We appreciate your interest in our company. Data protection is extremely important for the management of Spherea Test & Services Ltd. (hereinafter also referred to as ‘controller’, ‘we’, ‘us’, ‘our’).
The use of our websites is generally possible without the disclosure of any personal data. However, when a data subject wishes to claim special services from our website, the processing of personal data may be necessary. If such processing is necessary and no other legal basis is applicable, we generally acquire the data subject’s declaration of consent.
The processing of personal data such as name, address, email address, or phone number is carried out under strict adherence to data protection laws, especially the European General Data Protection Regulation (GDPR). With this Privacy Notice, we want to inform the public about the nature, scope and purpose of the data processing on this website. Additionally, we wish to inform any data subjects about their rights according to applicable data protection laws.
We have taken appropriate technical and organisational measures to ensure the safety and security of your personal data which we process. Nevertheless, data transfers via the internet always bear some security risks. Therefore, any data subject can freely decide to communicate with us or disclose their data by other means, such as by telephone.
This Privacy Notice is based on the terminology used by the GDPR. We aim at the comprehensiveness and readability of this Notice – to ensure this, we provide you with an explanation of the terminology used.
We use the following terms in this Privacy Notice:
Definitions
a) Personal Data
Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data Subject
The data subject is the identified or identifiable natural person, whose personal data are processed by the controller.
c) Processing
Processing means any operation on personal data such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of Processing
Restriction of processing is the special marking of stored personal data with the aim of restricting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to assess certain personal aspects related to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, personal data, reliability, behaviour, location or movements of that natural person.
f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller
The controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
i) Recipient
Recipient means a natural or legal person, authority, authority or other body to which the personal data is disclosed, whether it is a third party. However, authorities which may obtain personal data in the context of a particular investigation in accordance with Union or Member State law shall not be deemed to be recipients; the processing of such data by these authorities in accordance with the applicable data protection rules in accordance with the purposes of the processing.
j) Third Party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
The consent of the data subject means any freely given, specific, informed and unambiguous indication of the wishes of the data subject, by which he or she means consent to the processing of personal data concerning him or her by means of a declaration or a clear affirmative act.
Name and address of the controller
Spherea Test & Services Ltd.
Building 400
Aviation Business Park
Bournemouth International Airport
Christchurch BH23 6NW
Phone.: +44 1202 872800
Email: info@spherea.co.uk
Website: www.spherea.co.uk
Name and address of the data protection officer
Spherea Test & Services Ltd.
Building 400
Aviation Business Park
Bournemouth International Airport
Christchurch BH23 6NW
Phone.: +44 1202 872800
Email: info@spherea.co.uk
Website: www.spherea.co.uk
Cookies
Our website uses cookies. Cookies are small text files that are saved and stored on the computer system via the web browser.
A multitude of websites and servers use cookies. Many cookies include a so-called cookie ID. A cookie ID is a unique identifier for cookies. It consists of a string of characters which can be used to assign Internet pages and servers to the specific Internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific web browser can recognise and identify the unique cookie ID.
By using cookies, we can provide users of this website with more user-friendly services that would not be possible without the cookies.
A cookie can be used to optimise the information and offers on our website in the interests of the user as cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to enter his or her log in information each time he or she visits the website when this is done by the website and the cookie stored on the user’s computer system.
The data subject can prevent cookies from being set by our website at any time by means of the right setting in the Internet browser used and thereby permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via the Internet browser or other software programs; this is possible with all common Internet browsers. If the person concerned deactivates the setting of cookies in the browser, it may be possible that not all functions of our website can be used to their full extent.
Collection of data and information
Our website collects data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server’s log files. The following information is collected:
- Browser type and version used
- Operating system used by the accessing device
- Website from which the device accesses our website
- Sub-websites that are accessed on our website
- Date and time of the access
- Internet protocol address (IP address)
- Internet service provider of the accessing device
- Other data and information that is used for security in the event of attacks on our IT system
We do not use the data and information for any decision-making process about data subjects. This information is rather required in order to:
- Deliver the content of our website correctly
- Optimise the content and advertising on our website
- Ensure the long-term functionality of our IT systems and the technology of our website
- Provide law enforcement authorities with the necessary information in the event of criminal prosecution for cyber-attacks.
These anonymised data and information is therefore processed by us for both statistical purposes and to increase data protection and data security in the company, ultimately ensuring an optimum level of protection for the personal data processed. The anonymous data in the server log files are stored separately from all personal data provided by the data subject.
Contact via the website
Our website offers the possibility to establish a swift electronic contact with our company. If a data subject contacts us by email or via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted to us by a data subject on a voluntarily basis are stored for the purpose of working on the requests or to contact the data subject. These personal data are not transferred to third parties.
Retention period of personal data
The person responsible for the processing processes and stores personal data of the data subject only for the period that is necessary to achieve the storage purpose or that has been provided for by the legislator. If the storage purpose no longer applies or if a statutory storage period expires, the personal data will be routinely blocked or deleted in accordance with the regulations.
Rights of the data subject
a) Right of Confirmation
Every data subject has the right to obtain confirmation from the controller as to whether personal data relating to him or her are being processed.
b) Right of Access
Every data subject has the right to receive information from us about the personal data stored about him or her and to receive a copy of this information. Furthermore, the data subject has the right to be informed about whether personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information about the appropriate guarantees in connection with that transfer.
c) Right to Rectification
Every data subject has the right to obtain the rectification of inaccurate personal data concerning him or her without delay. He or she also has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
d) Right to Erasure (“Right to be forgotten”)
Any data subject has the right to demand that the personal data relating to him or her are deleted immediately, unless we have reasons for further storage.
e) Right to Restriction of Processing
Under certain conditions, every data subject has the right to request restriction of processing.
f) Right to Data Portability
Every data subject has the right to receive the personal data concerning him or her which he or she has provided to us in a structured, common and machine-readable format. Furthermore, he or she has the right to have the personal data transmitted directly from us to another controller, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other individuals.
g) Right to Object
Every data subject has the right to object to the processing of his or her personal data, unless we can demonstrate legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If Spherea GmbH processes personal data for the purpose of direct marketing, the data subject has the right to object at any time to the processing of personal data for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct marketing. If the data subject objects to Spherea GmbH processing for direct marketing purposes, Spherea GmbH will no longer process the personal data for these purposes.
h) Automated Individual Decision-making and Profiling
Every data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which results in legal effects concerning him or her or which significantly affects him or her in a similar way, except where the decision is (1) necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) authorised by Union or Member State law to which we are subject and provided that such law contains adequate safeguards with regard to the rights and freedoms and legitimate interests of the data subject, or (3) based on the explicit consent of the data subject.
i) Right to Withdraw a Consent
Every data subject has the right to withdraw his or her consent to the processing of personal data at any time. Such withdrawal does not affect the lawfulness of the previously processed personal data.
j) Right to Lodge a Complaint with the Supervisory Authority
Every data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data violates the GDPR.
Data protection for applications and in the application process
The controller processes the personal data of applicants for the purpose of completing the application process. The processing may also be carried out by electronic means. This applies in particular if applicants submit their documents to the controller electronically, for example by email or via a web form on our website. If the controller concludes an employment contract with an applicant, the submitted data are stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, unless deletion is contrary to any other legitimate interests of the controller.
Privacy policy on the use of Google Analytics (anonymisation)
With your consent (Art. 6 I 1 lit. a) GDPR, please also see below) we use Google Analytics on our website. Google Analytics is an analysis service from our contractual partner Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States), which uses Cookies and stores the data on servers in the USA. In this context, Google complies with the data protection regulations of the EU-US Privacy Shield and thus guarantees the security and confidentiality of your data.
For the protection of your personal data, we use the so-called IP-anonymisation method. Your IP address is automatically shortened within the EU and the European Economic Area before it is forwarded to the USA. This means that it is no longer possible to assign this address to you since it cannot be matched with other data that may be stored by Google.
Google uses the data collected on our behalf exclusively for the evaluation of the use of our offers and the activity on our pages as well as for the improvement and optimisation of our online services. The following data is collected for this purpose:
Your IP address (see above)
The visited pages
Technical data (browser, device etc.)
The referrer-URL
Your data will be automatically deleted after 14 months.
Even after you have given your consent, you can still prevent the storage of cookies on your end device at any time by making the appropriate settings on your browser – however, this may mean that you may no longer see all of our content.
You can also use a browser add-on to prevent the information collected by cookies from being sent to Google: https://tools.google.com/dlpag...
Legal bases for data processing
Art. 6 I 1 lit. a) GDPR serves our company as a legal basis for processing operations for which we obtain consent. If the processing is necessary for the performance of a contract to which the data subject is party the legal basis is Art. 6 I 1 lit. b) GDPR. This is the case, for example, when delivering goods or fulfilling other contractual obligations. The same applies to such processing operations which are necessary for pre-contractual measures, for example in case of enquiries about our products or services. If our company is subject to a legal obligation which makes it necessary to process personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I 1 lit. c) GDPR. Finally, processing operations can be based on Art. 6 I 1 lit. f) GDPR. On this basis the processing of personal data is lawful when the legitimate interests of the controller or by any third party outweigh the rights and freedoms of the data subject.
Contractual or statutory provisions making personal data available; necessity for the conclusion of a contract; obligation of the data subject to provide personal data; possible consequences of not providing the data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information about the contracting party). Sometimes it may be necessary that a data subject provides us with personal data that we have to process subsequently to conclude a contract. For example, data subjects are obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would result in the contract not being concluded with the person concerned. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee explains to the person concerned on a case-by-case basis whether the provision of personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of not providing the personal data.
Automated decision making
As a controller we do not use automatic decision-making or profiling.
Updating this Privacy Notice
We will update this Privacy Notice at regular intervals in order comply with the current data protection regulations and to adhere to technical developments. It will be effective with its publishing here.