SpaceTech Data Privacy Statement
1. Data Protection at a Glance
General Information
The following information provides a simple overview of what happens to your personal data
when you visit this website. Personal data is any data that can be used to identify you
personally. Detailed information on data protection can be found in our privacy policy listed
below this text.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their
contact details in the section “Information about the Responsible Party” in this privacy
policy.
How do we collect your data?
Your data is collected in part when you provide it to us. This may include, for example, data
you enter into a contact form.
Other data is collected automatically or with your consent when you visit the website
through our IT systems. This is mainly technical data (e.g., internet browser, operating
system, or time of page access). This data is collected automatically as soon as you enter
this website.
What do we use your data for?
Some of the data is collected to ensure error-free provision of the website. Other data may
be used to analyze your user behavior. If contracts can be concluded or initiated via the
website, the transmitted data will also be processed for contract offers, orders, or other
inquiries.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin,
recipient, and purpose of your stored personal data. You also have the right to request
correction or deletion of this data. If you have given consent to data processing, you can
revoke this consent at any time for the future. Furthermore, you have the right, under
certain circumstances, to request restriction of the processing of your personal data. You
also have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time regarding this and other questions on the subject of data
protection.
Analysis Tools and Third-Party Tools
When visiting this website, your browsing behavior may be statistically evaluated. This is
mainly done using analysis programs. Detailed information on these analysis programs can
be found in the following privacy policy.
2. Hosting
We use the following provider to host our website content:
All-Inkl
The provider is ALL-INKL.COM – Neue Medien Münnich, owner René Münnich, Hauptstraße
68, 02742 Friedersdorf, Germany (hereinafter “All-Inkl”). Details can be found in All-Inkl’s
privacy policy: all-inkl.com/datenschutzinformationen/.
The use of All-Inkl is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring
the most reliable presentation of our website. If consent has been requested, processing is
carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the
consent includes the storage of cookies or access to information in the user’s device (e.g.,
device fingerprinting). Consent can be revoked at any time.
Data Processing Agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider.
This is a legally required contract that ensures that the provider processes personal data of
our website visitors only according to our instructions and in compliance with the GDPR.
3. General Information and Mandatory Information
Data Protection
The operators of this website take the protection of your personal data very seriously. We
treat your personal data confidentially and in accordance with statutory data protection
regulations and this privacy policy.
When you use this website, various personal data is collected. This privacy policy explains
what data we collect and what we use it for, as well as how and for what purpose this
happens.
Please note that data transmission over the Internet (e.g., communication by email) may
have security vulnerabilities. Complete protection of data against access by third parties is
not possible.
Information about the Responsible Party
The responsible party for data processing on this website is:
SpaceTech GmbH
Seelbachstraße 13
88090 Immenstaad
Deutschland
E-Mail: info@spacetech-i.com
Telefon:+49-7545-93284-62
The responsible party is the natural or legal person who alone or jointly with others decides
on the purposes and means of processing personal data (e.g., names, email addresses,
etc.).
Storage Duration
Unless a more specific storage period is stated in this privacy policy, your personal data will
remain with us until the purpose for data processing no longer applies. If you assert a
legitimate request for deletion or revoke your consent, your data will be deleted unless we
have other legally permissible reasons for storing your personal data (e.g., tax or
commercial retention periods); in the latter case, deletion will take place after these reasons
cease to apply.
General information on the legal bases for data processing on this website
If you have consented to data processing, we process your personal data on the basis of
Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, insofar as special categories of data pursuant
to Article 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal
data to third countries, data processing is also carried out on the basis of Article 49(1)(a)
GDPR. If you have consented to the storage of cookies or to access to information on your
device (e.g., via device fingerprinting), data processing is additionally carried out on the
basis of Section 25(1) TDDDG. Consent can be revoked at any time.
If your data is required for the performance of a contract or for the implementation of precontractual
measures, we process your data on the basis of Article 6(1)(b) GDPR.
Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis
of Article 6(1)(c) GDPR. Data processing may also be carried out on the basis of our
legitimate interest pursuant to Article 6(1)(f) GDPR.
Information on the specific legal bases applicable in each individual case is provided in the
following paragraphs of this privacy policy.
Data Protection Officer
We have appointed a data protection officer. You can contact them at the above address
with the addition “Data Protection Officer” or via:
Email: datenschutz@spacetech-i.com
Notice regarding data transfers to third countries that are not considered secure
under data protection law, as well as transfers to US companies that are not DPFcertified
We use, among other things, tools from companies based in third countries that are not
considered secure under data protection law, as well as US-based tools whose providers are
not certified under the EU–US Data Privacy Framework (DPF). If these tools are active, your
personal data may be transferred to these countries and processed there. We would like to
point out that a level of data protection comparable to that of the EU cannot be guaranteed
in third countries that are not considered secure under data protection law.
We also note that the United States is generally regarded as a secure third country with a
level of data protection comparable to that of the EU. Accordingly, data transfers to the
United States are permitted if the recipient is certified under the “EU–US Data Privacy
Framework” (DPF) or provides appropriate additional safeguards. Information on transfers to
third countries, including the data recipients, can be found in this privacy policy.
Recipients of Personal Data
In the course of our business activities, we cooperate with various external parties. In some
cases, this also requires the transfer of personal data to these external parties. We only
disclose personal data to external parties if this is necessary for the performance of a
contract, if we are legally obliged to do so (e.g., disclosure of data to tax authorities), if we
have a legitimate interest in the disclosure pursuant to Article 6(1)(f) GDPR, or if another
legal basis permits the data transfer. When using data processors, we only pass on our
customers’ personal data on the basis of a valid data processing agreement. In the case of
joint processing, a joint processing agreement is concluded.
Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You may
withdraw your consent at any time. The lawfulness of data processing carried out prior to
the withdrawal remains unaffected.
Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21
GDPR)
If data processing is based on Article 6(1)(e) or (f) GDPR, you have the right to object at
any time, on grounds relating to your particular situation, to the processing of your personal
data; this also applies to profiling based on these provisions. The respective legal basis on
which processing is based can be found in this privacy policy. If you object, we will no longer
process your personal data unless we can demonstrate compelling legitimate grounds for the
processing which override your interests, rights, and freedoms, or the processing serves to
establish, exercise, or defend legal claims (objection pursuant to Article 21(1) GDPR).
If your personal data is processed for direct marketing purposes, you have the right to
object at any time to the processing of personal data concerning you for the purpose of such
advertising; this also applies to profiling insofar as it is related to such direct marketing. If
you object, your personal data will subsequently no longer be used for direct marketing
purposes (objection pursuant to Article 21(2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint
with a supervisory authority, in particular in the Member State of their habitual residence,
place of work, or the place of the alleged infringement. This right exists without prejudice to
other administrative or judicial remedies.
Right to Data Portability
You have the right to receive data that we process automatically on the basis of your
consent or in fulfillment of a contract, in a commonly used, machine-readable format, either
to yourself or to a third party. If you request the direct transfer of the data to another
controller, this will only take place where technically feasible.
Access, Correction, and Deletion
Within the framework of applicable legal provisions, you have the right at any time to
obtain, free of charge, information about your stored personal data, its origin and recipients,
and the purpose of the data processing, and, where applicable, a right to rectification or
erasure of this data. You may contact us at any time with regard to this or other questions
on the subject of personal data.
Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data. You
may contact us at any time for this purpose. The right to restriction of processing applies in
the following cases:
If you contest the accuracy of your personal data stored by us, we usually need time to
verify this. For the duration of the verification, you have the right to request restriction of
the processing of your personal data.
If the processing of your personal data was/is unlawful, you may request restriction of
processing instead of erasure.
If we no longer need your personal data, but you require it for the establishment, exercise,
or defense of legal claims, you have the right to request restriction of processing instead of
erasure.
If you have lodged an objection pursuant to Article 21(1) GDPR, a balance must be struck
between your interests and ours. As long as it has not yet been determined whose interests
prevail, you have the right to request restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data—apart from being
stored—may only be processed with your consent or for the establishment, exercise, or
defense of legal claims, or for the protection of the rights of another natural or legal person,
or for reasons of important public interest of the European Union or of a Member State.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders
or inquiries that you send to us as the site operator, this website uses SSL or TLS
encryption. You can recognize an encrypted connection by the change in the browser’s
address line from “http://” to “https://” and by the lock symbol in your browser bar.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third
parties.
Objection to Advertising Emails
We hereby object to the use of contact data published as part of our legal notice
requirements for the purpose of sending unsolicited advertising and informational materials.
The operators of this website expressly reserve the right to take legal action in the event of
the unsolicited sending of advertising information, such as spam emails.
4. Data Collection on This Website
Cookies
Our websites use so-called “cookies.” Cookies are small data packets and do not cause any
damage to your device. They are stored either temporarily for the duration of a session
(session cookies) or permanently (permanent cookies) on your device. Session cookies are
automatically deleted after the end of your visit. Permanent cookies remain stored on your
device until you delete them yourself or until they are automatically deleted by your web
browser.
Cookies may originate from us (first-party cookies) or from third-party companies (thirdparty
cookies). Third-party cookies enable the integration of certain services from thirdparty
companies within websites (e.g., cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website
functions would not work without them (e.g., the shopping cart function or the display of
videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are required for carrying out the electronic communication process, for
providing certain functions requested by you (e.g., for the shopping cart function), or for
optimizing the website (e.g., cookies for measuring the web audience) (necessary cookies)
are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The
website operator has a legitimate interest in storing necessary cookies for the technically
error-free and optimized provision of its services. If consent to the storage of cookies and
comparable recognition technologies has been requested, processing is carried out
exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG);
consent may be withdrawn at any time.
You can configure your browser to inform you about the setting of cookies and to allow
cookies only in individual cases, to exclude the acceptance of cookies for specific cases or in
general, and to activate the automatic deletion of cookies when closing the browser.
Disabling cookies may limit the functionality of this website.
Inquiry by Email, Telephone, or Fax
If you contact us by email, telephone, or fax, your inquiry, including all resulting personal
data (name, inquiry), will be stored and processed by us for the purpose of handling your
request. We will not pass on this data without your consent.
The processing of this data is based on Article 6(1)(b) GDPR if your inquiry is related to the
fulfillment of a contract or is necessary for the implementation of pre-contractual measures.
In all other cases, processing is based on our legitimate interest in the effective handling of
inquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if
this has been requested; consent may be withdrawn at any time.
The data you send to us via contact inquiries remains with us until you request its deletion,
revoke your consent to storage, or the purpose for data storage no longer applies (e.g.,
after your request has been processed). Mandatory statutory provisions—especially statutory
retention periods—remain unaffected.
5. Analytics Tools and Advertising
For the analysis of user behavior and for advertising purposes, we use the following
provider(s):
etracker
We use the web analytics service etracker provided by etracker GmbH to analyze user
behavior on our website. Data is processed exclusively in Germany, and no cookies are set
without consent. Processing is carried out on the basis of our legitimate interest in the
statistical analysis and optimization of our online offering pursuant to Article 6(1)(f) GDPR.
6. Plugins and Tools
For the use of plugins and other tools on our website, we use the following provider(s):
Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited
(“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service allows us to embed
map material on our website.
To use the functions of Google Maps, it is necessary to store your IP address. This
information is usually transmitted to a Google server in the USA and stored there. The
provider of this site has no influence on this data transfer. If Google Maps is activated,
Google may use Google Fonts for the purpose of uniform font display. When you access
Google Maps, your browser loads the required web fonts into its browser cache in order to
display text and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offerings
and to make it easy to locate the places indicated on our website. This constitutes a
legitimate interest within the meaning of Article 6(1)(f) GDPR. If corresponding consent has
been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR
and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access
to information on the user’s device (e.g., device fingerprinting) within the meaning of the
TDDDG. Consent can be withdrawn at any time.
Data transfers to the USA are based on the standard contractual clauses of the European
Commission. Details can be found here:
privacy.google.com/businesses/gdprcontrollerterms/
privacy.google.com/businesses/gdprcontrollerterms/sccs/
Further information on the handling of user data can be found in Google’s privacy policy:
policies.google.com/privacy
The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an
agreement between the European Union and the USA to ensure compliance with European
data protection standards for data processing in the USA. Each company certified under the
DPF undertakes to comply with these data protection standards. More information is
available here:
https://www.dataprivacyframework.gov/participant/5780
Vimeo without tracking ( Do-Not-Track)
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West
18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with Vimeo videos, a connection to Vimeo’s
servers is established. In doing so, the Vimeo server is informed which of our pages you
have visited. Vimeo also obtains your IP address. However, we have configured Vimeo so
that it does not track your user activities and does not set cookies.
The use of Vimeo is in the interest of an appealing presentation of our online offerings. This
constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If corresponding
consent has been requested, processing is carried out exclusively on the basis of Article
6(1)(a) GDPR; consent can be withdrawn at any time.
Data transfers to the USA are based on the standard contractual clauses of the European
Commission and, according to Vimeo, on “legitimate business interests.” Details can be
found here:
vimeo.com/privacy
Further information on the handling of user data can be found in Vimeo’s privacy policy:
vimeo.com/privacy
The company is certified under the “EU–US Data Privacy Framework” (DPF). More
information is available here:
https://www.dataprivacyframework.gov/participant/5711
7. Audio and Video Conferences
Data Processing
We use online conferencing tools, among others, to communicate with our customers. The
specific tools we use are listed below. If you communicate with us via video or audio
conference over the internet, your personal data will be collected and processed by us and
by the provider of the respective conferencing tool.
The conferencing tools collect all data that you provide/use to use the tools (email address
and/or your phone number). They also process the duration of the conference, start and end
(time) of participation, number of participants, and other “context information” related to
the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required for handling
online communication. This includes IP addresses, MAC addresses, device IDs, device type,
operating system type and version, client version, camera type, microphone or speaker, and
the type of connection.
If content is exchanged, uploaded, or otherwise made available within the tool, it is also
stored on the servers of the tool providers. Such content includes, in particular, cloud
recordings, chat/instant messages, voicemails, uploaded photos and videos, files,
whiteboards, and other information shared while using the service.
Please note that we do not have full control over the data processing operations of the tools
used. Our options are largely determined by the corporate policies of the respective
provider. Further information on data processing by the conferencing tools can be found in
the privacy policies of the respective tools listed below.
Purpose and Legal Bases
The conferencing tools are used to communicate with prospective or existing contractual
partners or to offer certain services to our customers (Article 6(1)(b) GDPR). Furthermore,
the use of these tools serves to generally simplify and accelerate communication with us or
our company (legitimate interest pursuant to Article 6(1)(f) GDPR). If consent has been
requested, the tools are used on the basis of this consent; consent can be withdrawn at any
time with effect for the future.
Storage Duration
Data collected directly by us via video and conferencing tools will be deleted from our
systems as soon as you request deletion, revoke your consent to storage, or the purpose for
data storage no longer applies. Stored cookies remain on your device until you delete them.
Mandatory statutory retention periods remain unaffected.
We have no influence over the storage duration of your data that is stored by the operators
of the conferencing tools for their own purposes. For details, please contact the operators of
the conferencing tools directly.
Conferencing Tool Used
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft
Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data
processing can be found in Microsoft Teams’ privacy policy:
privacy.microsoft.com/de-de/privacystatement
The company is certified under the “EU–US Data Privacy Framework” (DPF). More
information is available here:
https://www.dataprivacyframework.gov/participant/6474
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned
service. This is a contract required under data protection law, ensuring that personal data of
our website visitors is processed only in accordance with our instructions and in compliance
with the GDPR.
8. Our Own Services
Handling of Applicant Data
We offer you the opportunity to apply to us (e.g., by email, post, or via an online application
form). In the following, we inform you about the scope, purpose, and use of your personal
data collected as part of the application process. We assure you that the collection,
processing, and use of your data is carried out in accordance with applicable data protection
law and all other legal provisions, and that your data will be treated strictly confidentially.
Scope and Purpose of Data Collection
If you send us an application, we process your associated personal data (e.g., contact and
communication data, application documents, notes from interviews, etc.) insofar as this is
necessary for the decision on establishing an employment relationship. The legal basis for
this is Section 26 BDSG under German law (initiation of an employment relationship), Article
6(1)(b) GDPR (general contract initiation), and—if you have given your consent—Article
6(1)(a) GDPR. Consent can be withdrawn at any time. Your personal data will only be shared
within our company with persons involved in processing your application.
If your application is successful, the data you have submitted will be stored in our data
processing systems on the basis of Section 26 BDSG and Article 6(1)(b) GDPR for the
purpose of carrying out the employment relationship.
Service Used for Applicant Data Processing
Factorial HR
We use the HR software Factorial HR by Factorial GmbH to manage our HR processes. In this
context, personal data of our employees is processed in accordance with legal requirements.
A data processing agreement pursuant to Article 28 GDPR has been concluded with the
provider, ensuring that your data is treated confidentially and in compliance with applicable
data protection regulations.
Data Retention Period
If we are unable to offer you a position, if you decline a job offer, or if you withdraw your
application, we reserve the right to retain the data you have submitted on the basis of our
legitimate interests (Article 6(1)(f) GDPR) for up to 6 months from the end of the application
process (rejection or withdrawal of the application). The data will then be deleted and
physical application documents destroyed. Retention serves, in particular, as evidence in the
event of a legal dispute. If it is evident that the data will be required after the 6-month
period (e.g., due to a pending or threatened legal dispute), deletion will only take place once
the purpose for further retention no longer applies.
Longer retention may also take place if you have given corresponding consent (Article
6(1)(a) GDPR) or if statutory retention obligations prevent deletion.
Inclusion in the Applicant Pool
If we are unable to offer you a position, it may be possible to include you in our applicant
pool. In the event of inclusion, all documents and information from your application will be
transferred to the applicant pool in order to contact you in the event of suitable vacancies.
Inclusion in the applicant pool is based exclusively on your explicit consent (Article 6(1)(a)
GDPR). Providing consent is voluntary and is not related to the ongoing application process.
The data subject may withdraw their consent at any time. In this case, the data will be
irrevocably deleted from the applicant pool, provided there are no legal reasons for
retention.
Data from the applicant pool will be irrevocably deleted no later than 12 months after
consent has been given.