1) lit. f GDPR. The legitimate interest results, among other things, from the burden of proof in proceedings under the General Equal Treatment Act (AGG). If you have given your express consent to the processing of personal data for specific purposes, the lawfulness of the processing follows from the consent you have given. Consent that has been given can be revoked at any time with effect for the future.
If an employment relationship is established between you and us or between you and one of our affiliated companies, the personal data you provide during the application process may be further processed in accordance with Art. 88 GDPR in conjunction with Section 26 BDSG insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of employee representation arising from a law or a collective bargaining agreement, a works agreement or a service agreement (collective agreement).
Your data will be stored for a period of 90 days after the application process has been completed. This is usually done to fulfill legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or anonymize your data. In this case, the data is only available to us as metadata without any direct personal reference for statistical evaluations (e.g., proportion of female or male applicants, number of applications per period, etc.).
If you give your consent after completing the application process, we will store the personal data collected during the application process in our “talent pool” for a period of 180 days after the end of the application process. This allows us to consider you for future vacancies. You have the right to revoke your consent at any time with effect for the future. Once you have revoked your consent or 180 days after the end of the application process, your data will no longer be used for the application process and will be deleted from our “talent pool.”
If you receive and accept an offer of employment from us as part of the application process, we will store the personal data collected during the application process for at least the duration of the employment relationship.
5.5 Hosting
Our website is hosted by an external service provider, IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. The data collected when using our website is stored on our host’s servers. This data includes, in particular, IP addresses, contact requests, meta and communication data, contact details, website accesses, and other data that is generated when using a website.
We use our hosting provider to fulfill our contractual obligations(Art. 6 (1) lit. b GDPR) and in the interest of the secure, fast, and efficient provision of our online services by a professional provider (Art. 6 (1) lit. f GDPR).
Our host will only process your data to the extent necessary to fulfill its contractual obligations. To ensure data protection-compliant processing, we have concluded a data processing agreement with the host we use.
5.6 Other Processing Purposes
5.6.1 Compliance with Legal Requirements
We also process your personal data in order to fulfill other legal obligations that may apply to us in connection with our activities. These include, in particular, retention periods under commercial, trade, or tax law.
5.6.2 Enforcement of Law
We also process your personal data in order to assert our rights and enforce our legal claims. Moreover, we process your personal data in order to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offenses.
Those departments within our association that need your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us (e.g., technical service providers, shipping companies, waste disposal companies) may also receive data for these purposes. We limit the disclosure of your personal data to what is necessary, taking into account data protection regulations. In some cases, the recipients receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently under their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other data protection regulations.
Finally, in individual cases, we transfer personal data to our advisors in legal or tax matters, whereby these recipients are obliged to maintain special confidentiality and secrecy due to their professional status.
We initially process and store your personal data for the duration of the respective purpose of use (see above for the individual processing purposes). This may also include the time periods for initiating a contract (pre-contractual legal relationship) and implementing a contract. On this basis, personal data is regularly deleted in the context of fulfilling our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:
– Compliance with statutory retention obligations arising, for example from the German Commercial Code (HGB) (Sections 238, 257 (4) HGB) and the German Fiscal Code (AO) (Section 147 (3), (4) AO). The retention and documentation periods specified therein are up to ten years.
– Preservation of evidence, taking into account the statutes of limitations. According to Sections194 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.
As a data subject, you have the following rights under the legal requirements:
8.1 Right to Information
You are entitled at any time to request confirmation from us under Article 15 GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled under Article 15 GDPR to information about this personal data and certain other information (in particular processing purposes, categories of personal data, categories of recipients, planned storage period, origin of the data, use of automated decision-making and, in the case of third-country transfers, the appropriate safeguards) and a copy of your data. The restrictions of Section 34 BDSG apply.
8.2 Right to Rectification
In accordance with Art. 16 GDPR, you are entitled to request that we rectify any personal data stored about you if it is inaccurate or incorrect.
8.3 Right to Erasure
Under the conditions set out in Art. 17 GDPR, you are entitled to request that we erase personal data concerning you without undue delay. The right to erasure does not apply, among other things, if the processing of your personal data is necessary, for example, to fulfill a legal obligation (e.g., statutory retention obligations) or to assert, exercise, or defend legal claims. In addition, the restrictions of Section 35 BDSG apply.
8.4 Right to Restriction of Processing
You are entitled to request that we restrict the processing of your personal data under the conditions set out in Art. 18 GDPR.
8.5 Right to Data Portability
Under the conditions set out in Art. 20 GDPR, you are entitled to request that we provide you with the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format.
8.6 Right of Withdrawal
You can withdraw your consent to the processing of personal data at any time. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the withdrawal only has effect for the future. Processing that took place before the withdrawal is not affected by the withdrawal of consent. To declare your withdrawal, an informal notification, e.g., via email, to us is sufficient.
8.7 Right to Object
You have the right to object to the processing of your personal data under the conditions set out in Art. 21 GDPR, in which case we must stop processing your personal data. The right to object only exists within the limits set out in Art. 21 GDPR. In addition, our interests may prevent us from terminating the processing, so that we are entitled to process your personal data despite your objection. We will take any objection to direct marketing measures into account immediately and without further consideration of the existing interests.
Information about your right to object under Art. 21 GDPR:
You have the right to object at any time to the processing of your data on the basis of Art. 6 (1) lit. f GDPR (data processing based on a balancing of interests) or Art. 7 (1) lit. e GDPR (data processing in the public interest) if there are reasons for this arising from your particular situation.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
The objection can be made informally and should be addressed to:
sphin-X e. V.
Hainstraße 16
04109 Leipzig, Germany
Email: kontakt@sphin-x.de
8.8 Right to Lodge a Complaint with a Supervisory Authority
Under the conditions of Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. In particular, you can lodge a complaint with the supervisory authority responsible for us (Saxon Data Protection and Transparency Commissioner; https://www.datenschutz.sachsen.de/kontakt.html) or another competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
8.9 Other Concerns
If you have any further questions or concerns regarding data protection, please contact our data protection officer using the contact details provided above.
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with unrestricted access to our website or respond to your inquiries. Personal data that we do not necessarily require for the above-mentioned processing purposes is marked as voluntary information.
We do not use automated decision-making or profiling (automatic analysis of your personal circumstances).