Privacy policy of ekipa GmbH

 

This privacy statement of ekipa GmbH (hereinafter also referred to as “we”, “us” or “ekipa”) explains the type, scope and purpose of the processing of personal data within our online offering.

The German text of the contract shall prevail. The purpose of the contract in English is merely to simplify reading but should not develop any legal meaning.

  

1. Person in charge

 

ekipa GmbH

Kaiserstraße 53
60329 Frankfurt am Main
Postfach 80
Deutschland
Authorized managing directors: Justin Gemeri and Nico Heby

E-mail: hello@ekipa.de

Phone: +49 1515 2592417

  

2. Conclusion of contract

  

The terms used here correspond to those in Article 4 of (EU) 2016/679 (the so-called Basic Data Protection Regulation – DSGVO).

Categories of the persons concerned are employees as well as visitors and users of the online offer (in the following we will refer to the persons concerned collectively as “users”).

  

3. Types of processed data

  

As a web-based open innovation platform, we process personal data in the course of providing our services. Personal data is either provided by the user himself or is collected automatically via technical information.

All data requested through the website are obligatory. If this data is not provided, this may result in this website not being able to provide its services. In cases where this website expressly states that some data is not obligatory, users may choose not to disclose such data without any consequences for the availability or functioning of the service. Users who are unsure as to which data are obligatory can contact the responsible person.

The following types of data are collected:

  • Inventory data (for example, names, addresses).
  • Contact data (e.g. e-mail, telephone numbers).
  • Content data (e.g., text input, documents, videos).
  • usage data (e.g., websites visited, interest in content, access times)
  • Meta/communication data (e.g., device information, browser type, IP addresses)
  • Websites from which the user’s system accesses our website
  • Websites accessed by the user’s system through our website

Additionally we process

  • Contract data (for example, contract object, duration, customer category).
  • Payment data (for example, bank details, payment history)

by our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research

  

4. Purpose of processing

  

We process personal data in order to provide and optimise the services of an open innovation platform. 

Personal data is required to:

  • to be able to offer the online offer, its functions and contents in full;
  • Allow users to set up and customize an account on the platform;
  • enable users to participate in innovation projects on the platform;
  • Enable users to interact and communicate via the platform, for example with team members, organisers or clients of a challenge;
  • Send users personalized and useful information via email or other communication channels, such as requests from potential team members or confirmation of team membership;
  • to announce winners or winning teams of a challenge;
  • Send users, in accordance with the law or the explicit consent of users, marketing materials or recommendations that may interest them, such as information about upcoming challenges;
  • to inform users about changes in their own services;
  • to manage their own website and platform, for example in the sense of troubleshooting, data analysis or testing new features;
  • to optimize the offered website and platform and their services for the user;
  • to monitor, protect and secure its own website and platform;
  • analyse the impact of marketing and advertising in order to provide the user with appropriate information;
  • to comply with its own legal requirements.

 The personal data used for the purposes listed are listed in the relevant sections of this document.

 

5. Legal basis for the processing of personal data

  

In accordance with Art. 13 DSGVO we inform you about the legal basis of our data processing. If no specific information on relevant legal bases is provided in the affected areas of this data protection declaration, the processing is based on the legal bases below. In principle, we collect, process and share the data described above on the basis of the following criteria:

  • the necessity to properly provide and fulfil the services of the ekipa platform including the general terms and conditions, conditions of participation and customer contracts of the respective Challenges;
  • the user’s consent, which can be revoked at any time via the user’s own profile or by contacting ekipa; 
  • the need to comply with existing legal requirements;
  • the protection of our legitimate interests, provided that no rights of the users, which require the protection of personal data, outweigh. Our legitimate interest lies generally in our economic interest in maintaining and optimizing our business operations.

The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing to fulfil our services and carry out contractual measures as well as answer inquiries is Art. 6 para. 1 lit. b DSGVO, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.

  

6. Processing methods

  

  The person in charge shall process the User Data in a proper manner and take reasonable security measures to prevent unauthorized access and disclosure, modification or destruction of the data. 

 The data processing is carried out by means of computers or IT-based systems, following an organizational procedure and mode strictly aimed at the stated purposes. In addition to the Controller, certain categories of Controllers may also be granted access to the data involved in the operation of the Site (Human Resources, Sales, Marketing, Legal, System Administrators) or external parties (such as third party technical service providers, delivery companies, hosting providers, IT companies or communications agencies), which may be used by the Owner as contract processors if necessary.

An up-to-date list of these parties may be requested by the responsible body at any time

  

7. Storage period

  

Personal data shall be processed and stored for as long as is necessary for the purpose for which they were collected.

Therefore:

  • Personal data collected for the purpose of fulfilling a contract concluded between the provider and the user will be stored until the complete fulfilment of this contract;
  • Personal data collected to protect the legitimate interests of the provider will be stored for as long as is necessary to fulfill these purposes. Users may obtain more detailed information about the legitimate interests of the Provider in the relevant sections of this document or by contacting the Provider;
  • In addition, the provider may be required to retain personal data for a longer period of time if this is necessary to fulfill a legal obligation or by order of an authority.

 Personal data will be deleted at the end of the legal retention period. Therefore, the right of access, the right to cancellation, the right to rectification and the right to transfer data cannot be exercised after the end of the retention period.

If the account is deleted and the contract terminated, information and contributions shared by the user on the platform may remain visible. However, these will be anonymised immediately.

  

8. Rights of data subjects

  

You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with Art. 15 DSGVO.

 

  1. You have accordingly to Art. 16 DSGVO the right to request the completion of data concerning you or the correction of incorrect data concerning you.
  2. Pursuant to Art. 17 DSGVO, you have the right to demand that the relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data pursuant to Art. 18 DSGVO.
  3. You have the right to demand that we give you access to the data concerning you that you have provided to us in accordance with Art. 20 DSGVO and to demand that it be transferred to other responsible parties. 
  4. Pursuant to Art. 77 DSGVO, you also have the right to file a complaint with the competent supervisory authority.
  5. Right of withdrawal
    • have the right to revoke consents granted pursuant to Art. 7 para. 3 DSGVO with effect for the future.

6. Right of objection

    • may object at any time to the future processing of the data concerning you in accordance with Art. 21 DSGVO. The objection may in particular be lodged against processing for the purposes of direct marketing.

   7. Deletion of data

    • data subject has the right, granted in accordance with Articles 17 and 18 of the DSGVO, to require the data processors to delete or restrict the personal data relating to him without delay if one of the following reasons applies and if the processing is not necessary.
    • The personal data have been collected for such purposes or processed in any other way for which they are no longer necessary.
    • The data subject withdraws his consent on which the processing was based pursuant to Art. 6 para. 1 a DSGVO or Art. 9 para. 2 a DSGVO and there is no other legal basis for the processing.
    • The data subject objects to the processing under Article 21 para-1 DSVGO and there are no overriding legitimate reasons for the processing or the data subject objects to the processing under Article 21 para. 2 DSGVO.
    • Personal data have been processed unlawfully.
    • The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
    •  The personal data were collected in relation to information society services offered pursuant to Art. 8 para. 1 DSGVO.

 

9. Visit the website

  

During the visit of the website www.ekipa.de and its subdomains, the browser of the user’s terminal device automatically sends information to the website servers used by ekipa. This information is temporarily stored in a log file. This includes the IP address assigned to the respective computer, which is required for the transmission of the retrieved contents of the website. In addition, information about the use of the website, the version of the operating system, the model of hardware used, the hardware settings, the type of browser used, the browser language, the website from which the request comes, as well as the date and time of the website use is collected and stored. This information is stored for a maximum of 7 days in connection with the associated IP address for purposes of abuse detection and tracking. Usage data will be further deleted immediately or anonymized as soon as they are no longer required for the purposes stated in this declaration. Anonymized usage data may be used to design the website according to the needs and optimized for the USER.

More detailed information on the nature of the data, purpose and external services can be found in Section 14 of this Privacy Policy

  

10. Contact us

  

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details are used to process the contact enquiry and to process it in accordance with Art. 6 Para. 1 lit. b. (within the framework of contractual/pre-contractual relationships), Art. 6 Para. 1 lit. f. (other inquiries) DSGVO. The data of the users can be stored in a customer relationship management system (“CRM SYSTEM”) or comparable inquiry organization.

We delete the enquiries if they are no longer necessary. We check the necessity every two years; furthermore, the legal archiving obligations apply.

More detailed information on the type of data, purpose and external services can be found in Section 14 of this Privacy Policy.

  

11. Newsletter

  

With the following information we inform you about the contents of our newsletter, the registration, dispatch and statistical evaluation procedures as well as any rights of objection. By subscribing to our newsletter, users agree to receive it and to the procedures described.

Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. Insofar as the contents of the newsletter are specifically described within the framework of registration, they are decisive for the consent of the user. In addition, our newsletters contain information about our services and us.

Double-Opt-In and logging: The registration to our newsletter takes place in a so-called Double-Opt-In procedure. This means that after registration, users receive an e-mail in which they are asked to confirm their registration. This confirmation is necessary so that no one can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation times as well as the IP address. Likewise the changes of the data stored with the dispatch service provider are logged.

Registration data: To subscribe to the newsletter, it is sufficient to provide an e-mail address. Optionally we ask for a name in order to address you personally in the newsletter.

The dispatch of the newsletter and the performance measurement associated with it are based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 no. 3 UWG or, if consent is not required, on our legitimate interests in direct marketing pursuant to Art. 6 para. 1 f DSGVO in conjunction with § Section 7 (3) UWG. 

The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. We are interested in using a user-friendly and secure newsletter system that serves our business interests, meets users’ expectations, and allows us to provide evidence of consent.

Cancellation / revocation – The receipt of our newsletter can be cancelled at any time, i.e. the consents can be revoked. A link to cancel the newsletter can be found at the end of all newsletters. We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time.

More detailed information on the nature of the data, purpose and external services can be found in Section 14 of this Privacy Policy.

  

12. ekipa-community

It is possible to become a member of the ekipa community in order to participate in innovation projects. Registration is required for this.

  

Registration and Profile

Users can create a user account or profile on the ekipa platform. Within the scope of registration, the required mandatory data will be communicated to the users and processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of providing the user account. The processed data includes in particular the login information (name, password, e-mail address). The data entered during registration will be used for the purposes of using the user account. The user has the possibility to further individualize his innovator profile on the ekipa platform. The profile can include information on education, skills, knowledge or other contact details.

Users can be informed by e-mail about information relevant to their user account, such as technical changes. If users have terminated their user account, their data will be deleted with respect to the user account, subject to a statutory retention obligation. It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.

When using our registration and login functions as well as the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A passing on of these data to third parties does not take place in principle, unless it is necessary for the pursuit of our claims or there is a legal obligation according to Art. 6 para. 1 lit. c. DSGVO. The IP addresses will be anonymized or deleted after 7 days at the latest.

  

Comments, posts and uploads

We collect and process personal data provided and uploaded by the user during the course of using the ekipa platform via the website, for example when a user registers for a challenge, requests or joins a particular team, chats with other team members or submits contributions, ideas and solutions for challenges (hereinafter “Contributions”).

If users leave contributions, their IP addresses may be stored on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. DSGVO for 7 days. This is done for our security, if illegal contents are left behind in contributions (insults, forbidden political propaganda, etc.). This serves to indemnify ekipas.

Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO to process user data for the purpose of spam detection.

On the same legal basis, in the case of surveys, we reserve the right to store the IP addresses of users for the duration of the surveys and to use cookies in order to avoid multiple votes.

The data provided in the context of the contributions will be stored permanently by us until the user objects

  

13. Cooperation with contract processors and third parties

  

Insofar as we disclose data to other persons, other users and companies (contract processors or third parties), transfer it to them or otherwise grant them access to the data, this shall only occur on the basis of

  • a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is required pursuant to Art. 6 para. 1 lit. b DSGVO for the performance of the contract);
  • the users have consented (e.g. when registering via external social media);
  • a legal obligation and the necessity of transfer for the provision of own services (e.g. transfer of data to the clients of a Challenge); or 
  • on the basis of our legitimate interests (e.g. when using agents, web hosts, analytics providers, etc.). 

If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 DSGVO.

The profile of the users and their teams is visible for all logged in users of the platform when participating in challenges during the team compilation. Certain data (e.g. name, team affiliation, team name, university or department) may under certain circumstances also be released to the public, if this is the case the consent of the user will be obtained. Contributions in the form of messages, ideas, solutions or other submissions are always accessible to all team members when they are members of a team.

After submission of entries in the course of a Challenge, certain data will be made available to the client, his representatives, his jury or other persons to whom the client grants access exclusively for the administration of the Challenge. This includes certain information from the user profiles (e.g. name, university, department, skills) and/or team profiles (e.g. team name, description, university) as well as user contributions in the form of submissions for the challenges concerned.

Data processing agreements have been concluded with the clients to ensure joint compliance with the DSGVO.

  

14. Transfers to third countries

  

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third party services or disclosure or transfer of data to third parties, this only occurs if it is done to fulfil our (pre)contractual obligations, on the basis of consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. of the German Data Protection Act are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or the observance of officially recognized special contractual obligations (so-called “standard contractual clauses”).

  

15. Detailed information on the processing of personal data

  

Personal data is collected using the following services and for the following purposes.

Analytics

The services listed in this section allow the owner to monitor and analyze traffic and track user behavior. We use such services on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f.). DSGVO).

Google Analytics with IP anonymization (Google Inc.)

Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the information collected to track and investigate how this website is used, to report user activity, and to share it with other Google services.

Google may use the information collected to contextualize and personalize the ads on its own advertising network.

IP anonymisation has been activated on this website so that the IP address of Google users within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area is shortened beforehand. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

Personal data collected: Cookie and usage data.

If possible, we use servers with a location within the EU. However, it cannot be ruled out that data may also be transferred to the USA. For the personal data that is transferred to the USA, Google has submitted to the EU-US Privacy Shield: www.privacyshield.gov/participant

Further information on the use of data by Google, setting and objection options can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).

  

Infrastructure and Backend

The purpose of this type of service is to host data and files so that this website can be managed and used. In addition, these services may provide a ready-made infrastructure that handles specific functions or entire components for this website. We use such services on the basis of the fulfilment of our services and the execution of our services (i.e. execution of an open innovation platform within the meaning of Art. 6 Para. 1 lit. b DSGVO and Art. 6 Para. 1 lit. c DSGVO) as well as our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f). DSGVO).

Some of these services operate on geographically distributed servers, making it difficult to determine where personal data is stored

 Firebase Cloud Storage

Firebase Cloud Storage is a web hosting service provided by Google Inc.

Personal data collected: Usage data and various types of data, as described in the Service’s Privacy Policy. 

If possible, we use servers with a location within the EU. However, it cannot be ruled out that data may also be transferred to the USA. For the personal data that is transferred to the USA, Google has submitted to the EU-US Privacy Shield: www.privacyshield.gov/participant. For

more information about Google Firebase and privacy, visit https://policies.google.com/privacy and firebase.google.com.

 Firebase Cloud Functions

Firebase Cloud Functions is a web hosting and backend service provided by Google Inc.

Personal data collected: Usage data and various types of data, as described in the Service’s Privacy Policy.

If possible, we use servers with a location within the EU. However, it cannot be ruled out that data may also be transferred to the USA. For the personal data that is transferred to the USA, Google has submitted to the EU-US Privacy Shield: www.privacyshield.gov/participant. For

  more information about Google Firebase and privacy, visit https://policies.google.com/privacy and firebase.google.com.

 Firebase Realtime Database

Firebase Realtime Database is a web hosting and backend service provided by Google Inc.

Personal data collected: Usage data and various types of data, as described in the Service’s Privacy Policy.

If possible, we use servers with a location within the EU. However, it cannot be ruled out that data may also be transferred to the USA. For the personal data that is transferred to the USA, Google has submitted to the EU-US Privacy Shield: www.privacyshield.gov/participant. For

  more information about Google Firebase and privacy, visit https://policies.google.com/privacy and firebase.google.com.

 

Prismic (Prismic Networks Inc.)

For our internet presence we use Prismic as a content management system. This is a service of Prismic Networks, Inc. 185 Alewife Brook Parkway, #410 Cambridge, MA 02138, hereinafter referred to as “Prismic”.

Personal Data Collected: By connecting to Prismic when you access our website, Prismic can determine which website your request was sent from and the IP address to which the content should be sent.

Prismic offers more information at:

 

https://prismic.io/legal/privacy

https://prismic.io/security

 

and points out that Prismic’s privacy policy complies with EU data protection laws (DSGVO).

  

Testing the performance of content

With the services listed in this section, the Owner can track and analyze the response of users to the traffic on the Site or their behavior after this application has been modified in terms of structure, text, or other components. We use these services on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f.). DSGVO).

 Firebase Remote Conifg (Google Inc.)

Firebase Remote Config is a service provided by Google Inc. to perform A/B testing and configuration.

Personal data collected: various types of data as described in the Service’s Privacy Policy.

If possible, we use servers with a location within the EU. However, it cannot be ruled out that data may also be transferred to the USA. For the personal data that is transferred to the USA, Google has submitted to the EU-US Privacy Shield: www.privacyshield.gov/participant. For

  more information about Google Firebase and privacy, visit https://policies.google.com/privacy and firebase.google.com.

 

  

Login and Authentication

By registering or authenticating, users authorize this application or website to identify them and provide them with access to specific services.

Depending on what is specified below, third-party providers may provide login and authentication services. In this case, this site may access some of the information stored by these third parties for registration or identification purposes.

We use such services on the basis of the fulfilment of our services and the execution of our services (i.e. execution of an open innovation platform within the meaning of Art. 6 Para. 1 lit. b DSGVO and Art. 6 Para. 1 lit. c DSGVO) as well as our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f). DSGVO).

 Firebase Authentication (Google Inc.)

Firebase Authentication is a login and authentication service provided by Google Inc. To simplify the login and authentication process, Firebase Authentication can use third-party identity services and store the information on their platform.

Personal data collected: E-mail, username, password

If possible, we use servers with a location within the EU. However, it cannot be ruled out that data may also be transferred to the USA. For the personal data that is transferred to the USA, Google has submitted to the EU-US Privacy Shield: www.privacyshield.gov/participant. For

  more information about Google Firebase and privacy, visit https://policies.google.com/privacy and firebase.google.com.

 Facebook Authentication (Facebook Inc.)

Facebook Authentication is a login and authentication service provided by Facebook, Inc. that is connected to the social network Facebook.

Personal data collected: various types of data as described in the Service’s Privacy Policy.

Facebook has submitted to the EU-US Privacy Shield for the personal data transferred to the USA: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

 Further information on Facebook and data protection can be found at https://www.facebook.com/about/privacy/.

 Google OAuth (Google Inc.)

Google OAuth is a sign-in and authentication service provided by Google Inc. that is connected to the Google network.

Personal data collected: various types of data as described in the Service’s Privacy Policy.

If possible, we use servers with a location within the EU. However, it cannot be ruled out that data may also be transferred to the USA. For the personal data that is transferred to the USA, Google has submitted to the EU-US Privacy Shield: www.privacyshield.gov/participant. You can find more information about Google and data protection at https://policies.google.com/privacy.

  

Interaction with external social networks and services

These types of services enable interaction with social networks or other external platforms directly through this website. The interaction and the information collected through this website are always subject to the privacy settings made by the users for the respective social network or service.

If a service is installed for interaction with social networks, it may collect data from traffic on the pages on which it is installed even if users do not use the service.

We use these services on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f.). DSGVO).

 Google Maps

On this website we use the offer of Google Maps, offered by Google Inc.. This allows us to show the user interactive maps directly on the website.

By visiting the website, Google obtains the information that the users have called up a corresponding subpage of our website. This takes place regardless of whether a user account exists with Google that the user is logged on to or not. When a user is logged in to Google, the data is assigned directly to the respective account. 

For the personal data that is transferred to the USA, Google has submitted to the EU-US Privacy Shield: www.privacyshield.gov/participant

Further information on the use of data by Google, setting and objection possibilities, can be found in Google’s data protection declaration (https://policies.google.com/privacy).

If users do not wish to be associated with their Google user account, they must log out of Google before accessing the website. Google stores the data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Users have the right to object to the creation of these user profiles, whereby they must contact Google to exercise this right.

 Xing

Functions and contents of the Xing service, offered by XING AG, can be integrated into our online offering. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Xing. If the users are members of the Xing platform, Xing can assign the access to the above-mentioned contents and functions to the profiles of the users there.

Personal data collected: Cookie and usage data

Further information on Xing and data protection can be found at https://privacy.xing.com/de/datenschutzerklaerung. 

If a user is a Xing member and does not want Xing to collect data about him via this online service and to link it with his member data stored at Xing, he must log out of Xing before using our online service and delete his cookies.

 LinkedIn

The functions and content of the LinkedIn service offered by the LinkedIn Ireland Unlimited Company can be integrated into our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within LinkedIn. If the users are members of the platform LinkedIn, LinkedIn can assign the call of the above contents and functions to the profiles of the users there. 

Personal data collected: Cookie and usage data.

For the personal data transferred to the USA, LinkedIn has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active. For

  more information on LinkedIn and privacy, please visit https://www.linkedin.com/legal/privacy-policy, for an for opt-out, please visit https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

If a user is a LinkedIn member and does not want LinkedIn to collect information about him or her through this online service and link it to his or her LinkedIn stored member data, he or she must log out of LinkedIn before using our online service and delete his/her cookies.

 Facebook Social Plugins

Within our online offer, social plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd. (“Facebook”), can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online service within Facebook. The list and appearance of the Facebook Social Plugins can be seen here: https://developers.facebook.com/docs/plugins/.

Personal data collected: Cookie and usage data.

Facebook has submitted to the EU-US Privacy Shield for the personal data transferred to the USA: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

 Further information on Facebook and data protection can be found at https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about him or her via this online service and link it with his or her member data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online service. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

 Instagram

Within our online offer, functions and contents of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offering within Instagram. If the users are members of the Instagram platform, Instagram can assign the call of the above contents and functions to the profiles of the users there. 

For more information on Instagram and Privacy, please visit http://instagram.com/about/legal/privacy/.

If a user is an Instagram member and does not want Instagram to collect information about them through this online service and link it to their Instagram stored member information, they must log out of Instagram and delete their cookies before using our online service.

 

  

Manage contacts, send messages, and prepare data

This type of service enables the management of a database containing, for example, e-mail contacts, any other contact information, profile data, user contributions, order data or other information.

In certain cases, the Services may also collect information about the date and time at which messages were read by the User and when the User interacts with incoming messages, for example by clicking on links contained therein.

We use such services on the basis of the fulfilment of our services and the execution of our services (i.e. execution of an open innovation platform within the meaning of Art. 6 Para. 1 lit. b DSGVO and Art. 6 Para. 1 lit. c DSGVO) as well as our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f). DSGVO).

 Mailjet (SAS Mailjet)

Mailjet is a service provided by SAS Mailjet for managing e-mail addresses and sending messages. The shipping service provider can use the recipient’s data in pseudonymised form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of the shipping and display of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

Personal data collected: email

SAS Mailjet implements the European Basic Data Protection Regulation.

Further information on Mailjet and data protection can be found at https://www.mailjet.de/privacy-policy/.

 Crisp.chat (Crisp IM S.A.R.L.)

Crisp.chat is a live chat service provided by Crisp IM S.A.R.L. for communicating with users of our online services, which we use to improve the user experience. This gives us the opportunity to contact users faster and more directly and to process their requests in accordance with their expectations. With crisp.chat, we can send users messages via live chat, email, SMS or push messages, if legally permitted. In order for this to be possible, we must synchronise our contact information with the users of Crisp IM S.A.R.L. via an interface.

Personal data collected: various types of data as described in the Service’s Privacy Policy.

Crisp IM S.A.R.L. implements the European Basic Data Protection Regulation: https://www.help.crisp.chat/en/article/whats-crisp-eu-gdpr-compliance-status-nhv54c

Further information on Crisp.chat and data protection can be found at https://crisp.chat/en/privacy/.

 Airtable (Formagrid Inc.)

Airtable is a service provided by Formagrid Inc. for the administration and processing of data, which we use in particular to process the submissions in the course of a challenge.

Personal data collected: E-mail and usage data.

 

We have concluded a contract processing agreement with Formagrid Inc. This is an EU standard contract clause in which Airtable undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection regulations and, in particular, not to pass it on to third parties. AirTable processes data on servers outside the EU. Further information can be found here: https://airtable.com/privacy.

HubSpot (HubSpot Inc.)

This is an integrated software solution that covers various aspects of our online marketing. With HubSpot, we have concluded an order data processing contract in accordance with the DSGVO specifications.

This includes, among other things: E-mail marketing (newsletters as well as automated mailings, e.g. to provide downloads), reporting (e.g. traffic sources, access, etc. …), contact management (e.g. user segmentation & CRM) and landing pages and contact forms.

Our registration service enables users of our website to learn more about our company, download content and provide their contact information and other demographic information. They may be used by us to contact users of our website and to determine which services of our company are of interest to them. All information we collect is subject to this Privacy Policy. We use all information collected exclusively to optimize our marketing activities. HubSpot is a software company based in the USA with an office in Ireland.

Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

Personal data collected: Email address, usage data and various types of data as described in the Service’s Privacy Policy.

HubSpot is certified under the terms of the “EU – U.S. Privacy Shield Framework” and is subject to the TRUSTe ‘s Privacy Seal and the “U.S. – Swiss Safe Harbor” Framework.

More information about HubSpot’s privacy policy can be found here: https://legal.hubspot.com/privacy-policy  

More information from HubSpot on EU data protection rules can be found here: https://legal.hubspot.com/data-privacy 

  

16. Cookies and the right to object to direct advertising

  

Cookies” are small files that are stored on the user’s computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user’s visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. The content of a shopping cart in an online shop or a login status, for example, can be stored in such a cookie. Cookies are referred to as “permanent” or “persistent” and remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users can also be stored in such a cookie, which are used for range measurement or marketing purposes. Third-Party-Cookie” are cookies that are offered by other providers than the responsible person who operates the online service (otherwise, if they are only their cookies, one speaks of “First-Party Cookies”).

We use temporary and permanent cookies. If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

A general objection to the use of cookies used for online marketing purposes can become the EU website http://www.youronlinechoices.com/erklärt for a large number of services, especially in the case of tracking, via the US American website http://www.aboutads.info/choices/oder . Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that not all functions of this online offer can be used in this case

  

17. Safety precautions

  

In accordance with Art. 32 DSGVO, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the nature, extent, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons.

Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to, access to, inputting, disclosure, securing and separation of data. In addition, we have established procedures to ensure that data subjects’ rights are exercised, that data is deleted and that we react to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO)

  

18. Modification of the data protection declaration

  

The data controller reserves the right to make changes to this privacy policy at any time by informing its users on this page. Users are therefore advised to visit this page regularly and check the date of the last change indicated at the bottom of the page. If a user rejects a change to the data protection declaration, he may no longer use this website and may request the responsible authority to delete his personal data. Unless otherwise stated, the current data protection declaration applies to all personal data stored by the data controller about a user.

  

The German text of the contract shall prevail. The purpose of the contract in English is merely to simplify reading but should not develop any legal meaning.

Privacy policy status: March 2020