Status: 2 November 2025
Scope: This privacy policy applies to the website https://sphereoptics.de (including contact forms, download and enquiry forms), to our newsletter distribution and, as described below, to embedded third-party content (e.g. YouTube) and reach/usage analysis (e.g. Google Analytics, Microsoft Clarity). Product and customer portals are not included; separate data protection notices may apply in this case.
Controller (Art. 4 No. 7 GDPR):
SphereOptics GmbH, Gewerbestraße 13, 82211 Herrsching, Germany
Tel.: +49 8152 983 78-90, Email: info@sphereoptics.de
Website: https://www.sphereoptics.de
Management: Ian Stansfield, Robert Yeo
Affiliation: SphereOptics GmbH is part of the Pro-Lite group of companies (majority shareholder: Pro-Lite Technology Ltd). This privacy policy refers to the processing activities of SphereOptics GmbH for the German website and the services described therein.
Data protection supervisor:
Mr. Mario Rath, Fischerei 39, 86911 Dießen am Ammersee, Germany
Tel: +49 160 8457235, E-Mail: datenschutz@mario-rath.de
Competent supervisory authority:
Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany, https://www.lda.bayern.de
We process personal data in accordance with the GDPR (General Data Protection Regulation), the BDSG (Federal Data Protection Act) and the TTDSG (Telecommunications-Telemedia-Data Protection Act). The details of the data processed depend on the use of our website and services.
Categories of data subjects: website visitors, communication partners, newsletter subscribers, applicants.
Categories of data: Master data (e.g. name, contact data), communication data (e.g. e-mail, IP address), content data (free text), usage/meta data (e.g. access times, device information), application data.
Sources of data: In principle, we collect data directly from you. In individual cases, we receive data from other sources (e.g. public registers) – details are provided in the relevant section.
Legal basis (excerpt): Art. 6 para. 1 lit. a GDPR (consent), lit. b (contract/initiation), lit. c (legal obligation), lit. f (legitimate interests). For applications: § 26 BDSG.
Purposes: Provision of the website, stability, security, error analysis.
Data processed: IP address, date/time, requested resource/URL, referrer, user agent, status and transmission data if applicable.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in safe and functional operation).
Storage period: Server logs are stored for a maximum of 7 days and then deleted or anonymized.
Recipients (Group & Processors):
Security: We use TLS encryption, access controls, backups and monitoring, among other things (Art. 32 GDPR).
Principle: The storage of information on your device or the reading of information stored there (e.g. cookies, local storage, pixels) is only permissible with your consent (§ 25 para. 1 TTDSG) unless technically necessary. Technically required technologies are also permissible without consent according to Section 25 (2) TTDSG.
We use a consent management tool (CMP). You can view and revoke your choice at any time in the footer under “Cookie settings”. The CMP logs consents (timing, categories) and blocks unnecessary scripts until consent.
Scripts that are not required – in particular Google Analytics 4 and Microsoft Clarity – are only loaded after consent has been given.
Categories:
Legal bases:
Storage period & specific cookies: The current terms and providers can be found in the cookie overview in the CMP.
Purposes: Processing of inquiries, communication, preparation of offers.
Data: Name, contact details, content of the request, metadata (time stamp), if applicable, company affiliation.
Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual communication/contract) or lit. f (legitimate interest in efficient communication).
Storage period: We regularly delete inquiries after 12 months, unless there are any legal retention obligations.
Recipients: Hosting/email providers as processors.
Purposes: To send you information about products, services and events.
Data: Email address, name if applicable, opt-in/opt-out times, interaction data (opens/clicks, if allowed).
Service provider: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (processor, Art. 28 GDPR).
Legal bases:
Tracking in e-mails: Only if you have consented in the CMP or when registering.
Revocation/objection: At any time via the unsubscribe link or by e-mail to us.
Storage period: After unsubscribing, we store the e-mail exclusively in a blacklist to prevent further mailings (legitimate interest, Art. 6 para. 1 lit. f GDPR).
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose: Reach measurement, improvement of content and usability.
Function: GA4 sets cookies/similar technologies; we use IP anonymization. Data may be transferred to the United States. Transfers are based on Google’s EU-US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCC).
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG).
Objection/revocation: at any time via the CMP (“Cookie Settings”).
Storage period of events: usually 2–14 months (depending on configuration).
Order processing: concluded with Google (Art. 28 GDPR).
Anbieter: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Irland.
Purpose: Understanding of click and scroll behavior, heat maps, technical error analysis; Improving the user experience.
Data: usage data (mouse movements, clicks, scroll depth, technical device information), abbreviated IP address; Recordings are pseudonymised. Free text and form fields are escaped by default by our configuration.
Profiling note: Clarity can allow an evaluation of user behavior in combination with other data (Art. 4 No. 4 GDPR). No automated decisions within the meaning of Art. 22 GDPR.
Third country transfers: Possible transfer to third countries (including the United States) via Microsoft infrastructure. Secured via EU-US Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCC).
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG).
Revocation: at any time via the CMP.
Order processing: concluded with Microsoft (Art. 28 GDPR).
We use YouTube and LinkedIn. Third-party content is only loaded after your consent (2-click solution via the CMP). When loading, the provider can set its own cookies/trackers and process data (including IP address, device information, referrer); transfers to third countries (USA) are possible.
YouTube (Google Ireland Limited): Integration in the extended data protection mode.
LinkedIn (LinkedIn Ireland Unlimited Company): Social plugins/embeds only after consent.
Legal basis: Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG.
Revocation: at any time via the CMP.
Purpose: To carry out the selection procedure, to establish an employment relationship.
Data: Master data, contact details, qualification data, correspondence.
Legal basis: § 26 para. 1 BDSG (initiation of employment relationship); if applicable, Art. 6 (1) (b) GDPR.
Special categories: Only if required by law or with explicit consent (Art. 9 para. 2 GDPR).
Storage period:
Recipient: HR service provider / hosting as a processor.
We transmit data to service providers (e.g. hosting, e-mail, newsletter, analysis) only on the basis of a data processing agreement (Art. 28 GDPR).
transfers to third countries (esp. USA, UK) only take place if
Intra-group transfers:
SphereOptics GmbH is part of the Pro-Lite Group. For corporate administrative purposes (e.g. IT operations, uniform reporting, group-wide security measures), personal data may be transmitted to Pro-Lite Technology Ltd. and processed there as an independent controller. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interest in efficient group administration and IT security). Group agreements exist on data protection, confidentiality and security; Transfers to the United Kingdom are based on the EU Commission’s adequacy decision. Your rights will be protected.
Concrete:
Unless otherwise stated in this declaration, we delete personal data if it is no longer required for the respective purposes and does not conflict with any statutory retention obligations (e.g. HGB/AO up to 10 years). For log data, see Section 3, for applications, Section 10, for newsletters, Section 6.
You have the right to information, correction, deletion, restriction, data portability and objection to processing based on Art. 6 (1) (e) or (f) GDPR. In the case of processing based on your consent, you can revoke it at any time with effect for the future.
You also have the right to lodge a complaint with a data protection supervisory authority (the BayLDA is usually responsible, see above).
Contact for exercise of rights: datenschutz@mario-rath.de
You have the right to object at any time to processing based on Art. 6 (1) (e) or (f) GDPR on grounds relating to your particular situation. This also applies to profiling based on it. We will then no longer process the personal data unless we can prove compelling reasons worthy of protection.
Where we process personal data for direct marketing, you have the right to object at any time to processing for the purpose of such marketing; this also applies to profiling, insofar as it is related to direct advertising.
We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you. Usage data (e.g. in Clarity/Analytics) is not evaluated in order to make decisions with legal effect.
There is no legal or contractual obligation to provide personal data. Data is required for certain functions (e.g. contact, newsletter); without it, the use of the function is not possible.
We will adapt this statement if the law, services or processes change. The current version is available at https://sphereoptics.de/datenschutz. Changes are marked by the status date.
The complete, always up-to-date list (name, provider, purpose, duration) can be found in the CMP under “Cookie settings”.
Required
Statistics (only with consent)
Marketing/Convenience (only with consent)