Privacy information

Privacy information


We, Sapera GmbH, would like to use this website to draw attention to our services and offers.

The purpose of processing personal data on this website is primarily in the area of customer acquisition and marketing.

Furthermore, measuring usage-related metrics is necessary to enable the smooth provision and improvement of our services and to ensure the optimization and management of technical and financial resources. We want to offer you a pleasant, safe and trouble-free use of our services.

Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services, and to enable you to enjoy and easily navigate our Services.


The protection of your personal data is very important for us. This privacy notice provides information about how your personal data is processed by us when you visit and use our Website sapera.com, you apply for a job with us or you want to be included in our freelancer pool.

Furthermore, this privacy notice contains general information about your rights in connection with the processing of your personal data.

Sapera GmbH processes your data in accordance with the data protection provisions of the German Federal Data Protection Act ("BDSG") in the version that came into force on May 25, 2018, and the Regulation (EU) 2016/679 (hereinafter "GDPR").

If you have any questions or concerns after reading this privacy information, please contact our data protection team at dst@sapera.com.

Responsibilities and contact details

The data controller, i.e., the person responsible for processing your personal data is:

‍Sapera GmbH
Haus Cumberland
Kurfürstendamm 194
10707 Berlin, Germany
‍Represented by the managing director: Christopher Wynes
Phone: +49 30 22 18 36 80
Email: info@sapera.com
Website: sapera.com

Our data protection officer is available by email at: ‍privacy@sapera.com.

Processing of personal data

Depending on the reason for which you interact with us, we process different types of personal data.

Online Services

When you use this website we process different types of your personal data for different reasons.

Processing purposes

Delivering our website to your computer

  • ensuring a smooth connection setup to the website

  • deliver the content of our website properly and in a visually appealing design

  • provide enhanced media like video and 3D objects

  • allow sharing of the content on our website in a user-friendly way

Collection of contact data of interested parties

  • To send you further information about our services

  • To contact us to discuss your individual needs

  • For the initiation of contracts

Collecting usage data about the way you interact with our service

  • ensuring easy use of our website

  • optimise the content of our website

  • ensure the long-term viability of our information technology systems and website technology

Collecting error reports and data on crashes

  • evaluation of system security and stability

  • clarification of any improper page access (DoS/DDoS attacks, etc.)

  • when necessary, provide law enforcement authorities with the information required for criminal prosecution in case of a cyber attack

  • as well as further administrative purposes, e.g. cost optimisation

Legal bases for processing

Visit to the website

The legal basis for the processing of personal data is Article 6 (1), sentence 1, lit. f, GDPR, our legitimate interest.

We have a legitimate interest in technically enabling you to access and use our website. We also need to ensure that misuse is prevented and that safe use is guaranteed for our visitors.

Sending the contact form

The legal basis is on the one hand Article 6 (1), sentence 1, lit. b, GDPR, as the contact serves to initiate a contract, furthermore Article 6 (1), sentence 1, lit. a, GDPR, as you give your consent to be contacted by us by sending the contact form.

You can, of course, revoke this consent at any time by informing us of this using the contact details provided.

Evaluation of the use

The legal basis for processing personal data to evaluate the use of this website is Article 6 (1), sentence 1, lit. a, GDPR. as we ask your for your consent for web analytics when you come to our website.

Furthermore, we do have a legitimate interest in the usage of our online services in the sense of Article 6 (1), sentence 1, lit. f, GDPR because only through usage analysis it's possible for us to evaluate how effectively we use our marketing budget. Additionally, it is important for us to know how the website is used so that we can improve and optimize it.

Data storage and deletion

We do not keep your personal information for longer than necessary for the purposes for which we collected it. In some cases, it might be possible that we keep your information for a longer period for historical, statistical or scientific purposes with the appropriate safeguards in place.


In accordance with the requirements of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of personal data provided by you as part of the application process and, if applicable, collected by us, and your rights in this regard. To ensure that you are fully informed about the processing of your personal data as part of the application process, please take note of the information below.

Purposes of processing and types of personal data

We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process.

Legal bases for processing

The primary legal basis for processing your personal data in this application procedure is Section 26, BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

Should the data be required for legal prosecution after completion of the application procedure, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Article 6 (1), sentence 1, lit. f, GDPR. Our interest then consists in the assertion or defense of claims.

Data storage and deletion

Data of applicants will be deleted after 6 months in case of rejection.

In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.

If you have been awarded a position during the application process, the data will be transferred from the applicant data system to our HR information system.

Recipient of the data

We use a specialized software provider for the application process. This provider acts as a service provider for us and may also become aware of your personal data in connection with the maintenance and servicing of the systems. We have concluded a so-called order processing agreement with this provider, which ensures that the data processing is carried out in a permissible manner.

Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. The further procedure is then coordinated. As a matter of principle, only those persons in the company have access to your data who require it for the proper conduct of our application process.

Freelancer Pool

For our projects, we are looking for project-related freelancers and offer them to be included in our "Freelancer Pool".

Purposes of processing and types of personal data

The application documents for the Freelancer Pool will be processed solely in the context of future project inquiries.

We process the data necessary to check a suitability for project participation ("portfolio", work samples, CV, website) as well as contact data (name, email, phone number).

Legal bases for processing

The processing is based on your consent within the meaning of Article 6 (1), sentence 1, lit. b. and Art. 7 GDPR. Consent for inclusion in the freelancer pool is voluntary and no claim for actual employment is derived from it. Furthermore, you can revoke your consent at any time for the future, as well as declare your objection within the meaning of Art. 21 GDPR.

Data storage and deletion

After 14 months, we will contact you to inquire whether the storage in the freelancer pool should be maintained. If there is no active consent within one month, we will delete all personal data.

Transfer of personal data to other companies and countries

To deliver the experience we want you to have, we rely on the services of special providers that are experts in their dedicated area.

That means that data is transferred abroad, including to countries outside the European Union or the European Economic Area. An adequate level of data protection is ensured by either working with companies that are from countries with an adequate level of data protection as required by Article 45 (1), GDPR or by using the EU standard contractual clauses laid down by the EU Commission within the meaning of Article 46 (2), lit. c, GDPR.

List of sub-processors

Amazon Web Services

This website is hosted by Amazon Web Services (AWS) and the data collected on our website is therefore processed on the servers of that service provider. We generally use servers located in Germany, but other servers in other European and non-European countries may also be used.


If you take advantage of our integrated appointment service ("ScheduleOnce") your personal data will be processed by OnceHub.

Google Meet

We use this service for virtual client meetings.

Google Maps

We have an integrated map from Google Maps to show the location of our office.

Mailchimp / Mandrill

Emails and Newsletters are processed by Mailchimp.

Your legal rights in relation to personal data

If you are in the European Economic Area (EEA) you have the following rights:

  • Access:

    You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us using the contact details provided below.

  • Objecting: 

    In certain circumstances, you also have the right to object to the processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us via Email.

  • Portability:

    You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.

  • Deletion: 

    You have the right to request that we delete personal data that we process about you unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.

  • Withdrawing Consent:

    If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt-out from marketing messages that you receive from us.

  • Complaints:

    If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, in our case the State Representative for Data Protection of the State of Berlin, or to seek a remedy through the courts.

You can exercise the above rights, where applicable by contacting the data protection team. We will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected. This is to ensure that your personal data is disclosed only to you.

Further business

Protecting your personal information

Sapera GmbH is committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your personal information is stored on secure servers that have SSL Certificates issued by leading certificate authorities, and all data transferred between you and the service is encrypted.

Automated decision-making

We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.

Changes to this Privacy Notice

We may update our Privacy Information from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. We will notify you of any changes by posting the new Privacy Notice on this page and update the "effective date" at the top of this Privacy Notice.

The first version of this Privacy Notice was issued in October 2020. Please check back frequently to see any updates or changes.

Effective date: February, 2021


How can we create the place that makes complexity work?

We write about it in our newsletter. You’ve heard it here first!

© 2021 Sapera GmbH