Diese Seite auf Deutsch

Data Protection Policy SPiN AG

You came to this page because you want to inform yourself about our handling of (your) personal data. In order to fulfil our duty to provide information in accordance with Art. 12 ff. of the General Data Protection Regulation (GDPR), we are pleased to provide you with the following information.

Who is responsible for data handling?

Controller within the meaning of the GDPR is

SPiN AG Emmeramsplatz 5 93047 Regensburg ‍ You can find further information about our company, details of the authorised representatives and other contact details in the imprint of our company website at https://www.spin-ag.de/impressum.html

What data will be processed by us and for what purposes?

If we receive data from you, we only process them for those purposes we have received or collected them for.

Data processing for other purposes is only considered provided that legal requirements are met pursuant to Art. 6 (4). Any obligations to provide information pursuant Art. 13 (3) GDPR and Art. 14 (4) GDPR will of course be taken into account in this case.

What legal basis is the processing based on?

Legal basis for the processing of personal data is in principle - insofar as there are no additional specific statutory regulations - Art. 6 GDPR; in particular the following possibilities: ‍

  • Consent (Art. 6 (1) point a GDPR)
  • Data processing for the purpose of fulfilling contracts (Art. 6 (1) point f GDPR)
  • Data processing based on a balance of interests (Art. 6 (1) point c GDPR)
  • Data processing for the purpose of fulfilling legal obligations (Art. 6 (1) point c GDPR)

If we process your personal data based on your consent, you have the right to withdraw a given consent at any time with effect for the future.

If we process your personal data based on a weighing of interests, you have the right to object to the processing of personal data in compliance with the requirements of Art. 21 GDPR.

For how long is personal data stored?

We process the data as long as this is necessary for the respective purpose.

Insofar as legal retention obligations exist - e.g. in commercial or tax law - the personal data concerned are stored for the duration of the retention obligation. After the expiry of the retention obligation, we check, if there are further obligations for processing. If there is no obligation, the data will be deleted.

Of course, you may request information (see below) about your personal data stored by us at any time and, if there is no requirement, request that the data be deleted or that processing be restricted.

Which recipients is the data passed on to?

We only pass your personal data on to third parties if this is necessary for the execution of the contract with you, if the passing on is permissible on the basis of a balance of interests within the meaning of Art. 6. (1) f GDPR, if we are legally obliged to the passing on or if you have given your consent in this respect.

Where is the data processed?

Your personal data is electronically processed solely on dedicated IT systems at our company headquarters and our data centre in Germany. Only administrators and resepective authorised persons have access to these IT systems.

Your rights as „data subjects“

You have the right to be informed about your personal data processed by us. If your request for information is not made in writing, please understand that we may require supporting documents from you to prove that you are the person you claim to be. ‍ Furthermore, as a data subject, you have the right to rectification, right to erasure and right to restriction of processing. ‍ Furthermore, you have the right to object to the processing of your data within the framework of legal requirements. The same applies to a right to data transferability. ‍ ‍In particular, you have the right to object pursuant to Art. 21 (1) and (2) GDPR against the processing of your data in connection with direct advertising, if this is based on a balance of interests.

Data protection team, Data protection officer

Our data protection team will be happy to answer GDPR right of access requests in a timely manner; you can contact them via email to or via letter to the address given above. Data protection officer on behalf of DEKRA Assurance Services GmbH: Sonja Tietz, email: , address: Von-Vequel-Str. 11, 85411 Hohenkammer, Germany.

Right to lodge a complaint

You have the right to lodge a complaint with a competent data protection supervisory authority.

Changes to the data protection policy

We reserve the right to change our data protection policy. If we believe that the changes are material, we will post that on our website. Please make sure you read the latest version here on this page. ‍ Effective: 25 June 2024