Privacy Policy

I. Scope of Application

The protection of Personal Data (as defined in Art. 4 GDPR) is very important to Spryker. This Notice describes how Spryker is handling Personal Data in connection with its website, available at www.spryker.com.

 

II. Data Controller

Personal Data is being processed by Spryker Systems GmbH, Heidestraße 9-10, 10557 Berlin, Germany (“Spryker”) as the Controller (as defined in Art. 4 GDPR). Spryker can be reached via email at legal@spryker.com.

 

III. Data Protection Officer

Spryker has appointed MARAIT Rechtsanwaltsgesellschaft mbH as its external DPO, with postal address at Neuer Wall 75, 20354 Hamburg, Germany.

The DPO can be reached at mail@marait.de.

Please contact Spryker’s internal Privacy Team at any time with any questions or suggestions regarding data protection at legal@spryker.com.

 

IV. Processing Activities, Purpose and Legal Basis

IV.I Making the Website Available

If you use the website, we collect personal data that your browser transmits to our server. We collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

  • IP address;
  • date and time of the visit;
  • content of the requested page;
  • access status / HTTP status code;
  • data volume;
  • browser;
  • operating system;
  • interface (resolution);
  • language; and
  • browser version.

When using this data and information, we do not draw conclusions about you and do not collate your data with other personal data of yours. Rather, this information is needed in order to:

  • ensure our website content is delivered correctly to you;
  • optimize our website content and related advertising;
  • maintain the long-term functionality of our IT and website technology; and
  • provide necessary information to law enforcement in the event of a cyber attack.

This anonymously collected data is statistically evaluated to improve data protection and security within our company, ultimately ensuring an optimal level of protection for the personal data we process.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case after one month at the latest.

The legal basis is Art. 6 (1) (f) GDPR. The aforementioned purposes also constitute the legitimate interest in this processing of personal data. Insofar as data is collected to the extent described, this is essential for the security and operation of the website, so the processing cannot be objected to.

 

IV.II Using a Contact Form

We offer several contact forms on the website (e.g. “Get in Touch”, “Request a Demo”, and others). If you use one of these contact forms, we process all or some of the following personal data:

  • first and last name;
  • email address;
  • company you work for;
  • country of operation;
  • phone number;
  • topic you want to talk to us about;
  • a date that would work for you for a first chat; and
  • potentially other information, depending on what the contact form is about.

We collect these details so we can get back to you and respond to your request.

The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest is to enable the conversation with you and, if of interest to you as well, to start making business together.

 

IV.III Communication via Email

If you contact Spryker via email, we process the personal data contained in your email and any attachments.

This may include, in particular:

  • your name;
  • email address;
  • company affiliation;
  • contact details;
  • the content of your message; and
  • any additional personal data contained in attachments or email signatures.

We process this data in order to:

  • respond to your request or inquiry;
  • communicate with you regarding business matters;
  • maintain records of correspondence; and
  • ensure the security and integrity of our email systems.

The legal basis for this processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in handling communication with business partners, customers, applicants and other stakeholders.

If the communication is related to a contract or pre-contractual relationship, the legal basis may also be Art. 6 (1) (b) GDPR.

 

IV.IV Communication and Collaboration Tools

For internal coordination and business operations, Spryker uses communication and collaboration tools, including email, messaging, document sharing, productivity and video conferencing platforms.

In some cases, Spryker may invite business partners, customers, prospects or other external stakeholders to collaborate through such tools.

Depending on the functionality used, these services may process personal data such as names, contact details, communication content, meeting participation data, documents shared through the platform and related metadata.

Some of these tools may include AI-assisted features that support productivity, communication and collaboration. Where such features are used, Spryker applies appropriate contractual, technical and organizational safeguards and internal policies designed to ensure that personal data processed through such tools is limited to what is necessary for the relevant business purpose.

This may include AI-assisted functionalities provided by collaboration platforms, where enabled by Spryker in accordance with its internal governance, security and data protection requirements.

The legal basis for this processing is Art. 6 (1) (f) GDPR. Spryker’s legitimate interest is the efficient and secure operation of its business processes, internal communication and collaboration with business partners and other stakeholders.

Where the use of such tools is directly related to the performance of a contract or pre-contractual measures, the legal basis may also be Art. 6 (1) (b) GDPR.

 

IV.V Email Security and Phishing Protection

To support secure communication and collaboration, including email services, Spryker uses Google Workspace and other business communication platforms.

These services may include automated security features designed to detect spam, malware, phishing attempts and other cybersecurity threats.

Emails sent to or from Spryker email addresses may therefore be automatically scanned and analyzed by security systems to detect malicious content, spam or phishing attempts.

As part of these processes:

  • certain email metadata and content may be analyzed by automated systems;
  • this analysis is performed to protect the integrity, confidentiality and availability of Spryker’s IT systems; and
  • according to provider documentation, pseudonymized data may be used to improve security systems and machine-learning models designed to detect spam, malware or phishing attacks.

Where personal data is transferred to countries outside the European Economic Area, Spryker ensures an adequate level of data protection through appropriate safeguards such as EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

The legal basis for this processing is Art. 6 (1) (f) GDPR, as Spryker has a legitimate interest in protecting its IT systems, employees and communication partners against cybersecurity threats.

 

IV.VI Newsletter

If you subscribe to a Spryker newsletter via our website, we process the following personal data:

  • email address; and
  • the information that you agree to receive the newsletter.

Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively for the dispatch of the requested newsletter type and do not pass it on to third parties without your consent.

The legal basis for this is your consent pursuant to Art. 6 (1) (a) GDPR.

You can withdraw your consent at any time, for example via the “Unsubscribe” link contained in each newsletter. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

IV.VII Google AdWords

Spryker uses Google AdWords to promote its website through interest-based advertising.

When users reach our website via a Google advertisement, a conversion cookie may be stored, allowing Google to generate visit statistics for us to optimize our advertising campaigns.

Personal data, including IP address, may be transferred to and stored by Google. Google may share this data with third parties in accordance with its privacy practices.

Users can prevent the storage of cookies through their browser settings or delete existing cookies. Users can also object to interest-based advertising by adjusting their Google advertising settings.

Spryker has entered into appropriate contractual arrangements with Google, including safeguards for international data transfers where required.

More information is available in Google's Privacy Policy: https://policies.google.com/privacy.

 

IV.VIII Cookies and Social Media Plug-ins

Details on how we process your personal data using cookies and similar technologies can be found in our cookie banner, accessible via our website footer (“Cookie Settings”).

 

IV.IX Career

Details on how we handle applications, including those submitted through our website, are described in our Applicant Privacy Notice.

 

V. Special Categories of Personal Data

Spryker does not intentionally or knowingly collect or process personal data that constitute special categories of personal data within the meaning of Art. 9 GDPR through the website.

 

VI. Automated Decision-Making

Spryker does not use your personal data for automated decision-making.

 

VII. Data Retention

Spryker deletes personal data as soon as it is no longer necessary for the purposes described above and there are no applicable legal retention obligations or documentation requirements requiring further storage.

 

VIII. Recipients

Spryker may use data processors for the purposes described above and share personal data with them (e.g. website hosting providers). Such sharing is always governed by appropriate contractual arrangements, including data processing agreements where required by law.

Such service providers may include providers of:

  • email services;
  • messaging and collaboration platforms;
  • document management systems;
  • customer relationship management systems;
  • cloud hosting services; and
  • video conferencing services.

Spryker may also share personal data with affiliated companies where necessary for internal administrative purposes or to support business operations.

In addition, Spryker may share personal data with recipients depending on your cookie settings and preferences.

Spryker may further share personal data with third parties where necessary, for example to obtain legal advice, comply with legal obligations, protect legal claims or where third parties act as data processors on Spryker’s behalf.

To the extent Spryker transfers personal data to countries outside the European Economic Area, Spryker will implement appropriate safeguards in accordance with Art. 44 et seq. GDPR to ensure an adequate level of protection.

 

IX. Data Subjects’ Rights

You have the following rights under the GDPR:

  • Right to withdraw consent at any time (Art. 7 GDPR);
  • Right of access (Art. 15 GDPR);
  • Right to rectification (Art. 16 GDPR);
  • Right to erasure (Art. 17 GDPR);
  • Right to restriction of processing (Art. 18 GDPR);
  • Right to data portability (Art. 20 GDPR); and
  • Right to object (Art. 21 GDPR).

If you wish to withdraw your consent or have any questions regarding Spryker’s processing of your personal data, please contact Spryker at legal@spryker.com.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a competent supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.