Privacy Notice - SPRIND GmbH

We are pleased that you are visiting our website.

PRIVACY NOTICE PURSUANT TO ART. 13 EU GENERAL DATA PROTECTION REGULATION (GDPR)

Data protection and security are important to us. Therefore, we would like to inform you about which of your personal data we collect when you visit our website, contact us, sign up for our newsletter or an event, or submit a project proposal, for what purposes this data is used, and what data protection rights you are entitled to.

The responsibility for data processing lies with the organization SPRIND GmbH (hereinafter referred to as SPRIND, we or us).

Note: Amendments to this Privacy Notice

Due to changes in legal or regulatory requirements as well as the further development of technical standards and our offerings, adjustments to this privacy notice may become necessary. Accordingly, it is regularly reviewed for the need for amendments or additions. The privacy notice may therefore be modified at any time with effect for the future.

Version of this Privacy Notice: May 2026

I. CONTROLLER AND DATA PROTECTION OFFICER

1. Controller

The controller within the meaning of the GDPR and other national data protection laws of the EU member states (Federal Data Protection Act for the Federal Republic of Germany, hereinafter BDSG) and other data protection provisions is:

SPRIND GmbH, Lagerhofstr. 4, 04103 Leipzig

Management Board: Ms. Berit Dannenberg and Mr. Rafael Laguna de la Vera, Email: INFO@SPRIND.ORG

2. Data Protection Officer

If you have any questions regarding data protection, a data protection officer appointed for SPRIND is available at the following business address: SPRIND GmbH, Lagerhofstr. 4 , 04103 Leipzig, Email: DATENSCHUTZ@SPRIND.ORG

The processing of personal data in detail

The GDPR grants you, as a data subject, certain rights in relation to your personal data. These include:

a. Right of Access (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed. If this is the case, you have the right to access to this personal data and to the information listed in Art. 15 GDPR.

b. Right to Rectification (Art. 16 GDPR)

You have the right to request without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete data.

c. Right to Erasure (Art. 17 GDPR)

You have the right to request that personal data concerning you be erased without undue delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.

d. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g., if you have objected to the processing, for the duration of the controller’s assessment.

e. Right to Data Portability (Art. 20 GDPR)

In certain cases, as listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format, or to request the transmission of this data to a third party.

f. Right to Withdraw Consent (Art. 7 GDPR)

If data is processed based on your consent, you are entitled under Art. 7(3) GDPR to withdraw your consent to the use of your personal data at any time. Please note that the withdrawal only takes effect for the future. Processing that occurred prior to the withdrawal is not affected.

g. Right to Object (Art. 21 GDPR)

WHERE DATA ARE COLLECTED ON THE BASIS OF ART. 6 (1) (F) GDPR (PROCESSING TO SAFEGUARD LEGITIMATE INTERESTS) OR ON THE BASIS OF ART. 6 (1) (E) GDPR (PROCESSING IN THE PUBLIC INTEREST OR IN THE EXCERCISE OF OFFICIAL AUTHORITY), YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO SUCH PROCESSING. UNLESS COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING CAN BE DEMONSTRATED THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS, WE WILL NO LONGER PROCESS THE PERSONAL DATA.

h. Complaint to a Supervisory Authority

You also have the right, under Art. 77 GDPR, to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. The supervisory authority responsible for us is:

The Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Graurheindorfer Str. 153, 53117 Bonn

Phone: +49(0)228 997799-0
Email: poststelle@bfdi.bund.de

De-Mail: poststelle@bfdi.de-mail.de

Contact: Link

Note: You may, however, also submit your complaint to any other supervisory authority.

i. Exercising Your Rights

Unless otherwise stated above, please contact the entity mentioned in Section I to exercise your data subject rights.

j. Processing When Exercising Your Rights

If you wish to exercise your rights pursuant to Articles 15 to 22 of the GDPR, we will process the personal data you provide in order to implement these rights and to provide evidence thereof. We will process the data stored for the purpose of providing information and preparation exclusively for this purpose and for data protection control purposes; otherwise, we will restrict the processing in accordance with Art. 18 GDPR.

K. NO OBLIGATION

As a rule, you are under no legal or contractual obligation for you to provide us with your personal data. However, if you do not provide certain required data, we may be able to provide our services only to a limited extent or not at all.

We take technical and organizational measures to protect your data as comprehensively as possible against unwanted access. We use an encryption method on our website. Your information is transmitted from your computer to our server and back via the internet using TLS encryption. You can usually recognize this by the closed padlock symbol in your browser's status bar and the fact that the address line begins with https://. This privacy notice applies to the processing of data in connection with your visit to our website as well as to our handling of data from interested parties, service providers, applicants, submitters, and partners.

In the event that we refer to websites of other providers, the privacy notice and statements of those providers apply.

1. Type and Scope of Data Processing

Each time our website is accessed, our systems collect data and information from the accessing device that it transmits to us automatically. In particular, the following log files are processed:

Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Date and time of the server request
IP addresses for backend log

Information on the processing of other meta and log files through the use of, for example, Umami, YouTube, Vimeo, or social media channels, etc., can be found below.

2. Purpose and Legal Basis for Data Processing

The temporary storage of the IP address and, where applicable, other log files by the systems each time our web pages are accessed is necessary to enable the website to be provided on your device. The temporary storage is necessary to route communications between users and our services, or is required to enable you to use our services.

The legal basis for this data processing, i.e., for the duration of your visit to our website, is Art. 6(1)(f) GDPR.

Processing and storage of the IP address and log files beyond the communication process take place to ensure the functionality of our services, to optimizing these services, and to ensure the security of our information technology systems.

The legal basis for storage of the IP address beyond the communication process for these purposes is Art. 6(1)(f) GDPR.

3. Duration of Storage

The data are stored for as long as it is required to achieve the aforementioned processing purposes. In the case of data collection for providing our website, this is the case when the respective session, i.e., the website visit, has ended.

Storage of log files, including the IP address, for the purposes of system security and optimization of our services takes place for a maximum period of 14 days after the user’s access to the page has ended.

4. Hosting

Our website is hosted by a hosting service provider. Processing takes place on servers in Germany. When you access our website, the hosting service provider processes server log files for technical reasons (in particular IP address, date and time of access, page/file accessed, status code, volume of data transferred, and information about the browser/operating system used and referrer). Processing takes place for the purpose of providing the website and ensuring stability and security (e.g., error analysis and defense against attacks). The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in secure and efficient website operation). The hosting service provider acts as our processor (Art. 28 GDPR). Processing outside the EU/EEA generally does not take place in the context of hosting, unless stated otherwise. Server log files are stored only for as long as necessary for the purposes stated and are then deleted or anonymized.

1. Type and Scope of Data Processing

When a project proposal is submitted via the provided form, the submitted data, such as name, email address, position, topic/concern, as well as further information and details about the proposed project, will be processed by us.

2. Purpose and Legal Basis

All personal data is processed exclusively for the following purposes:

Responding to inquiries
Assessing your project proposal
Continued retention in order to make contact later and re-reassessing your project proposal in case of rejection
Selection of experts for assessment of project proposals with breakthrough innovation potential
Coordinating and discussing the assessment of project proposals that have the potential to be breakthrough innovations with the SPRIND team, innovators and other experts as well as
Initiating, establishing, executing and terminating contractual relationships
In order to offer support during SPRIND Challenges with the SPRIND team, innovators and other experts

The legal basis for processing your personal data for the aforementioned purposes are:

Insofar as your consent is required, Art. 6(1)(a) GDPR. You can withdraw the consent you have granted us at any time by contacting info@sprind.org
Art. 6(1)(b) GDPR, if submission of project proposal is made with the aim of establishing or implementing a contract
Art. 6(1)(e) GDPR, if the contact is made, for example, with regard to questions about possible SPRIND funding or we process the provided data in the context of the selectinon of project proposals
Art. 6(1)(f) GDPR, if the contact is made for other purposes. The legitimate interest arises from the necessity of processing your data in order to respond to your inquiry (see also Section V. Other Contact via Email or Contact Form)

3. Further Retention for Later Contact and Re-Review of Your Project Proposal in the Event of Rejection

If you grant us your consent, we retain your personal data (in particular contact details and project proposal data) beyond the initial assessment for a maximum of three years based on Art. 6(1)(a) GDPR, to enable later contact and re-assessment.

You may withdraw your consent at any time, for example by contacting info@sprind.org (see also Section II).

4. Sources of Personal Data

We process data that is provided to us via form, email, post, or telephone.

5. Storage Duration

Data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. We delete your data unless we no longer need it and no legal retention obligations (ten years, pursuant to Section 147(1) AO; six years, pursuant to Section 257(1) HGB) oppose this. Generally, data is deleted when it is no longer needed to answer your inquiry. Project data for which further retention has been consented to will be deleted after three years or upon withdrawal of consent; all other project data will be deleted after the Challenge ends. If the data is assigned to a contractual relationship, the storage period is based on the respective term.

6. Possible Consequences of Non-Provision

There is no legal obligation to provide the data. However, if you choose not to provide it, we will not be able to consider the project proposal.

We hold events. We need your data in order to organize and carry out the event. Registration generally takes place online. Depending on the event, different data may be required.

1. Events

a. Type and Scope of Processing

We process your personal data to the extent necessary for the purpose of planning and conducting events as well as for registration and participation management. The data processing also serves to facilitate networking among participants.

b. Legal Basis

The processing of personal data serves the fulfillment of SPRIND's tasks (Art. 6(1)(e) GDPR). There is an increased public interest in receiving information about the content of the event, the participating individuals, and the framework conditions. If you participate in an event as a speaker, for example, the legal basis is the contract or pre-contractual measures relating to the organization of an event and/or participation in an event pursuant to Art. 6(1)(b) GDPR.

c. Sources of Personal Data

We process data that you have provided to us via the online form.

d. Categories of Personal Data

If you register for an event with us, we process your contact details.

e. Storage Duration

With regard to data processing on the legal basis of Art. 6(1)(e) GDPR, you have the right to object at any time pursuant to Art. 21(1) GDPR on grounds relating to your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

In the case of consent, we store your data until you withdraw your consent. You can withdraw your consent by email to info@sprind.org or by sending a message to the responsible party mentioned in Section I.

f. Possible Consequences of Non-Provision

There is no legal obligation to provide the data. If you choose not to provide the required mandatory information for the event, we cannot register you for the event.

2. Virtual Events

In order to conduct virtual events (conference calls, online meetings, video conferences, and/or webinars), we use Zoom. Zoom is a service of Zoom Video Communications, Inc., located at 55 Almaden Blvd., San Jose, CA 95113, USA.

Notes:

If you visit Zoom's website, Zoom is responsible for data processing. However, visiting the website is only necessary to download the software for using Zoom.
You can also use Zoom if you enter the respective meeting ID and, if applicable, other access data for the meeting directly in the Zoom app.
If you do not want to or cannot use the Zoom app, the basic functions are also available via a browser version, which you can also find on Zoom's website.

a. Type and Scope of Processing

We process your personal data to the extent necessary for the purpose of organizing, conducting, and follow-up of virtual events as well as for registration and participant management. In doing so, we process data particularly in the context of SPRIND's public relations. The data processing also serves to facilitate networking among participants.

For this purpose, it may be necessary for us to process, among other things, the personal data provided during registration or sign-up in order to continue informing participants after the event (e.g., links to recordings, presentation materials, consolidated Q&A documents, and references to further content).

To facilitate communication and improve webinar results, participants may compose chat messages and thus actively participate in virtual events. These chat messages are visible only to us and the sender, not to other webinar participants and not in any recording.

b. Legal Basis

We generally process your data in the context of virtual events on the basis of Art. 6(1)(b) GDPR, to the extent that the meetings are conducted within the framework of (pre-)contractual relationships.

If you participate in a virtual event as a speaker, for example, the legal basis is the contract or pre-contractual measures for the conduct of or participation in a virtual event pursuant to Art. 6(1)(b) GDPR.

Should no (pre-)contractual relationship exist, we process your data on the basis of Art. 6(1)(e) GDPR. The processing of personal data serves the fulfillment of SPRIND's tasks. There is an increased public interest in receiving information about the framework conditions and content of SPRIND funding measures (e.g., so-called Funken and Challenges) that are provided within the framework of virtual events, as well as SPRIND's interest in achieving well-attended virtual events.

The legal basis for processing your personal data with regard to chat messages is your consent given voluntarily by writing and sending them pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future by simply not writing any further chat messages.

The audio or video recording function and the use of functions that are not necessary for a virtual event are used by us only on the legal basis of consent from the data subjects pursuant to Art. 6(1)(a) GDPR. The consent declaration is obtained in advance, if required.

For the smooth operation as well as for proper assurance and IT security of our IT systems, Art. 6(1)(f) GDPR is the legal basis for our legitimate interest in protecting the availability and functionality of our systems.

c. Sources of Personal Data

We process data that you have provided to us via the form provided for registration or sign-up.

d. Categories of Personal Data

If you register with us for a virtual event, we process, among other things, the following data:

When using Zoom (in particular: registration, sign-up, conduct), various types of data are processed. The scope of the data also depends on what information you provide before or during participation in a virtual event.
The following personal data may be subject to processing:

Note: To participate in a virtual event or enter the meeting room, you must provide at least your name.

During registration:

Registrant Information

First name, last name, phone (optional);valid email address (business/private);Professional information (position, company, public reference link, area of work, and LinkedIn profile (optional)); Analytics data (sources through which you became aware of us)

During the Conduct of the Virtual Event

User Information	Displayed usernameEmail address (if applicable)Profile picture (optional); preferred language (if applicable)
Meeting Metadata	Description (optional);Participant IP addresses;Device/hardware information;Location, time, meeting ID, duration
For Recordings (optional)	MP4 file of all video, audio, and presentation recordings;M4A audio file of all audio recordings;Text file of the online meeting chat
When Dialing in by Phone	Incoming and outgoing phone number, country name, start and end time;additional connection data such as the device's IP address may also be stored
Text, Audio, and Video Data	You might have the option to use the chat, question, or poll functions during a virtual event. To this extent, the text inputs you provide will be processed in order to display them in the online meeting and to record them if necessary (Optional, if enabled) To enable the display of video and playback of audio, the data from your device's microphone and from any video camera of the device may be processed accordingly during the meeting In this case, you can turn off or mute the camera or microphone at any time yourself via the Zoom application
When Using the Chat	Your message(s)
When Participating in a Poll	Your response(s) to the poll

e. Storage Duration

Your data will be processed for the specific purpose of organizing and administering a virtual event and will be deleted once the purpose for processing has ceased to exist. Data deletion will be carried out in compliance with statutory retention periods: six (6) years for correspondence, and ten (10) years in the event of any invoicing.

In the event of consent for continued use of data for marketing or, for example, for receiving email newsletters, we will store your data until you withdraw your consent. You may withdraw your consent by sending a message to info@sprind.org or to the responsible party mentioned in Section I.

f. Recipients

Unless specifically intended for disclosure, personal data processed in connection with participation in webinars is generally not disclosed to third parties.

Zoom necessarily becomes aware of the aforementioned data to the extent provided for in the processor agreement concluded with the service provider.

g. Possible Consequences of Non-Provision

There is no legal obligation to provide the data. If you choose not to provide the required mandatory information indicated in the form for the event, we will not be able to register you for the virtual event.

h. Data Transfer to a Third Country – Zoom

Data is also transferred to the USA. The transfer of data to a third country, such as the USA, is permitted under the conditions set forth in Art. 46 GDPR and on the basis of an appropriate safeguards. An adequate level of data protection is guaranteed, on the one hand, by the conclusion of the so-called EU Standard Contractual Clauses. These have been approved by the European Commission and guarantee you appropriate protection of your personal data. You can access the Standard Contractual Clauses on the European Commission's website (https://commission.europa.eu/publications/publications-standard-contractual-clauses-sccs_en). The provider of Zoom is also certified under the so-called EU-U.S. Data Privacy Framework (DPF). We have concluded a data processing agreement with the provider of Zoom that meets the requirements of Art. 28 GDPR. As additional protective measures, we have also configured Zoom such that only data centers in the EU, the EEA, or secure third countries such as Canada or Japan are used for the conduct of virtual events.

You can find Zoom's privacy notice at: https://www.zoom.com/en/trust/privacy/privacy-statement/. There you will also find further information about your rights and settings options to protect your privacy.

1. TYPE AND SCOPE OF PERSONAL DATA PROCESSING

We collect, process, and use your personal data in order to process your (online) job application. The necessary organizational and technical measures ensure that your personal data is treated confidentially in accordance with legal regulations.

In the event of rejection, your data and documents will be deleted or destroyed six (6) months after the completion of the application process, unless you expressly consent to storage for a longer period.

In the event that we refer to websites of other providers, the data protection notices and declarations of those providers apply.

The following categories of personal data may be processed within the framework of the application process:

Contact details (first and last name, address)
Communication data (phone number, mobile number, email address)
Personal data (date of birth, place of birth, nationality, marital status, gender)
Job-related and personal data (availability, willingness to relocate and travel, work permit)
Qualification data (school graduation, vocational training/studies, language skills, and professional abilities)
Data on previous career history (curriculum vitae, training and employment references, proof of qualification, certificates)
Application photo, application history
If applicable, special information due to the position to be filled (assessment)
Data on evaluation and assessment in the application process

Special categories of personal data (information on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual orientation, genetic and biometric data) are not deliberately requested or collected by SPRIND (with the exception of voluntary disclosure of any severe disability). Accordingly, we kindly ask you not to provide any information on the above criteria as part of your application. To the extent that special categories of personal data within the meaning of Art. 9(1) GDPR are voluntarily provided during the application process, their processing is additionally based on Art. 9(2)(b) GDPR. In the event that we invite you to an interview and you wish to claim travel expenses in this context, we will also request your bank details in order to use them for the payment of your travel expenses.

We generally process your personal data only when necessary, in particular for:

Use of our website by interested parties
Responding to contact inquiries and communication
Processing your application
Conducting the application process with the aim of assessing your suitability for the advertised position or possibly for another open position
Potentially entering into an employment contract with you

2. DATA ORIGIN, PURPOSES, AND LEGAL BASES FOR DATA PROCESSING

a. Origin of Data

Basically, we receive the data directly from you as part of the application process. If you have participated in an external online assessment, we receive the results/evaluations of these assessments from the service provider used for this purpose.

b. Purposes and Legal Bases for Data Processing

The purpose of data collection is to be able to subject your application to a lawful review as part of the application process. For this purpose, we store all data provided by you as part of your application. Based on this transmitted data, we review whether you can be invited to an interview as part of the selection process – also in the case of unsolicited applications. The legal basis for data collection and data processing is Art. 6(1)(b) GDPR.
If special types of personal data within the meaning of Art. 9 GDPR, such as health data, are processed, the legal basis is Section 26(3) BDSG, Art. 9(2)(b) GDPR in conjunction with Art. 6(1)(b) GDPR.
If you have granted us consent to process personal data for specific purposes, such as:
Consent to longer data storage for a spot in the talent pool

The legal basis for this processing is your consent pursuant to Art. 6(1)(a), 9(2)(a) GDPR. In this case, you have a right of withdrawal pursuant to Art. 7(3) GDPR.

For selected positions, an online assessment is planned. For this purpose, we use an external service provider (currently TestGorilla B.V., Keizersgracht 520H, 1017 EK, Amsterdam, NL). If you are shortlisted for such a position, we will invite you to complete an online assessment by email. This regularly requires prior transmission of some personal data (including name, email address) to the respective service provider in order to enable your participation. On the provider's platform, you will find more detailed information about the respective assessment and the associated processing of your personal data: https://www.testgorilla.com/privacy-policy/. Participation in such online assessments is generally based on your voluntary consent pursuant to Art. 6(1)(a) GDPR. In this case, you have a right of withdrawal pursuant to Art. 7(3) GDPR.
In the event that processing of personal data is required to fulfill a legal obligation to which SPRIND is subject, the legal basis is Art. 6(1)(c) GDPR.
If the vital interests of the data subject or another natural person require processing of personal data by SPRIND, then Art. 6(1)(d) GDPR is the legal basis.
If the performance of a task that is in the public interest or is carried out in the exercise of official authority transferred to SPRIND is required, the legal basis for the processing of personal data is Art. 6(1)(e) GDPR.
If the processing of personal data is carried out to safeguard our legitimate interests or those of a third party and this does not override the interests, fundamental rights, and fundamental freedoms of the data subject, Art. 6(1)(f) GDPR is the legal basis for processing. This is the case, for example, if after completion of the application process, assertion of legal claims or defense against claims becomes necessary, in particular under the General Equal Treatment Act (AGG) or for the protection of our employees or SPRIND for legitimate reasons (e.g., conduct or facts that would justify extraordinary termination, Section 626 German Civil Code (BGB)).
Should you, contrary to our request, have disclosed special categories of personal data to us, the collection and storage is based on Art. 9(2)(e) GDPR. No further processing takes place in this case.

3. POSSIBLE RECIPIENTS OF PERSONAL DATA

Within SPRIND, those persons and departments (e.g., HR, Team Leadership, Senior Staff, Decision-Makers, Management) receive your personal data who need it for the application process or to fulfill our contractual and legal obligations.

Your personal data is processed and stored electronically.

Our commissioned service providers may also receive your data to the extent permitted within the framework of the purposes and legal bases set out in this privacy notice. These act on our behalf and according to our instructions within the scope of their service provision (so-called processors). SPRIND ensures that these service providers can demonstrate appropriate technical and organizational measures in accordance with Art. 28 GDPR and that data processing is carried out by them in compliance with relevant data protection regulations and ensuring the protection of the rights of data subjects.

Our electronic applicant management system is operated as Software as a Service by an IT service provider (currently HRworks GmbH, Waldkircher Str. 28, 79106 Freiburg), which means that it may also gain access to the system and potentially your data within the scope of maintenance and service activities. A corresponding data processing agreement has been concluded with the service provider.

If you participate in an external online assessment, TestGorilla receives the personal data required for preparation, conduct, and evaluation. A corresponding data processing agreement has been concluded with the service provider.

Due to legal regulations, SPRIND may be obligated to provide our collected data to public authorities (e.g., tax authorities, the Federal Criminal Police Office (Bundeskriminalamt), social security authorities).

4. LOCATION OF PERSONAL DATA PROCESSING

In principle, your personal data is processed within the European Union (EU) and/or the European Economic Area (EEA).

However, when using certain tools or applications, information may be transmitted to third countries. Third countries are countries outside the EU and/or EEA where an adequate level of data protection in accordance with European requirements cannot be readily assumed. If the transmitted information also includes personal data that cannot be transmitted to the recipient pseudonymized or anonymized, we ensure the existence of appropriate guarantees. This can be ensured based on a so-called adequacy decision of the European Commission, the existence of a certification under the Data Privacy Framework Link: (https://www.dataprivacyframework.gov/), or through the use of the EU Standard Contractual Clauses provided by the EU Commission Link: pursuant to Art. 46(2)(c) GDPR.

5. DATA DELETION AND STORAGE DURATION

We store your data only for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations, or when the legal basis for storage ceases to apply.

In the event of rejection, your data will be deleted or destroyed six (6) months after completion of the application process.
If you have consented to voluntary inclusion in the talent pool and the associated storage of your personal data, data deletion will occur after twelve months, with the provision that we will generally request an update of your consent to remain in the talent pool 30 days before the end of the twelve (12) months. If you do not respond to this request or update your consent, we will remove you from the talent pool and delete your personal data and application profile.

European or national legislators provide in EU regulations, laws, or other provisions that storage with restricted processing may be permitted instead of deletion, particularly in cases of:

Fulfillment of statutory retention obligations: Fiscal Code (Section 147 AO) or Commercial Code (Section 257 HGB), six to ten years
Existence of a legitimate interest in storage: Statute of limitations for the purpose of potential legal defense (Sections 195 et seq. BGB), three to 30 years

Data will be deleted no later than when a storage period prescribed by the aforementioned regulations expires. This applies exceptionally only if further storage by SPRIND is required and there is a legal basis for this. If an employment relationship is established, your application documents will be transferred in whole or in part to your personnel file.

6. TALENT POOL

Within the framework of the application process, we review whether we can offer you a spot in our talent pool. The talent pool is a database in which we will store your applicant data in order to be able to consider you directly for a suitable open position in the future. At the beginning of your application, you have the voluntary option to consent to be included in the talent pool. The legal basis for this is Art. 6(1)(a) GDPR.

7. PROVISION OF YOUR DATA

There is, in principle, no legal or contractual obligation to provide your data. However, as part of your application, you must provide the personal data required for the conduct of the application process (marked as mandatory fields). Without this data, we cannot process your application.

8. AUTOMATED DECISION-MAKING, PROFILING

Within the framework of the application process – including the use of the online application, the talent pool, and the online assessment – no profiling within the meaning of Art. 4 No. 4 GDPR takes place. Likewise, no solely automated decision-making within the meaning of Art. 22 GDPR takes place. The results of the assessment are solely intended to assist the responsible persons in their decision-making and to enable a fair selection process. A final selection decision is always made by a human.

1. TYPE AND SCOPE OF PROCESSING

You have the option to subscribe to our newsletter on our website, through which we inform you about current developments.

For registration to our newsletter, we use the double opt-in procedure. After you have signed up for the newsletter, you will receive an email at the provided email address, in which we ask you to confirm your subscription and to confirm that you are the owner of the corresponding email address. If we do not receive your confirmation within one month, we will block your information and delete it. Once you confirm your email address, we store your IP address as well as the time of registration and confirmation in order to be able to prove your registration and clarify any misuse of your personal data.

The only mandatory information for sending the newsletter is your email address. The provision of further, separately marked personal data is voluntary and is used to address you personally. After your confirmation, we store your email address and, if applicable, further voluntary information for the purpose of sending the newsletter and optimizing the newsletter service.

2. PURPOSE AND LEGAL BASIS

To send the newsletter, we require your email address, which we store for this purpose. You may also provide additional data for personalized addressing if you wish.

The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR, as well as with regard to the storage of information in your terminal equipment as an end user and/or access to information already stored in your terminal equipment, Section 25(1) TDDDG.

3. SOURCES OF PERSONAL DATA

We process data that you have provided to us via the online form.

4. CATEGORIES OF PERSONAL DATA

If you subscribe to our newsletter, we process your email address and, where applicable, other data.

5. STORAGE DURATION

We store your data until you withdraw your consent. You can withdraw your consent by clicking on the link provided in each newsletter email, by email to info@sprind.org, or by sending a message to the contact details published above.

6. POSSIBLE CONSEQUENCES OF NON-PROVISION

There is no legal obligation to provide the data. However, if you choose not to provide your email address, we cannot send you a newsletter.

7. RECIPIENTS

We would like to inform you that our email newsletters are sent via the technical service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede (CleverReach), to whom we forward the data provided by users when signing up for the newsletter. A corresponding data processing agreement is in place. The data entered by users for the purpose of receiving the newsletter (e.g., email address) are stored on CleverReach servers in Germany or Ireland. CleverReach uses this information to send the newsletter and to perform statistical analysis of the newsletters on our behalf. For evaluation purposes, the newsletters sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This makes it possible to determine whether a newsletter message was opened and which links were clicked, if any. Technical information is also collected (e.g., time of retrieval, IP address, browser type and operating system).

Using the data obtained in this way, we may create a user profile. In doing so, we record whether and when you read our newsletters and which links you click on in these newsletters. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses may be used to better tailor future newsletters to the interests of the recipients.

Such tracking is not possible if you have disabled the display of images by default in your email program. In this case, the newsletter will not be displayed completely, and you may not be able to use all functions. If you manually allow images to be displayed, the above-mentioned tracking will occur.

As part of our public relations work, SPRIND maintains online presences within the following social networks:

X, by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, with a branch at One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
LinkedIn, by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland)
Instagram, c/o Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001
Bluesky Social, PBC, 113 Cherry Street, Suite 24821, Seattle, WA, 98104-2205 USA
Mastodon GmbH, Mühlenstraße 8A, 14167 Berlin

in order to inform users active there about SPRIND and to engage in an exchange with users. The references are identifiable on our website, among other things, by links to our presence on the respective social networks.

No social plugins are used.

We would like to point out that the terms of use of the services mentioned and linked on our website, and those of their operators, are not subject to SPRIND’s control and that you use them at your own responsibility. These services and their operators store and process personal data of their users (including IP address, the application used, details of the device you use including device ID and application ID, information about websites accessed, your location and your mobile network provider).

The data collected about you when using the services is processed according to their own policies and may be transferred to countries outside the European Union. If you have created an account/profile, these data are assigned to the data of your respective account/profile. SPRIND has no influence on the data collection and its further use by the social networks. Therefore, we have no knowledge of the extent, location and duration of data storage, the extent to which the networks comply with existing deletion obligations, what evaluations and links are made with the data, and to whom the data are disclosed.

Please refer to the respective privacy notices for information about your rights and settings options for protecting your privacy:

The services disclose your personal data to their processors and third-party service providers, which are located, among other places, outside the European Economic Area (EEA). These process the personal data obtained in this way for their own purposes, such as analysis and marketing as well as your usage behavior on external and their own websites of third-party providers. Profiling cannot be ruled out.

The personal data collected about you and that from third-party providers are transmitted to servers located mostly in the USA. If the service is certified under the Data Privacy Framework, transfer of data to the USA can be based on the agreement.

The following services we use are certified:

X Corp.
LinkedIn
Meta
Google
Vimeo

Nevertheless, it cannot be ruled out that US security authorities vested with extensive powers may access your personal data at any time and without cause. This applies even if the servers are located in Europe. No effective legal remedy is available to you against this.

You have options to restrict the processing of your data in the general settings of your respective user account or profile. In addition, on mobile devices, you can restrict the services' access to your contact and calendar data, photos, location data, etc. in the available settings. However, this depends on the operating system (OS) you are using.

Our website uses cookies. Cookies are small text files that are assigned to and stored on your hard drive by your browser through a characteristic string of characters, and through which certain information flows to the entity that sets the cookie. Cookies cannot run programs or transmit viruses to your computer and therefore cannot cause any damage. They serve to make the overall internet offering more user-friendly and effective, i.e., more pleasant for you.

Cookies may contain data that allows recognition of the device used. However, cookies sometimes only contain information about certain settings that are not personally identifiable. Cookies cannot directly identify a user.

A distinction is made between session cookies, which are deleted again as soon as the browser is closed, and permanent cookies, which are stored beyond the individual session. With regard to their function, cookies are further categorized as follows:

Technical Cookies: These are strictly necessary to navigate a website, use basic functions, and ensure the security of the website; they do not collect information about you for marketing purposes nor store which web pages you have visited
Performance Cookies: These collect information about how you use a website, which pages you visit, and, for example, whether errors occur when using the website; they do not collect information that could identify you – all collected information is anonymous and is only used to improve our website and find out what our users are interested in
Advertising Cookies, Targeting Cookies: These serve to offer the website user tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and Targeting Cookies are stored for a maximum of 13 months
Sharing Cookies: These serve to improve the interactivity of a website with other services (e.g., social networks); Sharing Cookies are stored for a maximum of 13 months

Through the use of cookies, we ensure the proper functioning of our website. It also allows us to optimize the website experience. These are the purposes of data processing.

Every use of cookies that is not strictly technically necessary constitutes data processing that is only permitted with your consent pursuant to Art. 6(1)(a) GDPR. This applies in particular to the use of advertising, targeting, or sharing cookies.

These cookies are not used on our website – we use only technically necessary cookies.

Newsletter

When signing up for the SPRIND newsletter, our privacy notice applies.

FAQ Accessibility Corporate Governance Privacy Notice Imprint Press Contact