Privacy policy

Name and address of the responsible

The responsible within the meaning of the general data protection regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is the:

Patch & Sparks GmbH
Otto-Hesse-Straße 19
64293 Darmstadt
Hessen Deutschland
Tel.: 00 49 6151 73475966

General information about data processing

Scope and purpose of processing of personal data

In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

Legal basis for data processing

Processing of your personal data is based on the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

If you have given your consent to the processing of personal data for specific purposes, the legal basis for processing of personal data is Art. 6 (1)(a)GDPR. You can withdraw your consent at any time. Please remember that the withdrawal is only effective for the future. Processing based on consent before its withdrawal is not affected.

Processing of personal data in the context of the performance of a contract to which you are a party or in order to take steps prior to entering a contract at your request is based on Art. 6 (1)(b)GDPR. The purposes of data processing are governed by the respective contract documents and the subject matter of the contract.

If processing of personal data is necessary to comply with a legal obligation to which we are subject, Art. 6 (1)(c)GDPR serves as a legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by Patch & Sparks or by a third party (e.g. to establish or defend legal claims; to ensure IT security; to prevent crimes; to conduct business and to further develop services and products) and if your interests, fundamental rights and freedoms as data subject do not override the aforementioned interest, Art. 6 (1)(f)GDPR serves as the legal basis for processing.

Data erasure and retention period

We process and store your personal data for as long as this is necessary to satisfy the respective purpose. In addition, such storage may take place in order to comply with a legal obligation by Union or Member State law, regulation or other provision to which we as controller are subject. If the data is no longer necessary or if a retention period prescribed by the aforementioned laws has expired, your data will be erased on a regular basis.

Transfer of personal data to a third country or to an international organization

A transfer of data to countries outside the EU/EEA (so-called third countries) will only take place as it is necessary or required by law, you have given your consent or as part of data processing by a processor. If service providers in third countries are deployed, in addition to written instructions, they are required to comply with data protection standards in Europe by agreeing on the EU standard contractual clauses.

IT security and links to third party websites

Patch & Sparks uses technical and organisational security measures to protect your data that we manage against accidental or intentional destruction, manipulation, loss or access by unauthorised persons. These safeguards are constantly being developed in accordance with the respective new technical possibilities.

Our websites may contain links to the websites of other providers. Our Privacy Policy does not apply to these websites.

Obligation to provide personal data

While entering into a contract, you must provide the personal data that is necessary to establish, implement and terminate the contract and to satisfy the resulting duties or that Patch & Sparks must collect due to legal provisions. Without these data no contract with Patch & Sparks can be concluded.

If we provide you with offers and services on this website that you can voluntarily use, there is no duty to provide your data to us, but without your personal data, you may not be able to use our offers and services.

Sources of data

We use data that we receive from you.

Data processing for the provision of the website and the creation of log files

By default, when you visit our website, our web servers obtain and collect the name of your Internet service provider, your IP address, the website from which you are visiting us, the websites you visit on our website, and the date and duration of the visit. This data is stored in the log files of our systems. However, the use of the IP address is limited to the technically necessary extent and is abbreviated and therefore used only anonymously, so that it is not possible to assign the IP address to a user. The data is not merged with personal data.

The legal basis for the temporary storage of data is Art. 6 (1)(f)GDPR.

The temporary storage of the abbreviated IP address by our systems is technically necessary to display the website to your terminal device. Storage in log files is done to ensure the functionality of the website. Data is not being analysed for marketing purposes in this context. For these purposes, we have legitimate interest in processing of data according to Art. 6 (1)(f)GDPR. The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no possibility for you as a user to object to such processing.

Data processing in respect of services offered on the website

On our website various services are offered, for the use of which we request personal data from you. In this context, it is always optional for you to provide us with personal data.

Use of our contact and request forms

The website has contact and request forms that can be used to contact us electronically. To use the contact forms, you must fill mandatory information in the respective input mask marked by an asterisk (e.g. your e-mail address). All other information is optional for you. This personal data will be sent to a department of our company that is responsible for processing and stored in our systems. At the time of sending your message, the date and time of the entry will be saved. We will obtain your consent for processing of the data during the inquiry process. The data filled in the input mask will be used exclusively to process your inquiry. The legal basis for the processing of your personal data is Art. 6 (1)(a)GDPR. The data will be erased as soon as the communication process is completed. You have the right withdraw your consent to the processing of personal data at any time to by sending an e-mail to In this case, all personal data stored as part of the contact will be deleted with effect for the future. Depending on the time of your withdrawal, we may not be able to answer your request.

Your rights as data subject

If your personal data is being processed, you are the data subject pursuant to the GDPR and you have the following rights:

1. Right of access (Art. 15 GDPR)

Upon request you can obtain from us confirmation from us as to whether or not your personal data is being processed by us. If this is the case, you can request us to give you access to the information provided for by law (see Art. 15 (1)GDPR). We will also notify you of appropriate safeguards pursuant to Art. 46 GDPR in the context of data transfer, in case your personal data is being transferred to a third country or to an international organisation. There are restrictions according to Sections 34 and 35 BDSG.

2. Right to rectification (Art. 16 GDPR)

You have a right to rectification and/or completion if the processed personal data is inaccurate or incomplete. We have to rectify the data without due delay.

3. Right to restriction of processing (Art. 18 GDPR)

Provided that the legal requirements are met (see Art. 18 (1)GDPR), you have the right to restrict processing of your personal data. For consequences of the restrictions please refer to Art. 18(2) and (3) GDPR .

4. Right to erasure (Art. 17 GDPR)

You have the right to demand from us erasure of your personal data without undue delay, and we are obliged to immediately erase this data if any of the reasons pursuant to Art. 17 (1)GDPR applies. The right to erasure does not apply in cases of Art. 17 (3)GDPR. Furthermore, there are restrictions pursuant to Sections 34 and 35 BDSG.

5. Right to notification

If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to notify each recipient to whom the personal data have been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. We have to inform you about those recipients upon your request.

6. Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format. For details please refer to Art. 20 GDPR.

7. Right to object (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data that is based on Art. 6 (1)(e) or (f)GDPR on grounds relating to your particular situation. Further details can be found in Art. 21 GDPR. In addition, you have a right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR in conjunction with Section 19 BDSG.

Last update: 25.05.2018

Responsible office: Patch & Sparks GmbH