part of Startup Factory

Legals

Privacy policy

Introduction

 

Thank you for your interest in the KIT-Gründerschmiede.

 

Data protection is of particular importance to us as the operator of this site. We take the protection of your personal data very seriously.

 

The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. Personal data comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.

 

Our website can be used without any indication of personal data; however, if a data subject wants to use special services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

 

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to the website.

 

By means of this data protection declaration, we would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

 

As the controller, the KIT-Gründerschmiede has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

 

The following information will provide you with an overview of how we process your personal data and your rights under data protection law. According to Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.

 

1. Data protection at a glance

 

General information

 

The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term ‘personal data’ comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.

 

Data collection on this website

 

Who is the responsible party for the recording of data on this website (i.e. the ‘controller’)?

 

The data processing on this website is carried out by the website operator. The operator’s contact details can be found in the ‘Information about the responsible party’ section of this data protection declaration.

 

How do we collect your data?

 

On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example. Other data is collected by our IT systems automatically or with your consent when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

 

What do we use your data for?

 

Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyse your user behaviour. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders or other order requests.

 

What rights do you have regarding your data?

 

You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request that the processing of your personal data be restricted under certain circumstances. Furthermore, you have the right to appeal to the relevant regulatory authority. You can contact us at any time regarding this and other questions on the subject of data protection.

 

Analysis tools and tools from third-party providers

 

When you visit this website, your surfing behaviour may be statistically evaluated. This is done primarily with so-called analysis programs. You can find detailed information about these analysis programs in the following data protection declaration.

 

2. Hosting

 

We host the contents of our website with the following provider:

 

Mittwald

 

The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter Mittwald).

For details, please refer to Mittwald’s privacy policy: https://www.mittwald.de/datenschutz.

 

The use of Mittwald is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

 

3. general information and mandatory information

 

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to provide complete protection of data against access by third parties.

 

Note on the responsible body

 

Responsible for data processing within the meaning of the DS-GVO (Art. 4 No. 7) and other data protection regulations is:

Karlsruhe Institute of Technology (KIT)

Kaiserstraße 12
76131 Karlsruhe
Phone: +49 721 6080
Fax: +49 721 608-44290
E-mail: info@kit.edu

 

The responsible body is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

 

The Karlsruhe Institute of Technology is a public corporation. It is represented by the respective president. You can contact our data protection officer at dsb@kit.edu or at the postal address with the addition ‘The Data Protection Officer’.

 

Type and manner of data processing

 

  1. Scope and purpose: We process the personal data that you provide during our discussions and the data from the relevant documents and forms that you have provided to the relevant potential sponsors when applying for funding for the purpose of supporting you in setting up your business and providing you with advice.
  2. Recipients: At KIT, only the employees of the Innovation and Relations Management (IRM), Legal Affairs (RECHT), Human Resources (PSE) and Financial Management (FIMA) service units who are responsible for this have access to the above-mentioned documents. In addition, documents are submitted to potential sponsors for the purpose of evaluating your application and are processed there under their responsibility.
  3. Legal basis: The legal basis for the processing is Art. 6 Para. 1 lit. e, Para. 3 DS-GVO in conjunction with § 12 Para. 3 LHG and the currently valid statutes.
  4. Storage duration: The KIT processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of the storage or if this is provided for by the European directive and regulation giver or another legislator in laws or regulations to which the KIT is subject. If the purpose of storage no longer applies or if a storage period prescribed by the European directive and regulation giver or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions. In accordance with Article 5(1)(e) of the GDPR in conjunction with Section 8(2) in conjunction with Sections 3 and 2 of the State Archives Act (LArchG), the data may be taken over by the responsible university archive and stored there for an unlimited period of time.

Your rights

 

With regard to your personal data, you have the following rights in relation to us:

 

  • Right to withdraw your consent with effect for the future, provided that the processing is based on consent in accordance with Article 6(1)(1)(a) of the GDPR (Article 7(3) of the GDPR)
  • Right to confirmation as to whether or not personal data concerning you are being processed and information about the personal data undergoing processing, further information about the data processing and copies of the data (Article 15 GDPR)
  • Right to rectification or completion of inaccurate or incomplete personal data (Article 16 GDPR)
  • Right to erasure of personal data concerning you without undue delay (Article 17 GDPR)
  • Right to restriction of processing (Article 18 of the GDPR)
  • Right to receive the data in a structured, commonly used and machine-readable format, provided that the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) (Article 20 of the GDPR)
  • Right to object to the future processing of data concerning you, provided that the data is processed in accordance with Article 6(1)(e) or (f) of the GDPR (Article 21 of the GDPR)

 

You also have the right to complain to the supervisory authority about the processing of your personal data by the KIT (Article 77 of the GDPR). The supervisory authority within the meaning of Article 51(1) of the GDPR for the KIT is, in accordance with Section 25(1) of the State Data Protection Act (LDSG): the State Commissioner for Data Protection and Freedom of Information for Baden-Württemberg (https://www.baden-wuerttemberg.datenschutz.de/).

 

Storage period

 

Unless a more specific storage period has been specified in this data protection declaration, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert an authorised request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons no longer apply.

 

General information on the legal basis for data processing on this website

 

If you have consented to the data processing, we process your personal data on the basis of Art. 6 (1) point a GDPR or Art. 9 (2) point a GDPR, insofar as special categories of data are processed pursuant to Art. 9 (1) GDPR. In the case of express consent to the transfer of personal data to third countries, the data processing is also carried out on the basis of Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information in your terminal device (e.g. via device fingerprinting), the data processing is also carried out on the basis of § 25 (1) TDDDG. You can revoke your consent at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. Furthermore, we process your data if it is required for the fulfilment of a legal obligation on the basis of Article 6(1)(c) of the GDPR. Furthermore, data processing can be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. The following paragraphs of this data protection declaration provide information about the relevant legal bases in each individual case.

 

Recipients of personal data

 

As part of our business activities, we work together with various external parties. In some cases, personal data also has to be transmitted to these external parties. We only pass on personal data to external bodies if this is necessary in order to fulfil a contract, if we are legally obliged to do so (e.g. passing on data to tax authorities), if we have a legitimate interest in the disclosure in accordance with Art. 6 (1) point f GDPR or if another legal basis permits the data disclosure. When using processors, we only pass on our customers’ personal data on the basis of a valid contract for order processing. In the case of joint processing, a contract for joint processing is concluded.

 

Revocation of your consent to data processing

 

Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. The legality of the data processing carried out up to the point of revocation remains unaffected by the revocation.

 

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

 

If data processing is carried out on the basis of Art. 6 (1) lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis for processing can be found in this data protection declaration. If you file an objection, we will no longer process your personal data concerned unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims (objection according to art. 21 para. 1 DSGVO).

 

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be processed for direct marketing purposes (objection pursuant to Article 21(2) GDPR).

 

Right of appeal to the competent supervisory authority

 

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal exists regardless of other administrative or judicial remedies.

 

Right to data portability

 

You have the right to have data which we process based on your consent or in fulfilment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

 

Information, correction and deletion

 

Within the scope of the applicable legal provisions, you have the right to request information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct or delete this data. You can contact us at any time if you have further questions about personal data.

 

Right to restriction of processing

 

You have the right to request the restriction of the processing of your personal data. You can contact us at any time regarding this. The right to restriction of processing applies in the following cases: If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data. If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of deletion. If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.

 

If you have objected to processing pursuant to Article 21(1) GDPR, your rights and our rights will have to be weighed against each other. While it is not yet clear whose interests prevail, you have the right to demand a restriction of the processing of your personal data.

 

If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

 

SSL or TLS encryption

 

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the orders or inquiries you send to us as the site operator. You can recognise an encrypted connection by checking whether the address line of the browser switches from ‘http://’ to ‘https://’ and also by the appearance of the lock icon in the browser line.

 

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

 

Objection to advertising e-mails

 

We hereby object to the use of contact data published in accordance with the imprint obligation to send unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example by spam e-mails.

 

4. data collection on this website

 

Cookies

 

Our Internet pages use so-called ‘cookies’. Cookies are small data packages and do not cause any damage to your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser. Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services). Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies may be used to evaluate user behaviour or for advertising purposes. Cookies that are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g. the shopping cart function) or those that are necessary for the optimisation of the website (e.g. cookies that provide measurable insights into the web audience) (necessary cookies) shall be stored on the basis of Art. 6 Sect. 1 lit. f GDPR, unless a different legal basis is cited.

 

The website operator has a legitimate interest in the storage of cookies necessary for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG); the consent can be revoked at any time.

 

You can adjust your browser settings so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies for specific cases or generally exclude them, and activate the automatic deletion of cookies when closing the browser. If you disable cookies, the functionality of this website may be limited.

 

This data protection declaration explains which cookies and services are used on this website.

 

Server log files

 

The website provider automatically collects and stores information that your browser automatically transmits to us in ‘server log files’. These are:

 

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

 

These data will not be combined with data from other sources.

 

This data is recorded on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

 

Contact form

 

If you send us enquiries using the contact form, the information you provide in the enquiry form, including the contact details you provide, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

 

The processing of these data is based on Art. 6 para. 1 lit. b DSGVO, insofar as your request is related to the fulfilment of a contract or is required for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO), provided that this has been requested; the consent can be revoked at any time.

 

The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g. after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions – in particular retention periods.

 

Request by e-mail, telephone or fax

 

If you contact us by email, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

 

The processing of these data is based on Art. 6 para. 1 lit. b GDPR, provided that your request is related to the execution of a contract or is required for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO), provided that this has been requested; the consent is revocable at any time.

 

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have finished processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

 

5. analysis tools and advertising

 

Matomo

 

This website uses the open-source web analysis service Matomo.

 

With the help of Matomo, we are able to collect and analyse data about how our website is used by visitors. This enables us, among other things, to find out when which pages were viewed and from which region they come. In addition, we collect various log files (e.g. IP address, referrer, browser and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

 

This analysis tool is used on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns to optimise the operator’s web offerings and advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

 

6. newsletter

 

Newsletter data

 

If you wish to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

 

The processing of the data entered into the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example by clicking on the ‘Unsubscribe’ link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose for which it was stored no longer applies. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO.

 

Data that we have stored for other purposes remains unaffected. After you have been removed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

 

Source: https://www.e-recht24.de