Any collection, processing and use (hereinafter "use") of data is solely for the purpose of providing our services. Our services have been designed to use as little personal information as possible.
For that matter, "personal data" is understood as all individual details about a person or factual circumstances of an identifiable natural person (so-called "affected person"). The following statements on data protection describe what types of data are collected when accessing our website, what happens with these data and how you may object to data usage.
Responsible within the meaning of the EU General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG) is:
Startnext GmbH
Grundstrasse 1
01326 Dresden
Germany
(see our Legal Notice for full contact information)
The data protection officer is:
Kemal Webersohn of WS Datenschutz GmbH
If you have questions about data protection, you can contact WS Datenschutz GmbH at the following email address: startnext@ws-datenschutz.de
WS Datenschutz GmbH
Dircksenstraße 51
D-10178
Berlin
We have taken technical and organizational measures to ensure that your data is processed securely. When we work with external service providers (e.g. email or server providers), we carefully check their data protection standards beforehand. In this selection process, each individual service provider is carefully selected for its suitability in terms of technical and organizational capabilities in data protection.
This selection procedure will be documented in writing and an agreement on the order processing of data (data processing agreement) will only be concluded if the third party complies with the requirements of Art. 28 GDPR.
Your data is stored on protected servers and only made accessible to a few authorized persons. Our website is encrypted with SSL/TLS, which you can recognize by the "https://" in the URL.
We process personal data only if necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.
When you visit our website, our server temporarily stores every access in a log file. The following personal data is recorded and stored until it is automatically deleted:
In addition to this personal data, further personal data may be collected by us and our partners, more on this below.
Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest is based on making our website accessible to you.
The purpose of data processing is to enable you to use the website (connection establishment). It ensures system security, the technical administration of the network infrastructure and the optimization of the website. Your IP address is only analyzed in the event of attacks on our network infrastructure or that of our Internet provider.
Your personal data will be deleted as soon as it is no longer required for the above- mentioned purposes. This is the case when you close the website. Our hosting provider may use the data for statistical surveys, but only in anonymized form. The data is deleted there after 7 days.
In addition, you can object to this processing at any time by contacting us or the 1&1 data protection officer. If you wish to exercise any of these rights, you can contact 1&1's data protection officer at the above address or send an e-mail to datenschutz@ionos.de.
Our website uses the services of the hosting provider 1&1. Data processing is carried out by: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur. Further information can be found in 1&1's privacy policy.
We also use the services of the hosting provider AWS. The data processing is carried out by: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, Luxembourg 1855, Luxembourg (a subsidiary of Amazon.com Inc., 410 Terry Avenue North, Seattle WA 98109, USA). In order to ensure the greatest possible data security, we have chosen the server location in Frankfurt am Main for the service provider AWS. You can find more information about AWS data protection here.
Our website uses cookies, which are stored on your computer while you are using it. Cookies are small text files that are linked to your browser and stored on your hard disk. They help us or other providers to store certain information. Don't worry - cookies cannot run programs or transfer viruses to your computer.
We use cookies to enable you to log in and to analyze the use of our website in anonymized or pseudonymized form. This enables us to show you relevant content and offers. The following data may be collected:
When you visit our website for the first time, you will be informed about the use of cookies via a cookie banner and referred to the privacy policy.
The legal basis for the processing of data by cookies that do not solely serve the functionality of our website is Art. 6 para. 1 sentence 1 lit. a) GDPR.
The legal basis for data processing by cookies, which are used exclusively for the functionality of this website, is Art. 6 para. 1 sentence 1 lit. f) GDPR.
Our legitimate interest arises from ensuring a smooth connection setup and convenient use of the website. In addition, data processing serves to analyze system security and stability as well as the statistical evaluation of website usage.
There are two types of cookies that are used on this website:
a) Transient cookies
These are automatically deleted when you close the browser. These include session cookies in particular, which store a so-called session ID. This allows your computer to be recognized when you return to our website. The session cookies are deleted as soon as you log out or close the browser.
b) Persistent cookies
These are automatically deleted after a predefined period, which may vary depending on the cookie.
You have the option at any time to withdraw your consent to the processing of cookies that do not serve the pure functionality of the website. Cookies are only set after you have consented to this when you access the site. This allows you to control data processing via cookies on our website.
You can also delete cookies at any time via your browser's security settings. Please note that you may not be able to use all functions of the website if you do so. The setting of cookies can also be permanently prevented by making the appropriate settings in your browser.
You can contact us by e-mail via our website. Various data required to process your request will be stored. This data will only be used to answer your request and will not be passed on to third parties.
Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.
We only process your data in order to process your contact request.
Your data will be deleted as soon as the purpose of the processing has been fulfilled, usually immediately after your request has been answered. In rare cases, however, it may be necessary to store your data for longer if this is required by legal, regulatory or contractual obligations.
You can contact us at any time and object to the further processing of your data. In this case, we will unfortunately not be able to continue communicating with you. All personal data processed in the course of making contact will then be deleted, unless statutory retention obligations prevent deletion.
You can register on our website. This requires you to enter personal data in the registration form. At least the following data is collected:
You will receive a non-public account on Startnext. To access it, you will need to confirm the email address you provided when registering or supporting and set a password. This account is used exclusively for internal system allocation to prevent fraud and avoid incorrect entries that could make it difficult to deliver your thank-you gifts. The data transmitted is not publicly visible.
Visible data when using the closed area
If you use the closed area of the platform, certain data may become visible to other users and visitors:
Your public profile as a starter or team member
As soon as your project enters the start phase, you will receive a publicly visible profile as a starter or team member with the following information:
If you enter personal data in the mandatory fields, the processing is based on Art. 6 para. 1 sentence 1 lit. b) GDPR. If you also enter personal data in optional fields, the processing is based on Art. 6 para. 1 sentence 1 lit. a) GDPR.
We only process your data in order to complete your registration and manage your website account.
Your data will be deleted as soon as it is no longer required for the purpose of registration. This is the case when you close your account with us and no legal or official retention periods prevent the deletion.
You can change, correct or delete your personal data at any time, both during and after registration.
We offer you the opportunity to work with your
to register and log in to our website ("social login").
There is no need for additional registration on our website. Your social media account is linked to your customer account so that you can authenticate yourself directly - without needing an additional password.
We automatically receive the following information through the link:
You can find the complete list from Facebook here.
You can find the complete list from Google here.
Further information on the respective social login functions, the data transmitted and the privacy settings of your social media account can be found in the data protection information of:
If you provide us with your first and last name and your e-mail address, the processing is based on Art. 6 para. 1 sentence 1 lit. b) GDPR. You provide us with all other data voluntarily, so that the processing in these cases is based on Art. 6 para. 1 sentence 1 lit. a) GDPR.
The social login makes it easier for you to use our registration function. It also provides us with information about the use of our website by social media users. We also use social media logins to make our website better known.
The social login data will be stored until revoked and used as described.
You can prevent this data processing by using the regular registration process. You can change, correct or delete your personal data at any time, both during and after registration. If the data processing is based on your consent, you can revoke this at any time in accordance with Art. 7 GDPR.
A revocation is effective from the time it is declared and for the future.
You have the option of applying to us by email (jobs at startnext.com). Personal data will be processed and stored for the respective application process.
Your data is processed on the basis of Art. 88 GDPR and Section 26 BDSG.
We process your data exclusively for the purpose of carrying out the application process.
If your application leads to an employment relationship, your personal data will be stored in compliance with the statutory provisions.
If your application is not considered, it will be deleted according to the rules of our deletion concept, whereby the provisions of the General Equal Treatment Act (AGG), in particular the existing burden of proof according to § 22 AGG, will be observed.
Your data will only be stored for longer if this is contrary to statutory provisions or if you have consented to longer storage. In this case, the storage is based on Art. 6 para. 1 sentence 1 lit. c) or lit. a) GDPR.
You can contact us at any time and object to the further processing of your data. In this case, all personal data processed in the course of the application process will be deleted - unless there are mandatory legal provisions to the contrary.
You can subscribe to our newsletter on our website. To do so, you must enter personal data in the newsletter input mask. The fields marked with an "*" are mandatory:
This information is necessary to be able to send you the newsletter.
The newsletter is sent by email and only sent after you have registered. In order to meet the requirements of the GDPR, we use the DOI procedure ("double opt-in")*. As soon as you register for our newsletter, you will receive a confirmation email to the email address you have provided. This e-mail contains a confirmation link that you must click on. Only then will your registration be successfully completed.
To carry out this procedure, we store
to prevent misuse. Your data will not be passed on to third parties.
Data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
The newsletter serves to inform you regularly about our offers and news.
Your data will only be processed for as long as it is necessary to fulfill the purpose and no legal or official retention obligations prevent deletion.
You can withdraw your consent to the processing of your personal data for the newsletter at any time. To do so, you can either click on the unsubscribe link in each newsletter or send us your revocation by other means.
Our emails are sent via Mailjet GmbH, Alt Moabit 2, 10557 Berlin. In this context, Mailjet processes so-called metadata, including:
Mailjet also receives information about the content of the message when the e-mails are sent.
Examples of transactional emails are
You can also be sent project news from the starters whose projects you have subscribed to.
We also send emails to our starters as part of marketing campaigns. The assignment to the campaigns is done by segmentation and tagging.
Examples of marketing campaigns are
We trust Mailjet's IT security and data protection and have concluded an order processing contract with Mailjet. Mailjet thus undertakes to protect your data, to process it on our behalf in accordance with the data protection regulations and not to pass it on to third parties.
You can find Mailjet's privacy policy here.
The processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
We use Mailjet as a dispatch service provider to ensure that our emails are sent reliably and efficiently.
According to Mailjet, they only store your personal data for as long as is necessary to provide their services. Mailjet deletes your data when we delete it from our address file.
You can revoke your consent at any time. To do so, click on the link in the footer of the respective e-mail. If there is no link then the data processing is necessary in order to maintain full functionality on our website. Therefore, objecting is impossible.
We use the Zoom tool for our live formats. Zoom serves as a communication platform for online seminars, video and telephone conferences as well as for communication and joint editing or sharing of files.
The following data is recorded from meeting participants:
The processing of personal data of meeting participants takes place exclusively in data centers in the European Union. Personal data is not transferred to the USA or any other third country.
We have concluded an order processing agreement with Zoom that includes the EU standard contractual clauses.
Further information on the processing of personal data at Zoom can be found at zoom.us/de-de/gdpr and zoom.us/de-de/privacy.html.
The legal basis for the use of Zoom is Art. 6 para. 1 lit. b) GDPR. In the case of "open webinars", it is Art. 6 para. 1 lit. f) GDPR.
We use Zoom to carry out our live formats. This allows us to present interesting content to you in a vivid way. Zoom processes your data in order to provide and optimize the services.
Zoom deletes personal data as soon as the purpose of processing has been fulfilled and no legal regulations prevent deletion. You also have the option of deleting your own content yourself.
You can object to data processing or withdraw your consent at any time. To do so, you can contact our data protection officer or Zoom directly via the following email addresses: legal@zoom.us or privacy@zoom.us.
To use our payment functions, it is necessary to provide personal data. These are processed to handle your support. This includes
If the crowdfunding project you have supported is successful, we will transmit this data together with the amount of support and the date of your support to the starter in order to process the contractual obligations (e.g. delivering a reward).
For payment processing, this data is passed on to our payment service provider Stripe Technology Europe Ltd, 25-28 North Wall Quay, Dublin 1, Ireland. Stripe also carries out a technical check of the risk of non-payment.
Different payment methods require different data. The information Stripe stores about your payment method depends on which payment method you choose. When you carry out a transaction, Stripe may collect additional data.
The transmission of your data to Stripe is based on Art. 6 para. 1 lit. a) GDPR (consent) and Art. 6 para. 1 lit. b) GDPR (processing for the performance of a contract). The transmission to the starter is based on Art. 6 para. 1 lit. b) GDPR (processing for the performance of a contract).
We trust in the data security of Stripe. All card numbers entered are encrypted with AES-256. The infrastructure for storing, decrypting and transmitting card numbers is completely separate and uses different credentials than Stripe's main services.
Stripe is certified to the highest industry standards and holds official licenses worldwide. According to Stripe, it takes technical, organizational and administrative measures to ensure that personal data is protected against unauthorized access, loss, alteration or misuse.
Further information can be found in Stripe's privacy policy.
Data processing is used to process support, for technical checks on the risk of non-payment and for fraud prevention.
The personal data exchanged between Stripe and the controller may be transmitted by Stripe to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness. Stripe may pass on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data is to be processed on behalf of Stripe.
Address, payment and order data are stored for up to 10 years due to commercial and tax law requirements. Unsuccessful campaigns are deleted 3 months after completion. If you use Stripe, Stripe also stores your personal data for as long as you use the services. After that, it will be deleted unless there are official, contractual or legal requirements that require longer storage.
Storage is required for contract processing and for legal reasons. Premature deletion is only possible if there are no statutory retention obligations to the contrary.
If you have any questions about data protection at Stripe or would like to exercise your rights, you can contact our data protection officer or contact Stripe directly at https://stripe.com/contact or by email at privacy@stripe.com.
Before the start of the funding phase, you create an account with Stripe Technology Europe Ltd, 25-28 North Wall Quay, Dublin 1, Ireland. This account enables you to receive funds for your crowdfunding campaign. We collect the following data from you:
We provide a process that allows you to transfer and verify this payout information with Stripe. You can view the contract to be concluded with Stripe in advance here: Stripe Connect Account Agreement.
Stripe is certified to the highest industry standards and holds regulatory licenses worldwide. Stripe has stated that it has taken precautions to ensure a level of security appropriate to the risk associated with the processing of personal data and has taken organizational, technical and administrative measures to protect personal data within the company from unauthorized access, destruction, loss, alteration or misuse. Further information can be found in Stripe's privacy policy: https://stripe.com/de/privacy
The processing is carried out on the basis of Art. 6 para. 1 lit. b) GDPR, as it is necessary for the performance of the contract.
The collection and processing of your payout information serves to ensure the secure and proper disbursement of funds as part of your crowdfunding campaign.
Your data will be stored for as long as is necessary to process the payouts. In addition, statutory retention periods apply.
Premature deletion of the data is only possible if there are no legal or contractual obligations to store it. Your data is managed or changed via your Stripe account.
If you have any questions about data protection at Stripe or would like to exercise your rights, you can contact our data protection officer or contact Stripe directly: https://stripe.com/contact or by e-mail to privacy@stripe.com.
Social media platforms are integrated into our services via links. When you click on a social media link, the website of the respective social media provider is called up.
By accessing the social media website via our services, the respective provider receives reference data that shows that you have visited our website.
If you click on a social media link, your data may be processed by the respective provider in the USA.
The European Court of Justice (ECJ) considers the level of data protection in the USA to be inadequate. There is a risk that US authorities will process your data for monitoring and surveillance purposes, possibly without any legal protection for you.
Important: As long as you do not click on the links of the social media providers, no data transfer takes place.
You can find the data protection guidelines on the homepages of the respective providers. For example, you can find LinkedIn at https://www.linkedin.com/legal/privacy-policy.
Starter can decide for themselves which profiles they link to. These usually include, but are not limited to, Facebook, Instagram, YouTube, TikTok, Twitter and Twitch.
Social media platforms are integrated into our website via so-called "social plug-ins". These plug-ins enable social media providers to receive data from you when you visit our website. Below we explain exactly what data is processed and how the individual social media providers handle it.
We always use a so-called 2-click solution for integration. First, you will see a preview image stored locally with our hosting service provider. The social media plugin is only loaded when you click the play button on the preview image. On the preview image, we also inform you in advance about the social media plugin to be loaded via the provider's logo and a data protection notice.
We use Vimeo to integrate videos. The data processing is carried out jointly with: Vimeo Inc, 330 West 34th Street, 10th Floor, New York, New York 10001, USA.
When you access a page on our website with a Vimeo plugin (e.g. project details page), a connection to the Vimeo servers is established. Your browser automatically transmits information to Vimeo, including which page you have visited.
If you are logged in to Vimeo at the time of your visit, Vimeo assigns this information directly to your user account. When you start a video (e.g. click the play button), this information is also assigned to your account.
Further information on data protection can be found here.
Legal basis for data processing
The data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
Purpose of data processing
We use social media to make our company better known and to offer you the opportunity to interact with social networks. Through Vimeo you can stream videos directly on our website.
Duration of data storage
According to its own information, Vimeo only stores your personal data as long as you have an account with Vimeo. If you do not have an account, the data is stored anonymously so that the GDPR is no longer applicable.
Right to objection and erasure
You can withdraw your consent at any time. To do so, please contact our data protection officer.
To prevent data processing by Vimeo, you can:
You can make further settings and objections to the use of your data in the Vimeo profile settings. These settings are platform-independent and apply to all devices.
We use YouTube to integrate videos on our website. We are jointly responsible for data processing:
Normally, when you access a website with an embedded YouTube video, your browser already sends your IP address to YouTube and stores cookies on your device.
However, we have activated YouTube's extended data protection mode. This means that YouTube only sets cookies when you actively click on the video. If you are already logged in to YouTube, your video view will be linked to your user account.
You can find more information in YouTube's privacy policy.
Legal basis for data processing
The processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
Purpose of data processing
We use social media to make our company better known and to offer you the opportunity to interact with social networks.
Duration of data storage
According to Google, the data collected by YouTube is deleted after 9 to 18 months.
Right to objection and erasure
You can withdraw your consent at any time. To do so, please contact our data protection officer. To prevent data processing by YouTube, you can:
You can make further settings for data processing and use for advertising purposes in the YouTube profile settings. These settings apply to all your devices across all platforms.
We use SoundCloud, operated by SoundCloud Global Limited & Co KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany, to integrate audio material. When you visit a page with a SoundCloud component, your browser downloads the corresponding representation of SoundCloud.
If you start an audio file and are logged in to SoundCloud at the same time, SoundCloud recognizes which page you are visiting and assigns this information to your personal SoundCloud account. Activities such as pressing the "Play" button or leaving a comment are also linked to your account.
Legal basis for data processing
The processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
Purpose of data processing
The SoundCloud integration enables the playback of audio material directly on our website and improves the user experience.
Duration of data storage
The data is stored and processed by SoundCloud itself. You can find information on this in SoundCloud's privacy policy.
Possibility of removal by the data subject
To prevent the transmission and storage of data by SoundCloud, you must log out of SoundCloud before starting an audio file.
We use Spotify plugins, operated by Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden. These enable the streaming of audio material directly on our website via an iFrame. You can find an overview of the Spotify plugins at https://developer.spotify.com.
When you visit a subpage with a Spotify plugin, a connection to the Spotify servers is established as soon as you click the "Play" button. Spotify transmits information about your use of the stream and assigns it to your personal Spotify account if necessary.
Spotify also receives the information that you have visited our website.
Legal basis for data processing
The processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
Purpose of data processing
The integration of Spotify enables the direct playback of audio material on our website and improves the user experience.
Duration of data storage
The data is stored and processed by Spotify itself. You can find more information on this in Spotify's privacy policy.
Possibility of removal by the data subject
To prevent the transmission and storage of data by Spotify, you must log out of Spotify before starting an audio file.
We use various analysis tools to continuously improve our website. You can find out below which data is processed and how you can contact the respective service providers.
We use the web analysis service Matomo (formerly PIWIK). The data processing is carried out by: InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo is based in New Zealand, a third country with an adequate level of data protection, which has been certified by the EU Commission in accordance with Art. 45 (3) GDPR, EU decision on the level of protection.
Matomo uses cookies (see section on cookies above). The following data is collected:
The software runs exclusively on our servers. Your personal data is only stored there. This data is not passed on to third parties.
We have set Matomo so that IP addresses are anonymized (only 2 bytes are stored). This means that it is no longer possible to assign the IP address to your computer.
You can find more information on data protection at Matomo here: https://matomo.org/privacy/ and here https://matomo.org/privacy-policy/
Legal basis for data processing
Your data is processed on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
Purpose of data processing
Matomo helps us to analyze the use of our website in order to:
Duration of data storage
We only store your data for as long as is necessary. As soon as the purpose of the data processing has been fulfilled, your data will be blocked and deleted in accordance with our deletion concept, unless legal, official or contractual regulations prevent deletion.
Right to objection and erasure
You can withdraw your consent at any time. To do so, please contact our data protection officer.
How can you prevent tracking by Matomo?
Block cookies:
Important: If you prevent the setting of cookies, it is possible that not all functions of our website will be fully available. If you have any questions about data protection, you can contact Matomo directly: privacy@matomo.org
Our website uses Google Analytics, a web analytics service provided by Google LLC ("Google"). Data processing for the European Economic Area and Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Analytics uses cookies to analyze your use of our website. The data collected includes:
This information is transferred to a Google server in the USA and stored there.
Google analyzes your activities on our website and provides us with reports. Google may pass on the information collected to third parties if this is required by law or if third parties process data on behalf of Google.
Our Google tracking codes use the "_anonymizeIp()" function, which means that IP addresses are only processed in abbreviated form. This excludes the possibility of direct personal references.
You can find more information about Google Analytics and data protection here:
Legal basis for data processing
Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.
Our legitimate interest is to continuously optimize our website to meet your needs.
Purpose of data processing
By analyzing your surfing behavior, we can:
Thanks to the anonymization of the IP address, your interest in the protection of your personal data is taken into account.
Duration of data storage
The data collected is deleted after 512 days (approx. two years).
Right to objection and erasure
You can prevent the installation of Google Analytics cookies by selecting the appropriate settings on your browser:
Note: If you deactivate Google Analytics, you may not be able to use all functions of the website without restrictions. You can also deactivate tracking here.
We use Google Tag Manager to manage website tags via an interface. This allows us to integrate Google Analytics and other Google marketing services into our online offering. Important: The Tag Manager itself does not process any personal data.
You can find more information on the Google Tag Manager usage guidelines here.
We use third-party providers who help us with the page display and the functionality of the website. These are listed below:
We use the Zammad ticket system from Zammad GmbH, Marienstraße 11, 10117 Berlin, Germany, to process customer inquiries. When you contact us, your surname, first name, email address and optionally an attachment are recorded. The data is stored by Zammad in Germany.
Legal basis for data processing
The processing is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR. In addition, we have concluded an order processing contract (AVV) with Zammad.
Purpose of data processing
The processing of your personal data serves exclusively to process your request and to follow up on support requests.
Duration of data storage
Your data and message history will be stored for up to six months to enable follow-up questions and subsequent contact.
Right to objection and erasure
You can revoke your consent at any time, which will result in your data being deleted, provided there are no statutory retention obligations. Further information can be found in Zammad's privacy policy at https://zammad.com/de/datenschutz.
We use Cloudflare on our website to ensure secure and error-free use. Cloudflare acts as a content delivery network (CDN) and helps to optimize loading times and improve the security of the website.
To do this, Cloudflare creates log data, such as the number of page views. This data is used to detect attempted attacks and protect our website accordingly. The analysis usually takes place within a few minutes so that the security guidelines can be adjusted immediately.
According to our settings, Cloudflare processes personal data exclusively in data centers within the European Union. We use the Cloudflare Data Localization Suite for this purpose.
Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 US. More information on data protection at Cloudflare.
Legal basis for data processing
Data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. We have a legitimate interest in ensuring the secure use of our website. By using Cloudflare, we also comply with the principle of integrity and confidentiality of your data within the meaning of Art. 5 para. 1 lit. f) GDPR.
Purpose of data processing
The purpose of the data agreement corresponds to our legitimate interest in the confidentiality and integrity of our data processing and in ensuring the availability and full functionality of our website.
Duration of data storage
According to its own information, the raw data is usually deleted after four hours and at the latest after three days, provided that no legal regulations prevent deletion.
Right to objection and erasure
The website can only be displayed if the described data is processed. If you wish to object to the further processing of your data, please contact our data protection officer.
We use the New Relic software on our website to ensure stable technical platform operation. New Relic analyzes whether the website is accessible and how quickly it loads on your device. Technical error messages from your browser are transmitted anonymously to New Relic.
During your visit, your browser connects to the bam-cell.nr-data.net domain operated by New Relic. The IP address and browser type are transmitted. Cookies are not stored. The analysis is aggregated so that it is not possible to identify individual users.
Legal basis for data processing
The processing is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR in a stable and efficient website operation.
Purpose of data processing
New Relic is used to monitor platform performance, analyze errors and optimize loading times.
Duration of data storage
New Relic stores the transmitted data in accordance with the company's own data protection guidelines. You can find more information here: https://newrelic.com/termsandconditions/privacy.
Right to objection and erasure
As data collection is necessary for the technical operation of the platform, there is no direct option to deactivate it.
We use the services of the IT security service provider Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, Germany, to prevent fraud on our website. For this purpose, communication takes place exclusively between us and Risk.Ident to analyze fraud risks.
Risk.Ident uses cookies and tracking technologies to collect and process specific device-related data, raw data from the TCP/IP connection and usage data from our website. The user's IP address is collected but encrypted by Risk.Ident within a few seconds. This information is stored in a fraud prevention database.
Legal basis for data processing
The processing is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR to prevent fraud.
Purpose of data processing
The data collected is used to create a risk assessment, which we retrieve during the following processes:
The risk assessment is based on factors such as
This evaluation helps us to recognize and prevent fraud attempts at an early stage.
Duration of data storage
The storage period depends on Risk.Ident's internal data protection guidelines. However, the IP address is encrypted within a few seconds.
Right to objection and erasure
The use of Risk.Ident is required for fraud prevention, therefore there is no direct deactivation option.
If it becomes known that a person has committed or attempted to commit fraud, we transmit this information, including device-related data, to Risk.Ident.
You can find more information on data protection here.
We use the cloud storage service Dropbox Business, operated by Dropbox, Inc, 333 Brannan Street, San Francisco, CA 94107, USA, to upload videos for participation in the Launch Day. The data is stored on a server in the EU.
Data subjects are users who upload videos while logged in. Dropbox is the recipient of this personal data in the context of the aforementioned processing.
Legal basis for data processing
The processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
Dropbox is a member of the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.
Purpose of data processing
The use of Dropbox Business enables the secure storage and management of the uploaded videos required for participation in the Launch Day.
Duration of data storage
The storage period depends on Dropbox's internal guidelines and the requirements for carrying out the launch day.
Right to objection and erasure
The rights of persons affected by data processing at Dropbox, in particular the right to object, rectification, erasure and blocking, must be asserted against us. You can find more information about Dropbox's data protection here.
We use the chatbot software Chatbase on our website. The data processing is carried out by: Chatbase.co Inc, 4700 Keele Street, 215 Bergeron Centre, Toronto, ON, Canada, M3J 1P3. The service is based on ChatGPT and helps us to conduct automated conversations with users and answer their queries more quickly and easily.
While you are chatting with the chatbot, data such as the questions you enter and the answers you receive will be processed. In your own interest, please do not provide any personal data. The following data may be collected from you:
You can find more information about Chatbase in the privacy policy.
Legal basis for data processing
Contacting Chatbase and the associated disclosure of your data is voluntary. The data processing is therefore based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure pursuant to Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.
Purpose of data processing
The purpose of data processing is to offer users of our website a direct and fast means of communication and to allow them to ask us questions and make comments directly via the website chat.
Duration of data storage
The data collected will be deleted as soon as the purpose of the data processing has
been fulfilled and no legal, contractual or official regulations prevent deletion.
Right to objection and erasure
The rights of persons affected by data processing at Chatbase, in particular the right to object, rectification, erasure and blocking, must be asserted against us.
We use Typeform for questionnaires and forms. The provider is Typeform S.L., 163 Carrer de Bac de Roda, Barcelona, Spain. The provider processes content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses) in the USA.
The following data is processed for this purpose:
Optionally, different data is also processed, which you enter yourself depending on the form.
We have concluded an order processing contract (AV contract) with Typeform for the data protection-compliant use of your data. Typeform is ISO27001 and SOC2 certified. You can view the data processing agreement provided by Typeform and the privacy policy here.
Legal basis for data processing
Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.
Purpose of data processing
We use the forms hosted by Typeform to ensure better contact from you and therefore better answers for you.
Duration of data storage
The data will be deleted as soon as the purpose of the data processing has been achieved and no contractual, official or legal regulations prevent deletion.
Right to objection and erasure
The rights of data subjects affected by data processing at Typeform, in particular the right to object, rectification, erasure and blocking, must be asserted against us.
To enable starters to fulfill their obligations arising from the fulfillment of the contracts concluded for the support of their project, starters conclude an order processing contract (dpa) with us. This enables us to collect all data necessary for the fulfillment of the contracts (e.g. delivery address) and make it available to the starters. The complete provision of this data is subject to a successful crowdfunding project, see section 6 of our TOUsection 6 of our TOU. Until then, starters only have limited access to this data and only see the first and last name as well as the date and amount of support.
The legal basis for the associated data processing is Art. 6 para. 1 lit. a) GDPR (consent) and Art. 6 para. 1 lit. b) GDPR, i.e. the processing of the data is necessary for the fulfillment of the contracts concluded through a support.
Starters do not receive any payment information (e.g. credit card details, account numbers) or sensitive personal data of supporters.
In order to be able to provide our services, we use the support of service providers from third party countries (non-EU countries). In order to ensure the protection of your personal data in this case, we conclude processing contracts with each - carefully selected - service provider. All of our processors provide sufficient guarantees to implement appropriate technical and organizational measures. Our third country data processors are either located in a country with an adequate level of data protection (Art. 45 GDPR) or provide appropriate safeguards (Art 46 GDPR).
The provider comes from a country whose adequate level of data protection has been recognized by the EU Commission. You can find more information here.
Our provider has submitted to the EU standard contractual clauses to ensure secure data transfer. You can find more information here.
Article 47 of the GDPR provides the possibility of ensuring data protection when transferring data to a third country via Binding Corporate Rules. These are examined and approved by the data security authorities within the framework of the consistency mechanism pursuant to Art. 63 GDPR.
In addition, a data transfer to a third country without an adequate level of protection will only take place if you have given us your consent in accordance with Art. 49 sec. 1 lit. a) GDPR for this purpose.
Short version (detailed version below)
Right to withdraw a given consent (Art. 7 GDPR): If you have given us your consent to process your data, you can withdraw this at any time.
Right of access (Art. 15 GDPR): You can request information about what data we have stored about you.
Right to rectification and erasure (Art. 16, 17 GDPR): If your data is incorrect or no longer required, you can request that it be corrected or deleted.
Right to restriction of processing (Art. 18 GDPR): Under certain circumstances, you can request that we only process your data to a limited extent.
Right to information (Art. 19 GDPR): If you exercise your right to rectification, erasure, or restriction of processing, we will inform all recipients of your data, unless this is impossible or requires disproportionate effort.
Right to data portability (Art. 20 GDPR): You can request that we provide you with your data in a commonly used format.
Right to object (Art. 21 GDPR): You can object to the processing of your data if it is based on legitimate interests.
Right to lodge a complaint with supervisory authority (Art. 77 GDPR): If you believe that the processing of your data violates the GDPR, you can lodge a complaint with a data protection authority.
Right to withdraw a given consent (Art. 7 GDPR)
If you have given your consent to the processing of your data, you can withdraw it at any time. This will affect the admissibility of processing your personal data by us for the time after you have withdrawn your consent. To withdraw your consent, contact us personally or in written form.
Right of access (Art. 15 GDPR)
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to your personal data and the following information:
In the case of such a request, you must provide enough information about your identity to proof that the request concerns your own personal data.
Right to rectification and erasure (Art. 16, 17 GDPR)
You have the right to obtain from us without undue delay the rectification and completion of inaccurate personal data concerning yourself.
You may also request the erasure of your personal data if any of the following applies to you:
Where we made the personal data public and are obliged to erase the personal data pursuant to Art. 17 para. 1 GDPR, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
These rights shall not apply to the extent that processing is necessary:
Right to restriction of processing (Art. 18 GDPR)
You shall have the right to obtain from us restriction of processing where one of the following applies:
Where processing has been restricted under the aforementioned conditions, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the limitation of the processing is restricted, you will be informed by us before the restriction is lifted.
Right to information (Art. 19 GDPR)
If you have asserted us your right to rectification, erasure or restriction of data processing, we will inform all recipients of your personal data to correct, delete or restrict the processing of data, unless this proves impossible or involves disproportionate effort.
You also have the right to know which recipients have received your personal data.
Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format. Also, you have the right to transmit those data to another controller, where
In exercising your right to data portability, you have the right to obtain that personal data transmitted directly from us to another controller, as far as technically feasible. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been delegated to us.
Right to object (Art. 21 GDPR)
Where we based the processing of your personal data on a legitimate interest (Art. 6 para. 1 s. 1 lit. f) GDPR), you may object to the processing. The same applies if the data processing is based on Art. 6 para. 1 s. 1 lit. e).
In this case, we ask you to explain the reasons why we should not process your personal data. Based on this we will terminate or adapt the data processing or show you our legitimate reasons why we continue the data processing.
Right to lodge a complaint with supervisory authority (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the infringes of the GDPR.
The supervisory authority to which the complaint has been submitted shall inform you of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.
We reserve the right to change this privacy policy in compliance with legal requirements.
February 2025