Privacy Policy - SPRIND GmbH
We are pleased that you are visiting our website. 
Privacy information pursuant to Art. 13 of the EU General Data Protection Regulation (“GDPR”)
Data protection and security are important to us. We therefore would like to inform you which of your personal data we collect when you visit our website, for what purposes it is used, and what data protection rights you have.
Responsibility for data processing lies with SPRIND GmbH (hereinafter “SPRIND”, “we” or “us”).
Note: Changes to this Privacy Policy
Due to changes in statutory or regulatory requirements as well as the further development of technical standards and our services, it may be necessary to adapt this Privacy Notice; it is therefore reviewed regularly for any need for amendments or additions. The Privacy Notice may therefore be changed at any time with effect for the future.
Version of this Privacy Notice: February 2026
I. CONTROLLER AND DATA PROTECTION OFFICER
1. CONTROLER
The controller within the meaning of the GDPR as well as other national data protection laws of the EU Member States (Federal Data Protection Act for the Federal Republic of Germany, hereinafter “BDSG”) and other data protection provisions is: 
SPRIND GmbH, Lagerhofstr. 4, 04103 Leipzig 
Management: Ms Berit Dannenberg and Mr Rafael Laguna de la Vera:
Email: info@sprind.org(mailto:info@sprind.org)
2. DATA PROTECTION OFFICER
If you have questions about data protection, a data protection officer acting for SPRIND is available at the business address: SPRIND GmbH, Lagerhofstr. 4, 04103 Leipzig, Email: datenschutz@sprind.org(mailto:datenschutz@sprind.org).
II. Data security
We take technical and organizational measures to protect your data as comprehensively as possible against unwanted access. We use an encryption method on our website. Your information is transmitted from your computer to our server and back via the Internet using TLS encryption. You can usually recognize this by the closed padlock symbol in the status bar of your browser and the fact that the address line begins with https://. 
iiI. principles
This Privacy Notice applies to the processing of data in connection with your visit to our website.
If we refer to websites of other providers, the privacy notices and statements of those providers apply. 
1. Scope of the processing of personal data
As a rule, we process your personal data only insofar as this is necessary to provide you with our web and service offerings and a functional website, in particular: 
* Use of our website by interested parties
* Participation in (online) events
* Subscription to our newsletter
* Contacting us via the website contact form
2. RECHTSGRUNDLAGE
* Where personal data is processed on the basis of your consent, Art. 6(1)(a) GDPR and Art. 7 GDPR are the legal basis for the processing.
* Where personal data is processed for the performance of a contract or for the implementation of pre-contractual measures to which the data subject is a (contracting) party, Art. 6(1)(b) GDPR is the legal basis.
* Where processing of personal data is necessary for compliance with a legal obligation to which SPRIND is subject, the legal basis is Art. 6(1)(c) GDPR.
* Where vital interests of the data subject or another natural person make processing of personal data by SPRIND necessary, Art. 6(1)(d) GDPR is the legal basis.
* Where the performance of a task is necessary that is carried out in the public interest or in the exercise of official authority vested in SPRIND, the legal basis for the processing of personal data is Art. 6(1)(e) GDPR.
* Where personal data is processed to safeguard our legitimate interests or those of a third party and the interests, fundamental rights and freedoms of the data subject do not override those interests, Art. 6(1)(f) GDPR is the legal basis.
3. Potential recipients of personal data
In order to provide you with our services and offerings, we sometimes use external service providers. They act on our behalf and in accordance with our instructions when providing their services (so-called processors). In the course of providing their services, these service providers may receive personal data or come into contact with personal data. SPRIND ensures that these service providers demonstrate appropriate technical and organizational measures pursuant to Art. 28 GDPR and that processing by them is carried out in such a way that it complies with relevant data protection provisions and that the protection of the rights of data subjects is ensured.
Due to legal requirements, SPRIND may be obliged to make the data we have collected available to public authorities (e.g., tax authorities, the Federal Criminal Police Office, social security authorities). To the extent legally permissible, we also process personal data with cooperation partners.
4. Place of processing of personal data
As a rule, your personal data is processed within the European Union (“EU”) and/or the European Economic Area (“EEA”). However, when certain tools or applications are used, information may be transferred to third countries. Third countries are countries outside the EU and/or the EEA in which an adequate level of data protection in accordance with European requirements cannot automatically be assumed. If the transferred information also includes personal data that cannot be transferred to the recipient in pseudonymized or anonymized form, we ensure that appropriate safeguards are in place. This can be ensured by a so-called “adequacy decision” of the European Commission, by certification under the Data Privacy Framework, or by using the “EU Standard Contractual Clauses” provided by the EU Commission pursuant to Art. 46(2)(c) GDPR. 
5. Data erasure and storage period
We store your data only for as long as is necessary to achieve the purpose of the processing or to fulfill our contractual or legal obligations, or until the legal basis for storage no longer applies.
European or national legislators provide in Union regulations, laws or other provisions that, instead of erasure, storage with restriction of processing is also possible, in particular in cases of:
* fulfilment of statutory retention obligations: Fiscal Code (Sec. 147 AO) or Commercial Code (Sec. 257 HGB), six to ten years;
* existence of a legitimate interest in storage: limitation periods for the purpose of possible legal defense (Secs. 195 et seq. German Civil Code (BGB)), three to 30 years.
At the latest, data will be erased once a statutory retention period prescribed by the aforementioned provisions expires. This does not apply in exceptional cases if further storage by SPRIND is necessary and a legal basis exists for this.
6. Categories of data
We essentially distinguish between the types of personal data concerned as follows:
a. Metadata and log files
These include, for example, your IP address, session ID, the browser type used, the operating system and the time of your request.
b. Masterdata
These are data about you and/or your company that you provide to us, in particular: company, first name, last name, email address and telephone number. 
c. Event and marketing data
In the context of (online) events, we may, for example, receive your master data as well as metadata and log files.
7. Hosting
Our website is hosted by HHEY GmbH & Co. KG, Susannenstraße 21a, 20357 Hamburg. Processing takes place on servers in Germany. When you access our website, the hosting service provider processes server log files for technical reasons (in particular IP address, date and time of access, page/file accessed, status code, volume of data transferred, and information about the browser/operating system used and referrer). Processing takes place for the purpose of providing the website and ensuring stability and security (e.g., error analysis and defense against attacks). The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in secure and efficient website operation). The hosting service provider acts as our processor (Art. 28 GDPR). Processing outside the EU/EEA generally does not take place in the context of hosting, unless stated otherwise. Server log files are stored only for as long as necessary for the purposes stated and are then deleted or anonymized.
8. no obligation
As a rule, you are under no legal or contractual obligation to provide us with your personal data. However, if you do not provide certain required data, we may be able to provide our services only to a limited extent or not at all. You only need to provide the personal data that are required for establishing the relationship.
IV Informational use of the website
1. Type and scope of data processing
Each time our website is accessed, our systems collect data and information from the accessing device that it transmits to us automatically. In particular, the following log files are processed:

* Browser type and browser version
* Operating system used
* Referrer URL
* Hostname of the accessing device
* Date and time of the server request
* IP addresses for backend logs

Information on the processing of other metadata and log files through the use of, for example, Umami, YouTube or social media channels etc. can be found below.

We can only assign these data to you indirectly. These data are not combined with other data sources.
2. Purpose and legal basis of data processing
The temporary storage of the IP address and, where applicable, other log files by the systems each time our websites are accessed is necessary in order to provide the website on your device. The temporary storage is necessary to route communications between users and our services, or is required to enable you to use our services.

The legal bases for this processing—i.e., for the duration of your visit to our website—are Art. 6 (1)(b) and/or (f) GDPR.

Processing and storage of the IP address and log files beyond the communication process take place to ensure the functionality of our services, to optimize these services, and to ensure the security of our information technology systems.

The legal basis for storage of the IP address beyond the communication process for these purposes is Art. 6 (1)(f) GDPR.
3. Duration of storage
The data are stored for as long as necessary to achieve the processing purposes stated above. In the case of collection of data to provide our website, this is the case when the relevant session—i.e., the website visit—has ended.

Storage of log files, including the IP address, for the purposes of system security and optimization of our services takes place for a maximum period of 14 days after the user’s access to the page has ended.
4. Possibility to object
The collection of log files to provide our website, including their storage within the above limits, is absolutely necessary for its operation and the functions provided there. For this reason, you as a user of the website have no possibility to object.

For processing of log files for analysis purposes, different rules may apply. The possibility to object is governed by Section XI. 7 of this Privacy Notice and depends on the web analytics tools used and the type of data analysis (anonymous data / pseudonymized data / personal data).

V. Contacting us via email or contact form
1. Type and scope of data processing
If you contact us via the contact form provided or by email, we will store the data you provide, such as your email address, and, where applicable, your first and last name, your position and company, your telephone number, and details of your request, in order to respond to your questions. The processing serves the purpose of handling your inquiry.
2. zweck und Rechtsgrundlage
The legal bases for processing your personal data for the above purpose are
* as a rule, your consent pursuant to Art. 6 (1)(a) GDPR. You can withdraw the consent you have given us at any time at nfai@sprind.org(mailto:nfai@sprind.org);
* Art. 6(1)(b) GDPR, insofar as contacting us aims at the conclusion or performance of a contract;
* Art. 6(1)(e) GDPR, insofar as contacting us relates, for example, to questions about SPRIND funding opportunities;
* Art. 6(1)(f) GDPR, insofar as contacting us takes place for other purposes. The legitimate interest arises from the necessity of processing your data in order to be able to respond to your inquiry.
If you contact us directly by email, Art. 6(1)(e) and/or Art. 6(1)(f) GDPR is the legal basis for processing your data.
3. Sources of personal data
We process data that you have provided to us via the contact form, by email, by post or by telephone.
4. Storage period
We delete your data if we no longer need it and no statutory retention obligations (ten years pursuant to Sec. 147(1) AO; six years pursuant to Sec. 257(1) HGB) prevent this. As a rule, data are deleted when they are no longer required to respond to the inquiry. If the data can be assigned to a contractual relationship, the retention period depends on the respective term.
5. Possible consequences of not providing the data
There is no legal obligation to provide the data. However, if you choose not to do so, we will not be able to consider your inquiry.
VI. Newsletter
1. Type and scope of processing
You have the option to subscribe to our newsletter on our website, with which we inform you about current developments.
We use the double opt-in procedure to register you for our newsletter. After you have signed up for the newsletter, you will receive an email to the email address provided in which we ask you to confirm the subscription and to confirm that you are the owner of the relevant email address. The link provided is valid for 24 hours. If we do not receive your confirmation within this time, we will block your information and delete it after one month. If you confirm your email address, we store your IP address as well as the time of registration and confirmation in order to be able to prove your registration and to clarify possible misuse of your personal data.
The only mandatory information required to receive the newsletter is your email address. Providing additional personal data, which is separately marked, is voluntary and will be used to address you personally. After you have confirmed your subscription, we will store your email address and, where applicable, any additional voluntary information for the purpose of sending the newsletter and optimising the newsletter service.
2. Purpose and legal basis
To send the newsletter, we require your email address, which we store for this purpose. You may also provide additional data for personalized addressing if you wish.
The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR and, with regard to the storage of information on your terminal equipment and/or access to information already stored on your terminal equipment, Sec. 25(1) TDDDG.
3. Sources of personal data
We process data that you have provided to us via the online form. 
4. Categories of personal data
If you subscribe to our newsletter, we process your email address and, where applicable, other data.
5. Storage period
We store your data until you withdraw your consent.
You can withdraw your consent by clicking the link provided in every newsletter email, by sending an email to nfai@sprind.org(mailto:nfai@sprind.org), or by sending a message to the contact details published above.
6. Possible consequences of not providing the data
There is no legal obligation to provide the data. However, if you choose not to provide your email address, we cannot send you a newsletter.
7. RecipientS
We would like to inform you that our email newsletters are sent via the technical service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede (“CleverReach”), to whom we forward the data provided by users when signing up for the newsletter. A corresponding data processing agreement is in place. The data entered by users for the purpose of receiving the newsletter (e.g., email address) are stored on CleverReach servers in Germany or Ireland. CleverReach uses this information to send the newsletter and to perform statistical analysis of the newsletters on our behalf. For evaluation purposes, the newsletters sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This makes it possible to determine whether a newsletter message was opened and which links were clicked, if any. Technical information is also collected (e.g., time of retrieval, IP address, browser type and operating system).

Using the data obtained in this way, we may create a user profile in order to tailor the newsletter in the future to the interests of newsletter subscribers. In doing so, we record whether and when you read our newsletters and which links you click in these newsletters. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of recipients.

Such tracking is not possible if you have deactivated the display of images by default in your email program. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the tracking described above will take place.
VII. Events | photo and video recordings
We hold events. We need your data in order to organize and conduct the event. Registration generally takes place online. Depending on the event, different data may be required. 
1. Events
a. Type and scope of processing
We process your personal data insofar as this is necessary for the planning and implementation of events as well as for registration and participant management. Processing also serves the purpose of networking participants. 
b. Legal basis
Processing of personal data serves the performance of SPRIND’s tasks (Art. 6(1)(e) GDPR). There is an increased public interest in receiving information about the content of the event, the participating persons and the framework conditions. If you participate in an event as a speaker, for example, the legal basis is the contract and/or pre-contractual measures relating to the organization of an event and/or participation in an event pursuant to Art. 6(1)(b) GDPR.
c. Sources of personal data
We process data that you have provided to us via the online form.
d. Categories of personal data
If you register with us for an event, we process your contact details.
e. Storage period
With regard to processing based on Art. 6(1)(e) GDPR, you have the right to object at any time under Art. 21(1) GDPR on grounds relating to your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
In the case of consent, we store your data until you withdraw your consent. You can withdraw your consent by email to nfai@sprind.org(mailto:nfai@sprind.org) or by sending a message to the contact details published above.
f. Possible consequences of not providing the data
There is no legal obligation to provide the data. However, if you choose not to provide the mandatory information required for the event, we cannot register you for the event.
g. Luma – transfer of data to a third country
We use the event management service of Luma Labs, Inc., 3340 Hillview Ave, Palo Alto, CA, 94304, USA (“Luma”) to optimize the preparation and implementation of events. Using Luma makes it possible to reach people better and for our events to be found more quickly and easily. When using Luma, the data you provide to us via the online form are processed. The permissibility of this processing is based on Art. 6(1)(e) GDPR (legitimate interest) or serves (pre-)contractual measures, Art. 6(1)(e) GDPR.

Data is also transferred to the USA. The transfer of data to a third country, such as the USA, is permissible under the conditions of Art. 46 GDPR and on the basis of the standard contractual clauses agreed with Luma. These have been approved by the European Commission and guarantee an adequate level of protection for your personal data. You can access the standard contractual clauses on the European Commission’s website(https://commission.europa.eu/publications/publications-standard-contractual-clauses-sccs_de)).
You can find Luma’s privacy policy at: https://luma.com/privacy-policy(https://luma.com/privacy-policy). There you will also find further information about your rights and settings options for protecting your privacy.
2. Film and photo recordings
Film and photo recordings are regularly made at our events. We use them to document and present the event to the public. The recordings we make may be published both in print and in digital form, e.g., on websites, in press and event formats, and on social media.

We organize events that have public impact. The processing of film and photo recordings serves the performance of SPRIND’s tasks (Art. 6(1)(e) GDPR). There is an increased public interest in receiving information about the content of the event, the participating persons and the framework conditions. As a rule, both group and individual recordings are made. As a participant, you can leave the recording area at any time.

With regard to the processing of your film and/or photo recordings and their publication in print and online as well as on social media, and with regard to other processing on the legal basis of Art. 6(1)(e), (f) GDPR, you have the right to object at any time under Art. 21(1) GDPR on grounds relating to your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If you participate in the event as a speaker and/or contribute to its implementation and, where applicable, portrait photos of you are taken, the legal basis for the processing of your personal data for the purposes mentioned above is your consent pursuant to Art. 6(1)(a) GDPR and Art. 7 GDPR. You can withdraw your consent with effect for the future at nfai@sprind.org(mailto:nfai@sprind.org).

Film and photo recordings will generally be processed for as long as necessary for the documentation of the event and for public relations purposes. 
VIII. Social Media
As part of our public relations work, SPRIND maintains online presences within the following social networks:
* X, operated by X Corp., 1355 Market Street, Suite 900 San Francisco, CA 94103, USA, with a branch office at One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland
* LinkedIn, operated by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland),
* Instagram, operated by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland),
* YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, USA,
in order to inform users active there about SPRIND and to engage in an exchange with users. The references are identifiable on our website, among other things, by links to our presence on the respective social networks.
No social plugins are used.
We would like to point out that the terms of use of the services mentioned and linked on our website, and those of their operators, are not subject to SPRIND’s control and that you use them at your own responsibility. These services and their operators store and process personal data of their users (including IP address, the application used, details of the device you use including device ID and application ID, information about websites accessed, your location and your mobile network provider).
The data collected about you when using the services are processed in accordance with their own policies and may be transferred to countries outside the European Union. If you have created an account/profile, these data are assigned to the data of your respective account/profile. SPRIND has no influence on data collection and the further use of the data by the social networks. Therefore, we have no knowledge of the extent, location and duration of data storage, the extent to which the networks comply with existing deletion obligations, what evaluations and links are made with the data, and to whom the data are disclosed.
Please refer to the respective privacy notices for information about your rights and settings options for protecting your privacy:
* https://x.com/de/privacy(https://x.com/de/privacy)
* https://www.linkedin.com/legal/privacy-policy(https://www.linkedin.com/legal/privacy-policy)
* https://help.instagram.com/581066165581870/?helpref=hc_fnav(https://help.instagram.com/581066165581870/?helpref=hc_fnav)
* https://policies.google.com/privacy?hl=de&gl=de(https://policies.google.com/privacy?hl=de&gl=de)
The services disclose your personal data to their processors and third-party service providers, some of whom are located outside the European Economic Area (EEA). These process the personal data obtained in this way for their own purposes, e.g., analysis and marketing, and your usage behavior on external and their own websites of third-party providers. Profiling cannot be excluded either.
The personal data collected from you and data from third-party providers are transmitted to servers that are mostly located in the USA. If the service is certified under the Data Privacy Framework, transfer of data to the USA can be based on the agreement.
The following services we use are certified:
* X Corp.
* LinkedIn
* Meta
* Google
Nevertheless, it cannot be ruled out that US security authorities vested with extensive powers may access your personal data at any time and without cause. This applies even if the servers are located in Europe. You have no effective legal remedies against this.
You can restrict the processing of your data in the general settings of your user accounts. In addition, on mobile devices you can restrict the services’ access to contact and calendar data, photos, location data, etc. in the settings options there. However, this depends on the operating system used.
IX. USE of Cookies
We use cookies on our website. Cookies are small text files that are assigned and stored on your hard drive by the browser you use via a characteristic string of characters and through which certain information flows to the entity that sets the cookie. Cookies cannot run programs or transmit viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offering overall more user-friendly and effective, i.e., more pleasant for you.
Cookies may contain data that make it possible to recognize the device used. However, some cookies only contain information about certain settings that are not personally identifiable. Cookies cannot directly identify a user.
A distinction is made between session cookies, which are deleted when you close your browser, and persistent cookies, which are stored beyond the individual session. With regard to their function, cookies are further distinguished between:
* Technical cookies: These are strictly necessary to navigate the website, use basic functions and ensure the security of the website; they neither collect information about you for marketing purposes nor store which websites you have visited;
* Performance cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur when using the website; they do not collect any information that could identify you – all collected information is anonymous and is only used to improve our website and to find out what interests our users;
* Advertising cookies, targeting cookies: These serve to offer the website user advertising tailored to their needs on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
* Sharing cookies: These serve to improve the interactivity of our website with other services (e.g., social networks); sharing cookies are stored for a maximum of 13 months.
By using cookies, we ensure that our website functions properly. In addition, this enables us to optimize the website experience. These are the purposes of the data processing.
Any use of cookies that is not strictly technically necessary constitutes data processing that is permitted only with your consent pursuant to Art. 6(1)(a) GDPR. This applies in particular to the use of advertising, targeting or sharing cookies.
These cookies are not used on our website; we use only technically necessary cookies.
X. Analytics tool
We use “UMAMI” on our website, an open-source software by Umami Software, Inc., Delaware, USA, for the statistical evaluation of visitor access. Based on the statistics obtained, we can improve our offering and make it more interesting for you as a user. We use Umami because we explicitly want to avoid the otherwise common external analysis through Google Analytics.

Using Umami, we analyze where visitors to our website come from, which content is relevant to you, and where there may be problems on our website. We do not monitor our users as identifiable persons. All data, including the IP address, are stored exclusively in anonymized form.

We operate Umami in a version that does not require cookies. No Umami cookies are stored on your computer for the purpose of web analysis. For the analysis of website usage, your IP address and information such as timestamps, visited web pages and your language settings are collected. We store the information collected in this way on our server.

Due to the purposes described, the legal basis for the processing of personal data is Art. 6(1)(f) GDPR.

Further information on Umami’s terms of use and data protection provisions can be found at: https://umami.is/privacy(https://umami.is/privacy). 
XI. RIGHTS OF THE DATA SUBJECTS
The GDPR grants you, as a data subject, certain rights in relation to your personal data. These include:
1. Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed. If so, you have the right of access to this personal data and to the information listed in detail in Art. 15 GDPR.
2. Right to rectification (Art. 16 GDPR)
You have the right to request without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete data.
3. Right to erasure (Art. 17 GDPR)
You have the right to request that personal data concerning you be erased without undue delay, provided that one of the grounds listed in detail in Art. 17 GDPR applies.
4. Right to restriction of processing (Art. 18 GDPR)
You have the right to request restriction of processing if one of the conditions set out in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the controller’s assessment.
5. Right to data portability (Art. 20 GDPR)
In certain cases listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and/or to request the transmission of this data to a third party.
6. Right to withdraw consent (Art. 7 GDPR)
Where processing is based on your consent, you are entitled under Art. 7 (3) GDPR to withdraw your consent to the use of your personal data at any time. Please note that the withdrawal only takes effect for the future. Processing that took place before the withdrawal is not affected.
7. Right to object (Art. 21 GDPR)
WHERE DATA ARE COLLECTED ON THE BASIS OF ART. 6 (1) (F) GDPR (PROCESSING TO SAFEGUARD LEGITIMATE INTERESTS) OR ON THE BASIS OF ART. 6 (1) (E) GDPR (PROCESSING IN THE PUBLIC INTEREST OR IN THE EXCERCISE OF OFFICIAL AUTHORITY), YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO SUCH PROCESSING. UNLESS COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING CAN BE DEMONSTRATED THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS, WE WILL NO LONGER PROCESS THE PERSONAL DATA.
8. Complaint to a supervisory authority
You also have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. The supervisory authority responsible for us is:
The Federal Commissioner for Data Protection and Freedom of Information (“BfDI”) Graurheindorfer Str. 153, 53117 Bonn

Telephone: +49(0)228 997799-0
Email: poststelle@bfdi.bund.de
De-Mail: poststelle@bfdi.de-mail.de
Contact: https://www.bfdi.bund.de/DE/Service/Kontakt/kontakt_node.html?logoutReason=restricted(https://www.bfdi.bund.de/DE/Service/Kontakt/kontakt_node.html?logoutReason=restricted) 
Note: However, you may also lodge your complaint with any other supervisory authority.
9. Exercising your rights
Unless otherwise stated above, please contact the body named in Section I to exercise your data subject rights.
10. Processing when exercising your rights
If you wish to exercise your rights under Articles 15 to 22 GDPR, we will process the personal data you provide to implement these rights and to be able to provide evidence thereof. We will process the data stored for the provision of information and preparation exclusively for this purpose and for purposes of data protection control, and otherwise restrict the processing in accordance with Art. 18 GDPR.