Spherity Privacy Policy

Who are we?

Spherity GmbH, a global pioneer in digital identity software, aims to revolutionize secure identity integration for enterprises, machines, products, data, and algorithms. The company's vision centers on leveraging self-sovereign identity (SSI) to streamline compliance processes in accordance with regulations related to data protection and data security.

‍

Spherity GmbH is a data controller for personal data and personally identifiable information collected and processed by Spherity’s services.

Spherity GmbH

📍 Emil-Figge-Straße 80, 44227, Dortmund, Germany
📱 +49 (0)231 968 197 60
📧 info@spherity.com

Managing Directors: Dr. Carsten Stöcker, Dr. Michael Rüther
USt-IdNr.: DE 316 157 015

This privacy policy was last updated on 26 Mar 2024.

What data do we collect?

We collect your personal information in order to provide and continually improve our products and services. Here are the types of personal information we collect:

Information you give us: We receive and store any information you provide in relation to Spherity’s services.

Your name
Your email address
Your IP address
Relevant metadata relating to your time on Spherity’s website
Conversation history with Spherity

Automatic information: We automatically collect and store certain types of information about your use of Spherity’s website, including your interaction with content hosted on our website. Like many websites, we use cookies to obtain certain types of information when your web browser or device accesses our website.

Information provided to us by a third party: In the course of business with Spherity, it is reasonably foreseeable that we may receive personal data from an external source or third party.

Information necessary to carry out our services: While using Spherity’s digital identity services, for example, personal data may be stored in Spherity’s cloud identity wallet and processed by Spherity’s digital identity agent.

How will we use your data?

Processing, collecting and disclosing our users/customers’ personal data in compliance with GDPR is important to Spherity. Accordingly, it is important to lay out exactly how we use your data.

To carry out business activities: Spherity processes personal data that we receive from you enables us to carry out our digital identity services that we offer to you;
To facilitate effective use of our identity services: Spherity may process and record personal data that we receive in providing data hosting and back-up services on behalf of our clients for the purpose of supporting the client in delivering identity credential-related services and digital wallet services;
To communicate effectively with you: Spherity collects your data so that it can follow up any business activities with accuracy, drawing on interactions you have had with Spherity in the past;
To conduct analytics: Spherity uses analytics on aggregated and anonymized data so we can continually improve our website and keep it secure;
To market our services: If consented to, Spherity will communicate and market its services to you through mediums such as a newsletter, educational emails or sharing articles. If you have consented, you can always choose to opt-out later;
To act on a business change: If Spherity become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we may share or transfer databases containing personal data of users including your personal data to a successor party or parties in connection with such transaction or change in ownership or legal structure;
To act on a request for necessary disclosure: Spherity may disclose information about you to third parties if deemed necessary by law, for example, to (i) comply with a law, regulation, or mandatory request such as a warrant or court order, to (ii) Protect the any person from death or serious bodily injury, to (iii) Protect the Site or Spherity GmbH from unlawful abuse or attacks.

Third party service providers

Google Services

In accordance with GDPR regulations, we incorporate Google Ads and various Google services into our website to improve user experience and deliver relevant content. Google may utilize cookies and similar technologies to collect certain information, including but not limited to your IP address, browser type, and browsing behavior, for the purpose of personalizing advertisements and analyzing website traffic. This data is processed in line with Google's Privacy Policy, which outlines how Google handles and protects user information. You have the option to manage your preferences and opt-out of personalized ads through Google's Ad Settings. By using our website, you consent to Google's processing of your data for the aforementioned purposes. For comprehensive details on Google's data practices, please review their Privacy Policy.

HubSpot

Our sign-up service allows visitors to learn more about our company, schedule a product demo, and provide their contact information and other demographic information. This information is stored on servers operated by our software partner HubSpot. We may use it to contact visitors to our website and determine which services or offers are of interest. All information we collect is subject to this privacy policy. We use all information collected solely to optimize our marketing. HubSpot is a software company based in the USA with a branch office in Ireland.

HubSpot sets a number of tracking cookies when a visitor lands on your website to understand their behavior better. You can display a cookie policy banner for your visitors to opt in or out of the non-essential cookies.

Contact: 2nd Floor, 30 North Wall Quay - Dublin 1, Ireland or by phone: +353 1 5187500

As there is a transfer of personal data to the USA, different protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data following the protection level in Europe. If this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.

Necessary cookies

These are essential cookies that do not require consent.

__hs_do_not_track

This cookie can be set to prevent the tracking code from sending any information to HubSpot. It contains the string "yes". It expires in 6 months.

__hs_initial_opt_in

This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode. It contains the string "yes" or "no". It expires in seven days.

__hs_cookie_cat_pref

This cookie is used to record the categories a visitor consented to. It contains data on the consented categories. It expires in 6 months.

hs_ab_test

This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before. It contains the id of the A/B test page and the id of the variation that was chosen for the visitor. It expires at the end of the session.

<id>_key

When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again. The cookie name is unique for each password-protected page. It contains an encrypted version of the password so future visits to the page will not require the password again. It expires in 14 days.

hs-messages-is-open

This cookie is used to determine and save whether the chat widget is open for future visits. It is set in your visitor's browser when they start a new chat, and resets to re-close the widget after 30 minutes of inactivity. If your visitor manually closes the chat widget, it will prevent the widget from re-opening on subsequent page loads in that browser session for 30 minutes. It contains a boolean value of *True* if present. It expires in 30 minutes.

hs-messages-hide-welcome-message

This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed. It contains a boolean value of *True* or *False*. It expires in one day.

__hsmem

This cookie is set when visitors log in to a HubSpot-hosted site. It contains encrypted data that identifies the membership user when they are currently logged in. It expires in one year.

hs-membership-csrf

This cookie is used to ensure that content membership logins cannot be forged. It contains a random string of letters and numbers used to verify that a membership login is authentic. It expires at the end of the session.

hs_langswitcher_choice

This cookie is used to save a visitor’s selected language choice when viewing pages in multiple languages. It is set when a visitor selects a language from the language switcher and is used as a language preference to redirect them to sites in their chosen language in the future if they are available. It contains a colon delimited string with the ISO639 language code choice on the left and the top level private domain it applies to on the right. An example will be "EN-US:hubspot.com". It expires in two years.

__cfruid

This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. It expires at the end of the session. Learn more about Cloudflare cookies.

__cf_bm

This cookie is set by HubSpot's CDN provider and is a necessary cookie for bot protection. It expires in 30 minutes. Learn more about Cloudflare cookies.

MailChimp

The newsletter is sent using the dispatch service provider “MailChimp”, a newsletter platform of the US provider Rocket Science Group LLC, 675 Ponce de Leon Avenue Northeast, Suite 5000 Atlanta, GA 30308 United States You can view the privacy policy of the dispatch service provider here: https://mailchimp.com/legal/privacy/.

Rocket Science Group LLC d/B/a MailChimp is certified under the Privacy Shield Agreement and offers a guarantee of compliance with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). Although we acknowledge that after the recent Schrems 2 case, the Privacy Shield has been effectively invalidated. As such, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR.

Piwik Pro

External Links

When hyperlinks are used to visit external or third-party websites, it's important to note that Spherity doesn't control these sites. Consequently, they aren't governed by our Privacy Policy. Spherity advises reviewing the privacy policies of these sites to understand how your personal information will be handled by their owners.

Legal basis for processing personal data

Performance of a contract when we provide you with products or services, or communicate with you about them under the terms of an agreement or contract we have with you.

Performance of a contract when we provide you with products or services, or communicate with you about them under the terms of an agreement or contract we have with you.

Our legitimate business interests in (among other things) delivering our Services, conducting commercial research, improving and maintaining our Services, protecting the security or integrity of our databases, protecting our business or reputation, taking precautions against legal liability, dealing with our assets in the event of a business change, protecting and defending our legal rights or property, or for resolving disputes, investigating and attending to inquiries or complaints with respect to your use of our Services;

Your explicit and freely given consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose.

Compliance with a legal obligationwhen we use your personal information to comply with laws, a court order, a warrant or other relevant legal instrument.

Given our commitment to compliance as a company, it is unlikely that Spherity will rely on the grounds of legitimate interests, owing to loopholes and grey areas arising out of this ground which do not lend well to the protection of personal data for a data subject.

Third-country transfers of personal data

These consist of transfers out of the European Economic Area. Whenever we transfer personal information to countries outside of the European Economic Area, we ensure that the information is transferred in accordance with this Privacy Policy and as permitted by the applicable laws on data protection. We rely on European Commission adequacy decisions or use contracts with standard safeguards published by the European Commission. This is for example, how we use HubSpot in a compliant way, as explained above.

What are your data rights?

If you have personal data processed by Spherity, you are a "data subject". As a data subject, you have a number of rights which we, Spherity, as the data controller for your data, must uphold.

Right to information (Art. 15 GDPR)

Data subjects have the right to obtain information about whether and, if so, what information is stored about them and for what purposes. Art. 15 GDPR conclusively regulates which information must be made available to the data subject. In addition, he or she is also entitled to a free copy of the data.

Right to rectification (Article 16 of the GDPR)

Pursuant to Article 16 of the GDPR, the data subject has the right to demand that the controller rectify any inaccurate personal data without undue delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

Right to erasure (Art. 17 GDPR)

The data subject has the right to request from the controller that personal data concerning him or her be erased without undue delay and the controller is obliged to erase personal data without undue delay.

Right to restriction of processing (Art. 18 GDPR)

The data subject has the right to request the controller to restrict the processing of his/her data.

Right to data portability (Art. 20 GDPR)

The data subject has the right, provided that the conditions are met, to receive the personal data concerned that he or she has provided to a controller in a structured, commonly used and machine-readable format and he or she has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided.

Right to object (Art. 21 GDPR)

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f). This can be done both in automated and electronic form.

If you want to act on one of these rights, you can make a request. Upon receiving a request, we have one month to act on your request. If you would like to make a request, please contact us at: info@spherity.com

How long do we keep your data for?

Spherity will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology. For further information, visit: allaboutcookies.org

How do we use cookies?

Spherity uses cookies in a range of ways to improve your experience on our website, including:

Helping to understand how you use the website
Helping to aggregate data about the performance of the website
Google analytics as described above

For any cookie on Spherity's website, regardless of whether it collects personal data or not, Spherity has the cookie disabled by default. This is important given the CJEU ruling in the Planet 49 case which ruled that any pre-ticked cookie boxes do not constitute valid consent.

How to manage cookies

You can set your browser not to accept cookies. You can block cookies by installing a browser add-on such asPrivacy Badger or uBlock Origin. However, in a few cases, some of our website features may not function properly as a result.

Children

Spherity's services are not directed to children and/or persons under the age of majority in their respective jurisdictions. Spherity do not knowingly collect personal data from individuals under eighteen (18) years of age. Any data found to be collected from a person under the age of eighteen will be expressly removed, unless we receive explicit permission from a parent or legal guardian.

Changes to our privacy policy

Spherity keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 26 Mar 2024.

Contact us

If you have any questions about Spherity's Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at: info@spherity.com
Mail address: Emil-Figge-Straße 80, 44227 Dortmund, Germany

Competent supervisory authority

Should you wish to report a complaint or if you feel like Spherity has not addressed your concern in a satisfactory or timely manner, you may contact the relevant competent supervisory authority.

The supervisory authority responsible for our company is State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.

Kavalleriestr. 2-4, 40213, Düsseldorf
Telephone: +49 (0)211 38424-0
poststelle@ldi.nrw.de