Who are we?
Spherity GmbH is a German software company, building decentralized digital identity management solutions to power the fourth industrial revolution, bringing secure identities to enterprises, machines, products, data and even algorithms. Spherity is certified according to the information security standard ISO 27001.
Spherity GmbH is a data controller for personal data and personally identifiable information collected and processed by Spherity’s services.
Spherity GmbH can be found at:
+49 (0)231 968 197 60
Managing Directors: Dr. Carsten Stöcker, Dr. Michael Rüther
USt-IdNr.: DE 316 157 015
What data do we collect?
We collect your personal information in order to provide and continually improve our products and services.
Here are the types of personal information we collect:
- Information you give us: We receive and store any information you provide in relation to Spherity’s services. This information may comprise of:
- Your name;
- Your email address;
- Your IP address;
- Relevant metadata relating to your time on Spherity’s website;
- Conversation history with Spherity.
- Information provided to us by a third party: In the course of business with Spherity, it is reasonably foreseeable that we may receive personal data from an external source or third party.
- Information necessary to carry out our services: While using Spherity’s digital identity services, for example, personal data may be stored in Spherity’s cloud identity wallet and processed by Spherity’s digital identity agent.
How will we use your data?
Processing, collecting and disclosing our users/customers’ personal data in compliance with GDPR is important to Spherity. Accordingly, it is important to lay out exactly how we use your data.
- To carry out business activities: Spherity processes personal data that we receive from you enables us to carry out our digital identity services that we offer to you;
- To facilitate effective use of our identity services: Spherity may process and record personal data that we receive in providing data hosting and back-up services on behalf of our clients for the purpose of supporting the client in delivering identity credential-related services and digital wallet services;
- To communicate effectively with you: Spherity collects your data so that it can follow up any business activities with accuracy, drawing on interactions you have had with Spherity in the past;
- To conduct analytics: Spherity uses analytics on aggregated and anonymized data so we can continually improve our website and keep it secure;
- To market our services: If consented to, Spherity will communicate and market its services to you through mediums such as a newsletter, educational emails or sharing articles. If you have consented, you can always choose to opt-out later;
- To act on a business change: If Spherity become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we may share or transfer databases containing personal data of users including your personal data to a successor party or parties in connection with such transaction or change in ownership or legal structure;
- To act on a request for necessary disclosure: Spherity may disclose information about you to third parties if deemed necessary by law, for example, to (i) comply with a law, regulation, or mandatory request such as a warrant or court order, to (ii) Protect the any person from death or serious bodily injury, to (iii) Protect the Site or Spherity GmbH from unlawful abuse or attacks.
(a) Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of this website’s operator, Google will use this information to evaluate your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
2nd Floor, 30 North Wall Quay
Dublin 1, Ireland
Phone: +353 1 5187500
As there is a transfer of personal data to the USA, different protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data following the protection level in Europe. If this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
Rocket Science Group LLC d/B/a MailChimp is certified under the Privacy Shield Agreement and offers a guarantee of compliance with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
Although we acknowledge that after the recent Schrems 2 case, the Privacy Shield has been effectively invalidated. As such, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR.
Spherity relies on explicit and freely given consent before marketing through MailChimp.
(d) Google Fonts
This website is using Google Fonts. The Google Fonts API is designed to limit the collection, storage, and use of end-user data to only what is needed to serve fonts efficiently.
Use of Google Fonts is unauthenticated. No cookies are sent by website visitors to the Google Fonts API. Requests to the Google Fonts API are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com. This means your font requests are separate from and don’t contain any credentials you send to google.com while using other Google services that are authenticated, such as Gmail.
In order to serve fonts quickly and efficiently with the fewest requests, responses are cached by the browser to minimize round-trips to our servers.
Requests for CSS assets are cached for 1 day. This allows us to update a stylesheet to point to a new version of a font file when it’s updated, and ensures that all websites using fonts hosted by the Google Fonts API will be using the most updated version of each font within 24 hours of each release.
The font files are cached for 1 year, which cumulatively has the effect of making the entire web faster: When millions of websites all link to the same fonts, they are cached after visiting the first website and appear instantly on all other subsequently visited sites. We sometimes update font files to reduce their file size, increase coverage of languages, and improve the quality of their design. The result is that website visitors send very few requests to Google: We only see 1 CSS request per font family, per day, per browser.
(e) Google Tag Manager
In order to monitor system stability and performance, Google Tag Manager may collect some aggregated data about tag firing. This data does not include user IP addresses or any user-specific identifiers that could be associated with a particular individual. Other than data in standard HTTP request logs, all of which is deleted within 14 days of being received, Google Tag Manager does not collect, retain, or share any information about visitors to our customers’ properties, including page URLs visited. Learn more about how the Google Tag Manager uses data in their terms of service: https://support.google.com/tagmanager/answer/7157428
Legal basis for processing personal data
The GDPR requires a legal basis for our use of personal data. Our legal basis varies depending on the specific purpose for which we use personal information. We may potentially use:
- Performance of a contract when we provide you with products or services, or communicate with you about them under the terms of an agreement or contract we have with you.
- Our legitimate business interests in (among other things) delivering our Services, conducting commercial research, improving and maintaining our Services, protecting the security or integrity of our databases, protecting our business or reputation, taking precautions against legal liability, dealing with our assets in the event of a business change, protecting and defending our legal rights or property, or for resolving disputes, investigating and attending to inquiries or complaints with respect to your use of our Services;
- Your explicit and freely given consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose.
- Compliance with a legal obligation when we use your personal information to comply with laws, a court order, a warrant or other relevant legal instrument.
Given our commitment to compliance as a company, it is unlikely that Spherity will rely on the grounds of legitimate interests, owing to loopholes and grey areas arising out of this ground which do not lend well to the protection of personal data for a data subject.
Third-country transfers of personal data
What are your data rights?
If you have personal data processed by Spherity, you are a ‘data subject’. As a data subject, you have a number of rights which we, Spherity, as the data controller for your data, must uphold.
Right to information (Art. 15 GDPR)
Data subjects have the right to obtain information about whether and, if so, what information is stored about them and for what purposes. Art. 15 GDPR conclusively regulates which information must be made available to the data subject. In addition, he or she is also entitled to a free copy of the data.
Right to rectification (Article 16 of the GDPR)
Pursuant to Article 16 of the GDPR, the data subject has the right to demand that the controller rectify any inaccurate personal data without undue delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
Right to erasure (Art. 17 GDPR).
The data subject has the right to request from the controller that personal data concerning him or her be erased without undue delay and the controller is obliged to erase personal data without undue delay.
Right to restriction of processing (Art. 18 GDPR).
The data subject has the right to request the controller to restrict the processing of his/her data.
Right to data portability (Art. 20 GDPR)
The data subject has the right, provided that the conditions are met, to receive the personal data concerned that he or she has provided to a controller in a structured, commonly used and machine-readable format and he or she has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided.
Right to object (Art. 21 GDPR)
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f). This can be done both in automated and electronic form.
If you want to act on one of these rights, you can make a request. Upon receiving a request, we have one month to act on your request. If you would like to make a request, please contact us at:
Contact email: firstname.lastname@example.org
How long do we keep your data for?
Spherity will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
What are cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.
For further information, visit: allaboutcookies.org
- Helping to understand how you use the website.
- Helping to aggregate data about the performance of the website.
- Google analytics as described above.
For any cookie on Spherity’s website, regardless of whether it collects personal data or not, Spherity has the cookie disabled by default. This is important given the CJEU ruling in the Planet 49 case which ruled that any pre-ticked cookie boxes do not constitute valid consent.
Spherity also respects the ‘Do not Track’ header.
How to manage cookies
You can set your browser not to accept cookies. You can block cookies by installing a browser add-on such as Privacy Badger or uBlock Origin. However, in a few cases, some of our website features may not function properly as a result.
Spherity’s services are not directed to children and/or persons under the age of majority in their respective jurisdictions. Spherity do not knowingly collect personal data from individuals under eighteen (18) years of age. Any data found to be collected from a person under the age of eighteen will be expressly removed, unless we receive explicit permission from a parent or legal guardian.
How to contact us
Contact email: email@example.com
Mail address: Emil-Figge-Straße 80, 44227 Dortmund, Germany
Competent supervisory authority
Should you wish to report a complaint or if you feel like Spherity has not addressed your concern in a satisfactory or timely manner, you may contact the relevant competent supervisory authority.
The supervisory authority responsible for our company is:
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
Telephone: +49 (0)211 38424-0