Calling Developers!
We are reenergizing our code contribution process! Learn More

Privacy Policy

Guido X Jansen
Guido X Jansen Global Business & Technology Evangelist Sprykee Posts: 415 ⚖️ - Guardians (admin)

1. Controller and Data Protection Officer

Controller: Spryker Systems GmbH, Heidestraße 9-10, 10557 Berlin, Germany, dataprotection@spryker.com („Spryker“)

Data Protection Officer: JENTZSCH IT Rechtsanwaltsgesellschaft mbH, Alsterarkaden 13, 20354 Hamburg, Germany, mail@jentzsch-it.de 

2. Processing Activities and Legal Bases

Spryker provides a platform to its community (the “Spryker Community”) under (the “Spryker Community Platform” aka "CommerceQuest"). Spryker processes the email address, username, first name, company, password, reason for wish to join the Spryker Community and other information provided by a user when personalizing their profile to allow registration, provide the Spryker Community Platform properly and to manage user profiles in the Spryker Community Platform. This processing is based on Art. 6 para. 1 lit. b GDPR (performance of a contract). 

Spryker processes the content of postings of users (including analyzing it) based on Art. 6 para. 1 lit. b GDPR (performance of a contract) as part of hosting and managing the platform. 

If applicable, Spryker also transfers content from the previous Slack community to the Spryker Community Platform and may merge it with the profiles and content there. This processing of personal data is based on Art. 6 para. 1 lit. f GDPR (legitimate interest) and each respective user is given the option to object to the transfer of content connected to them. 

Spryker also connects a user’s profile to other Social Media profiles of a user if the user interacts with Spryker using these Social Media Profiles. This processing is based on Art. 6 para. 1 lit. b GDPR (performance of a contract). 

3. Recipients

Spryker shares the above data with Vanilla, Inc., which is the vendor providing the platform infrastructure. Vanilla, Inc. is acting as Spryker’s processor and thus covered by a data protection agreement.

Spryker may share contact data and information on a user’s Social Media profile with a community profile enrichment vendor (by way of instructing Social Media providers accordingly). Such a vendor would be acting as Spryker’s processor and thus covered by a data protection agreement.

Spryker may share names, email addresses and company details with vendors managing contact data. If Spryker does this, this is covered by a data protection agreement.

Spryker may share content posted in the Spryker Community Platform with third party providers of communication bots or other AI features for community management. Such third parties will be covered by a data protection agreement.

4. Data Transfer

If Spryker transfers personal data to a third country, Spryker uses standard contractual clauses to protect the transfer.

5. Data Retention

Personal data will be deleted once not required any longer for the described purposes and there is no legal obligation to retain it.

6. Rights a User

Data subjects have the following rights under the GDPR:

  • Right to withdraw consent (Art. 7);
  • Right of access (Art. 15);
  • Right of rectification (Art. 16);
  • Right of erasure (Art. 17);
  • Right of restriction of data processing (Art. 18);
  • Right to data portability;
  • Right to object (Art. 21).

 If you want to object to Spryker processing your personal data based on Art. 6 para. 1 lit. f GDPR, please reach out to Spryker using dataprotection@spryker.com.

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

Also see our Community Terms.