Privacy Policy

Who are we?

Spherity GmbH is a German software company, building decentralized digital identity management solutions to power the fourth industrial revolution, bringing secure identities to enterprises, machines, products, data and even algorithms. Spherity is certified according to the information security standard ISO 27001.

Spherity GmbH is a data controller for personal data and personally identifiable information collected and processed by Spherity’s services.

Contact

Spherity GmbH

📍 Emil-Figge-Straße 80, 44227, Dortmund, Germany (HQ)

📍 127 West 30th Street, 9th Floor, at Spaces, New York, NY 10001, USA

đŸ“± +49 (0)231 968 197 60

[email protected]

Managing Directors: Dr. Carsten Stöcker, Dr. Michael RĂŒther

USt-IdNr.: DE 316 157 015

Inhaltlich Verantwortlich gemĂ€ĂŸ § 10 Absatz 3 MDStV: Dr. Michael RĂŒther (Anschrift wie oben)

What data do we collect?

We collect your personal information in order to provide and continually improve our products and services. The types of personal information we collect are outlined in the next sections.

Information you give us:

  • Your name
  • Your email address
  • Your IP address
  • Relevant metadata relating to your time on Spherity’s website
  • Conversation history with Spherity
We receive and store any information you provide in relation to Spherity’s services.

Automatic information: We automatically collect and store certain types of information about your use of Spherity’s website, including your interaction with content hosted on our website. Like many websites, we use cookies to obtain certain types of information when your web browser or device accesses our website.

Information provided to us by a third party: In the course of business with Spherity, it is reasonably foreseeable that we may receive personal data from an external source or third party.

Information necessary to carry out our services: While using Spherity’s digital identity services, for example, personal data may be stored in Spherity’s cloud identity wallet and processed by Spherity’s digital identity agent.

How will we use your data?

Processing, collecting and disclosing our users/customers’ personal data in compliance with GDPR is important to Spherity. Accordingly, it is important to lay out exactly how we use your data.

To carry out business activities: Spherity processes personal data that we receive from you enables us to carry out our digital identity services that we offer to you;

To facilitate effective use of our identity services: Spherity may process and record personal data that we receive in providing data hosting and back-up services on behalf of our clients for the purpose of supporting the client in delivering identity credential-related services and digital wallet services;

To communicate effectively with you: Spherity collects your data so that it can follow up any business activities with accuracy, drawing on interactions you have had with Spherity in the past;

To conduct analytics: Spherity uses analytics on aggregated and anonymized data so we can continually improve our website and keep it secure;

To market our services: If consented to, Spherity will communicate and market its services to you through mediums such as a newsletter, educational emails or sharing articles. If you have consented, you can always choose to opt-out later;

To act on a business change: If Spherity become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we may share or transfer databases containing personal data of users including your personal data to a successor party or parties in connection with such transaction or change in ownership or legal structure;

To act on a request for necessary disclosure: Spherity may disclose information about you to third parties if deemed necessary by law, for example, to (i) comply with a law, regulation, or mandatory request such as a warrant or court order, to (ii) Protect the any person from death or serious bodily injury, to (iii) Protect the Site or Spherity GmbH from unlawful abuse or attacks.

Third party service providers

HubSpot

Our sign-up service allows visitors to learn more about our company, schedule a product demo, and provide their contact information and other demographic information. This information is stored on servers operated by our software partner HubSpot. We may use it to contact visitors to our website and determine which services or offers are of interest. All information we collect is subject to this privacy policy. We use all information collected solely to optimize our marketing. HubSpot is a software company based in the USA with a branch office in Ireland.

Contact: 2nd Floor, 30 North Wall Quay - Dublin 1, Ireland or by phone: +353 1 5187500

As there is a transfer of personal data to the USA, different protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data following the protection level in Europe. If this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.

Stripe

We have integrated Stripe as a payment method on our website to enable secure and convenient transactions for our customers. Stripe is a third-party payment processor that is committed to protecting the privacy and security of customer data. When you make a payment using Stripe, we will collect and transmit to Stripe certain information required for payment processing, such as your name, email address, payment card information, and transaction details. Stripe may also collect information directly from you, such as your billing and shipping addresses, for fraud prevention and compliance purposes. Please note that Stripe's use of your personal data is subject to their own privacy policy, which we encourage you to review.

Here are some additional details about how we use and protect your personal data when you make a payment using Stripe:

  • We do not store your payment card information on our servers. Instead, Stripe securely stores your payment card information on their servers and provides us with a unique token that we use to process your payment. This means that your payment card information is never stored on our servers, reducing the risk of unauthorized access or data breaches.
  • We may retain transaction details and billing information for accounting and customer service purposes. This includes information such as the date and time of the transaction, the amount paid, and the products or services purchased. We may also retain your billing information, such as your name and billing address, to facilitate future transactions or resolve disputes.
  • We use industry-standard security measures to protect your personal data. We have implemented appropriate physical, technical, and organizational measures to safeguard your personal data against unauthorized access, use, or disclosure. This includes using SSL encryption to protect your payment card information during transmission, and restricting access to your personal data to authorized personnel only.

By using Stripe as a payment method on our website, you agree to the collection, use, and sharing of your personal data as described in this privacy policy. If you have any questions or concerns about how we use your personal data, please contact us.

Mailchimp

Newsletters are sent using the dispatch service provider “MailChimp”, a newsletter platform of the US provider Rocket Science Group LLC, 675 Ponce de Leon Avenue Northeast, Suite 5000 Atlanta, GA 30308 United States You can view the privacy policy of the dispatch service provider here: https://mailchimp.com/legal/privacy/.

Rocket Science Group LLC d/B/a MailChimp is certified under the Privacy Shield Agreement and offers a guarantee of compliance with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). Although we acknowledge that after the recent Schrems 2 case, the Privacy Shield has been effectively invalidated. As such, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR.

Legal basis for processing personal data

The GDPR requires a legal basis for our use of personal data. Our legal basis varies depending on the specific purpose for which we use personal information. We may potentially use:

Performance of a contract when we provide you with products or services, or communicate with you about them under the terms of an agreement or contract we have with you.

Our legitimate business interests in (among other things) delivering our Services, conducting commercial research, improving and maintaining our Services, protecting the security or integrity of our databases, protecting our business or reputation, taking precautions against legal liability, dealing with our assets in the event of a business change, protecting and defending our legal rights or property, or for resolving disputes, investigating and attending to inquiries or complaints with respect to your use of our Services;

Your explicit and freely given consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose.

Compliance with a legal obligation when we use your personal information to comply with laws, a court order, a warrant or other relevant legal instrument.

Given our commitment to compliance as a company, it is unlikely that Spherity will rely on the grounds of legitimate interests, owing to loopholes and grey areas arising out of this ground which do not lend well to the protection of personal data for a data subject.

Third-country transfers of personal data

These consist of transfers out of the European Economic Area. Whenever we transfer personal information to countries outside of the European Economic Area, we ensure that the information is transferred in accordance with this Privacy Policy and as permitted by the applicable laws on data protection. We rely on European Commission adequacy decisions or use contracts with standard safeguards published by the European Commission. This is for example, how we use HubSpot in a compliant way, as explained above.

What are your data rights?

If you have personal data processed by Spherity, you are a ‘data subject’. As a data subject, you have a number of rights which we, Spherity, as the data controller for your data, must uphold.

Right to information (Art. 15 GDPR)

Data subjects have the right to obtain information about whether and, if so, what information is stored about them and for what purposes. Art. 15 GDPR conclusively regulates which information must be made available to the data subject. In addition, he or she is also entitled to a free copy of the data.

Right to rectification (Article 16 of the GDPR)

Pursuant to Article 16 of the GDPR, the data subject has the right to demand that the controller rectify any inaccurate personal data without undue delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

Right to erasure (Art. 17 GDPR)

The data subject has the right to request from the controller that personal data concerning him or her be erased without undue delay and the controller is obliged to erase personal data without undue delay.

Right to restriction of processing (Art. 18 GDPR)

The data subject has the right to request the controller to restrict the processing of his/her data.

Right to data portability (Art. 20 GDPR)

The data subject has the right, provided that the conditions are met, to receive the personal data concerned that he or she has provided to a controller in a structured, commonly used and machine-readable format and he or she has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided.

Right to object (Art. 21 GDPR)

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f). This can be done both in automated and electronic form.

If you want to act on one of these rights, you can make a request. Upon receiving a request, we have one month to act on your request. If you would like to make a request, please contact us at: [email protected]

How long do we keep your data for?

Spherity will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology. For further information, visit: allaboutcookies.org

How do we use cookies?

Spherity uses cookies in a range of ways to improve your experience on our website, including:

  • Helping to understand how you use the website
  • Helping to aggregate data about the performance of the website

For any cookie on Spherity’s website, regardless of whether it collects personal data or not, Spherity has the cookie disabled by default. This is important given the CJEU ruling in the Planet 49 case which ruled that any pre-ticked cookie boxes do not constitute valid consent.

How to manage cookies

You can set your browser not to accept cookies. You can block cookies by installing a browser add-on such as Privacy Badger or uBlock Origin. However, in a few cases, some of our website features may not function properly as a result.

Children

Spherity’s services are not directed to children and/or persons under the age of majority in their respective jurisdictions. Spherity do not knowingly collect personal data from individuals under eighteen (18) years of age. Any data found to be collected from a person under the age of eighteen will be expressly removed, unless we receive explicit permission from a parent or legal guardian.

Changes to our privacy policy

Spherity keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 17 Apr 2023.

Contact us

If you have any questions about Spherity’s Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at: [email protected]

Mail address: Emil-Figge-Straße 80, 44227 Dortmund, Germany

Competent supervisory authority

Should you wish to report a complaint or if you feel like Spherity has not addressed your concern in a satisfactory or timely manner, you may contact the relevant competent supervisory authority.

The supervisory authority responsible for our company is State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.

Kavalleriestr. 2-4, 40213, DĂŒsseldorf

Telephone: +49 (0)211 38424-0

[email protected]