Spanflug Technologies privacy policy GmbH

Status: February 25, 2025

 

This privacy policy provides you with an overview of the processing

of your personal data in the context of the use of the offers and online services within the website on Spanflug.de and all associated domains (the “Website”). This Privacy Policy also informs you about your rights under the EU General Data Protection Regulation (“GDPR”). Personal data is understood to be all information that makes it possible to identify you as a person.

 

Spanflug Technologies GmbH, Lindwurmstraße 76, 80337 Munich, e-mail: info@spanflug.de is responsible for data processing within the framework of the website.

 

There is no legal or contractual obligation to provide us with the personal data specified in this privacy policy and you can generally use our website without providing personal data. However, it may be necessary to provide personal data if you use certain functionalities on our website or if you conclude a contract with us (for example, because you commission us to provide services).

 

1) General information on the use of cookies

 

Cookies can be used on our Website to provide content and functions. Cookies are small text files that are stored on your computer to recognise you. Details on the cookies used can be found below under the respective processing purposes.

 

The Website generally uses the following types of cookies, the scope and functionality of which are explained below: transient cookies and persistent cookies. Transient cookies are automatically deleted when you close the browser. These include, in particular, the session cookies. These store a session ID with which various requests from your browser can be allocated to the joint session. This allows your computer to be recognised when you return to our Website. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the type of cookie.

 

The legal basis for the processing of personal data using cookies is article 6 (1) (b) GDPR for cookies that are absolutely necessary for the services you use; for all other cookies the legal basis is your consent given pursuant to article 6 (1) (a) GDPR. If you have given your consent to the use of certain cookies via our cookie notice, you can revoke your consent at any time with effect for the future by calling up the cookie notice again (bottom left of the page).

 

You can also delete cookies in the security settings of your browser at any time or set your browser to reject all cookies. Your browser may also have an anonymous browsing feature. However, if you disable all or certain types of cookies in your browser, our Website may not function properly.

 

2) Which personal data we process and the sources they originate from

 

In order to provide our Website, we process personal data from various sources. These are data on the one hand that we automatically process for each visitor who accesses the Website. And on the other hand, these can also be data that you have voluntarily provided to us or that are only processed when you use certain services on our Website.

 

a) Data that we automatically collect when you visit our Website

 

As soon as you visit the Website, you send technical information to our web servers, which we store in server log files. Amongst other things, these “usage data” include:

 

  • the date and time of the visit and the duration of use of the Website;

 

  • the IP address of your device;

 

  • the referral URL (the website from which you may have been referred);

 

  • the sub-pages of the Website or sub-pages of the app visited; and

 

  • further information about your device (device type, browser type and version as well as settings, installed plug-ins, operating system).

 

We process these data to enable you to use the Website and to ensure the Website functions properly. In addition, we process the usage data to analyse how the Website is performing, to continuously improve the Website and the services we offer and to correct errors or to optimize the content on the Website for you. We also process the usage data to ensure IT security and that our systems are operating properly as well as to prevent or detect misuse, in particular fraud. These server log files are deleted at regular intervals when the data are no longer required for the above purposes.

 

In order to identify errors, malfunctions or performance problems on our Website, we use the service provider Sentry (https://sentry.io/welcome/). The log data sent to Sentry in the event of an error may contain personal data, such as your IP address. The legal basis for the processing of your data is article 6 (1) (f) GDPR.

 

We use the log aggregation, monitoring and alerting services of Datadog, Inc (620 8th Ave, 45th Floor, New York, NY 10018 USA). The log data may contain personal data (e.g. IP addresses). The log data is stored within the EU. Datadog has undertaken to comply with appropriate technical and organizational measures for data security within the framework of an order processing contract (Art. 28 GDPR) and acts on our behalf in accordance with our instructions. Further information on Datadog’s data protection can be found at https://www.datadoghq.com/legal/privacy/.

The legal basis for the processing of this data is Art. 6 para. 1 lit. f GDPR.

 

b) Data we collect when you use certain functions on our Website

 

We also process personal data to provide certain functions on our Website, such as internal user areas, shopping cart functions, contact forms, other interactive elements.

 

The legal basis for the processing of these data is article (6) (1) (b) GDPR if the underlying data processing is required for the provision of the corresponding services, or article (6) (1) (a) GDPR if we process data based on your consent. In addition to being used to provide the services, your data may also be used to ensure IT security, to detect and prevent misuse and to optimize our services, in which cases the legal basis is article (6) (1) (f) GDPR. Cookies are only used for these purposes if this is indispensable for the provision of the content and functionalities or if you have given your consent to this.

 

Registration, internal user areas and ordering functions

 

If you would like to register on our Website, e.g., to order a component or a SaaS subscription, we also collect and process the data you provide during registration (e.g., name, e-mail address, telephone number, address, where applicable). We store your data until you decide to delete your user account.

 

Contact forms and application forms

 

In addition to the data we receive from all visitors, we also process data if you use our contact forms or application forms. We store data relating to your title, company name, your name, address (street name, postcode, city), telephone number, e-mail address and the content of your request (you can see the details in the respective contact form). We store these data for as long as is necessary to process your request or, in the case of requests via the contact form, where Spanflug can claim a legitimate interest in communicating with interested parties and future contractual partners.

 

If you have applied for a vacancy using the application form and we were unable to offer you the position at the time of your application, we will only continue to store your data after you made your application to facilitate a renewed application, or to inform you about other vacancies that may be of interest to you in the future. We will only do so if you have given us your prior consent.

 

Manufacturing requests

 

We also process the data that your provide to us for the evaluation of your manufacturing request.

 

Newsletter

 

We process the personal data you provide when subscribing to our newsletter (including your email address). It is possible to unsubscribe to the newsletter at any time and this can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your personal data unless you have expressly consented to the further use of your data.

 

Payment

 

Our website uses Stripe, a service provided by Stripe Inc, 354 Oyster Point Boulevard, South San Francisco, California, 94080, USA, for payment processing and subscription management for our software-as-a-service offering. This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR).

 

In this context, the following data is transmitted to Stripe as far as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b. DSGVO):

  • E-mail address

 

  • Phone number

 

  • Cardholder name

 

  • Billing address

 

  • Sales tax number

 

  • Bank details

 

  • Credit card data

 

  • Credit card validity period

 

  • Credit card verification number (CVC)

 

Stripe has a dual role in data processing activities as a controller and processor. As a controller, Stripe uses your submitted data to fulfill regulatory obligations. This corresponds to Stripe’s legitimate interest (pursuant to Art. 6 (1) lit. f DSGVO) and serves the performance of the contract (pursuant to Art. 6 (1) lit. b DSGVO). We have no influence on this process.

 

Stripe acts as a processor in order to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with the data protection regulations within the meaning of Art. 28 GDPR.

 

Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

 

For more information about opt-out and removal options with respect to Stripe, please visit: https://stripe.com/privacy-center/legal

 

Online conferences and meetings

 

We use ClickMeeting, a product of ClickMeeting spółka z ograniczoną odpowiedzialnością located in al. Grunwaldzka 413, 80-309 Gdansk, Poland, to hold online information events, conferences and meetings.

 

If you participate in such an online event, the personal data you provide, e.g. first and last name, as well as the chat messages you write will be transferred to ClickMeeting. If you allow the transmission of your camera and microphone recordings, these will also be transmitted to ClickMeeting. This data can be viewed by the event organizer.

 

ClickMeeting has undertaken to comply with appropriate technical and organizational measures for data security as part of an order processing contract (Art. 28 GDPR) and acts on our behalf in accordance with our instructions.

Further information on Clickmeeting’s privacy policy can be found at https://clickmeeting.com/legal

 

c) Data that we collect to optimize our Website and for advertising purposes

 

Personal data is also processed for the optimization of our website.

The legal basis for the processing of this data is Art. 6 para. 1 lit. f GDPR, if we can assert an overriding interest in the processing of this data (e.g. to improve our website and our services or to facilitate the use of our website), otherwise your consent in accordance with Art. 6 para. 1 lit. a GDPR. If cookies are used for these purposes, this will only take place if you have given your consent.

 

Provision of personalised content

 

We use your data to provide you with a personalised Website based on your personal settings and preferences (e.g., displaying our Website in your local language). For example, your computer’s IP address is used to identify your geographic location and provide you with localised content in your local language. However, we will never process and analyse your personal data as part of this user profile in such a way that this would result in an automated decision that would be legally effective for you or which would have a significant effect on you in a similar way.

 

Google Analytics

 

Our website uses Google Analytics, a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ireland”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”). Google Analytics uses cookies and helps us to analyse user numbers and the general behaviour of visitors to our Website.

 

The information generated by the cookie about your use of our Website (ID, browser type/version, operating system used, referrer URL, shortened IP address, time of server request) is usually transmitted to a Google server in the USA and stored there. However, in the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area, your IP address will first be shortened by Google on our website. For this purpose, we have implemented the code “gat._anonymizeIp() ;” to ensure the anonymous collection of IP addresses (also known as IP masking).

 

The complete IP address will only be transmitted to a Google server in the USA in exceptional cases and then shortened there. If personal data is transferred to the USA by way of exception, a high level of data protection is ensured through the conclusion of so-called standard contractual clauses.

 

Google will use the information about your use of our Website to analyse your use of the Website on our behalf in order to compile reports on website activities and to provide further services relating to the use of the Website and the internet. The IP address transmitted by your browser as part of Google Analytics and Google Tag Manager is not combined with other Google data.

 

More information on the terms of use and data protection can be found under http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/privacy/.

 

Google Ads and Microsoft Advertising (advertisements on third-party websites)

 

We use Google Ads and Microsoft Advertising to display advertisements on the Google search engine or on third-party websites. With Google Ads and Microsoft Advertising, targeted advertisements can be shown based on the user data available at Google. As a website operator, we can interpret these data by analysing, for example, which search terms have led to the display of our advertisements and which advertisements are particularly effective. This allows us to optimize our offer and our advertisements.

 

Hubspot

 

Our Website uses Hubspot, a service provided by Hubspot, Inc, 25 First Street, Cambridge, MA 02141 USA. In this context, we use the “EU hosting option”, where Hubspot processes personal data from the EU mainly within the EU, see https://legal.hubspot.com/de/hubspot-regional-data-hosting-policy.

 

Hubspot uses cookies and works on our behalf to analyse visitor behaviour on our Website. The information generated by the cookie about your use of our Website (ID, browser type/version, operating system used, referrer URL, shortened IP address, time of server request) is usually transmitted to a Hubspot server operated in the USA and stored there.

 

In addition, we use Hubspot for online marketing activities such as:

 

  • E-mail marketing (newsletters and automated mailings, e.g., to provide downloads)

 

  • Social media publishing & reporting

 

  • Reporting (e.g. traffic sources, accesses, etc. …)

 

  • Contact management (e.g. user segmentation & CRM)

 

  • Creation of contact forms

Hubspot has undertaken to comply with appropriate technical and organizational measures for data security as part of an order processing contract (Art. 28 GDPR) and acts on our behalf in accordance with our instructions.

More information on the terms of use and data protection can be found under
https://legal.hubspot.com/privacy-policy.

 

YouTube

 

Our website uses a plugin provided by YouTube to display embedded videos. The operator is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you watch an embedded YouTube video on our website, a connection to the YouTube servers is established. YouTube is informed which page you are visiting. If you are logged in to YouTube, YouTube can assign your surfing behavior to your account. You can prevent this by logging out of YouTube. We use YouTube in “extended data protection mode”. This means that YouTube data is not stored when you load our website, but only when you play a video embedded on our website. You can find more information on the use of your data in YouTube’s privacy policy: https://policies.google.com/privacy.

 

Google Web Fonts

 

For uniform display, our website uses web fonts provided by Google. When you visit our site, a connection to Google servers is established in order to load these web fonts into your browser cache. Through this connection, it becomes apparent to Google that your IP address has visited our website. For more information about Google Web Fonts and the use of your data, please visit. https://developers.google.com/fonts/faq and
https://www.google.com/policies/privacy/.

 

Hotjar

 

This website uses the web analysis service of Hotjar Limited (“Hotjar”) based on the consent of the website visitors. Hotjar uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the website. In addition, Hotjar will use this information to evaluate your use of the website and to compile reports on website activity.

 

d) Processing of personal data for other purposes

 

In addition, we may process your data for other purposes. This includes, for example, sharing your personal data with third parties if we are legally obliged to do so, but also to assert legal claims or defend against legal disputes. In these cases, the legal basis is either a legal obligation (article 6 (1) (c) GDPR) or our legitimate interests (article 6 (1) (f) GDPR).

 

e) Specific details regarding the processing of employee data

 

The data provided as part of the execution of the contract, along with any additional data processed based on your consent, is used exclusively for the execution of the employment relationship. Recipients of this data may include public organizations, such as tax offices or social security institutions, when required by overriding legal provisions. Additionally, external service providers or contractors, such as those responsible for data processing, hosting, payroll accounting, travel expense accounting, or insurance services, may gain access to the data. Other external organizations may also receive data if the data subject has given consent or if a transfer is permitted due to legitimate overriding interest. No processors outside the European Union are engaged. Data is stored in compliance with statutory retention obligations, which typically require a retention period of 10 years.

 

3) Who we share your data with

 

In addition to the service providers listed above, we only share your personal data to third parties if this is necessary for the collection and processing of your production enquiry (e.g., to suppliers), and in cases where you have previously given your separate consent to your data being shared.

 

We also transfer your data to our hosting and cloud service providers, which enable us to provide the website. The automated e-mail dispatch takes place via our e-mail service providers. In addition, we use external CRM-, Payment-, Accounting and communications service provider.

 

Our service providers have undertaken, among other things, to comply with the appropriate technical and organisational data security measures within the framework of a processing agreement (article 28 GDPR) and act on our behalf in accordance with instructions. Additional service providers may be commissioned to improve our products, all of whom are bound by instructions.

 

4) Data processing outside the EEA

 

In some cases, the use of the abovementioned service providers means your data will be transferred to countries outside the EEA (“Third Countries”). In this case, we ensure that either an adequacy decision of the EU Commission is available for the respective Third Countries or that the so-called EU standard contractual clauses have been agreed with these providers to ensure processing security and an adequate level of data protection. Please contact the address below for further information on the contracts that have been entered into.

 

5) Storage duration

 

We will process and store your personal data as long as necessary to fulfil our contractual or statutory obligations. Therefore, we generally store the data (unless otherwise stated in this Privacy Policy) for as long as our contractual relationship with you exists and after termination only to the extent and for as long as is required by the applicable laws. If the other data are no longer required to fulfil legal obligations (such as under tax or commercial law), they are deleted on a regular basis unless their further processing is necessary for the preservation of evidence or for the defence or assertion of legal claims. For the preservation of evidence, for example, your IP address and the exact time of issue are required, if you have given us consent.

 

6) Your statutory rights under the GDPR

 

You can exercise the following rights under the GDPR in relation to your personal data:

 

  • your right to information or access pursuant to article 15 GDPR,

 

  • your right to rectification pursuant to article 16 GDPR,

 

  • your right to erasure pursuant to article 17 GDPR,

 

  • your right to restriction of processing pursuant to article 18 GDPR, and

 

  • your right to data portability pursuant to article 20 GDPR.

 

In addition, you have the right to object to the processing of your personal data under the provisions of the GDPR. The objection does not need to meet any specific form requirements.

 

For all data protection inquiries, please contact us by email at info@spanflug.de or at the contact address of the data controller given above.

 

7) Amendment of this privacy policy

 

In order to keep this information up to date, this Privacy Policy is updated on a regular basis. Please look at this Policy at regular intervals to ensure your information is up to date. This Agreement is subject to German law.
This Agreement has been drawn up in German and in English. Only the German version is authoritative.