Data protection

Contents

• General notes and mandatory information 
• Your rights as a data subject 
• Website 
• Social media
• Events 
• Webinar/ online event 
• Contact options 
• Business communication and initial contact 
• Nextcloud data processing 

General notes and mandatory information 

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in compliance with the statutory data protection regulations and this Privacy Statement. 

Various personal data will be collected when you use this website. Personal data are data that can be used to identify you personally. This Privacy Statement explains which data we process. It also explains how and for what purpose this occurs. 

Controller 

The controller for the collection, processing and use of your personal data within the GDPR meaning is: 

VDI Technologiezentrum GmbH 
Managing Director Sascha Hermann 
VDI-Platz 1 
40468 Düsseldorf, Germany 

Email: vditz@vdi.de 
Tel.: +49 (0) 211 62 14-4 01 

Should you wish to object to our collection, processing or use of your data in line with these data protection provisions either completely or with respect to individual measures, you can address your objection to the controller mentioned above. 

You can save and print this Privacy Statement at any time. 

Retention period 

Unless a more specific retention period has been specified within this Privacy Statement, we will retain your personal data until the purpose for data processing ceases to be valid. Should you make a legitimate erasure request or revoke your consent to data processing, your data will be erased unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons have ceased to exist. 

General information on the legal basis of data processing on this website 

If you have consented to the processing of your personal data, we process your personal data based on Art. 6, 1. (a) GDPR or Art. 9, 2. (a) GDPR, in the case of special data categories pursuant to Art. 9, 1. GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also performed based on Art. 49, 1. (a) GDPR. If you have consented to the storage of cookies or to us accessing information in your device (e.g. via device fingerprinting), data processing is additionally carried out based on Section 25, para. 1 TDDG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (German law regulating data protection and privacy in telecommunications and digital services). Such consent is revocable at any time. If your data are required for the performance of a contract or to take steps prior to entering into a contract, we process your data based on Art. 6, 1. (b) GDPR. We furthermore process your data, insofar as this is necessary for fulfilment of a legal obligation, based on Art. 6 (1) (c) GDPR. Data processing may also be performed based on our legitimate interest pursuant to Art. 6, 1. (f) GDPR. The following sections of this Privacy Statement will inform you of the legal bases applicable in each individual case. 

Data protection officer at VDI Technologiezentrum GmbH 

We welcome your feedback if you have any questions or comments with regards to our processing of your personal data. You can contact our data protection officer as follows: 

TÜV SÜD Akademie GmbH 
Email: datenschutz-tz@vdi.de 

Your rights as a data subject 

Revocation of your consent to data processing 

Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. The legality of data processing performed prior to your revocation remains unaffected by such revocation. 

Right to object to data processing (Art. 21 GDPR) 

Should data processing be based on Art. 6, 1. (e) or (f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. Please refer to this Privacy Statement for the legal basis on which processing is based. Should you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims (objection pursuant to Art. 21, 1. GDPR). 

If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing. Should you object, your personal data will then no longer be used for direct marketing purposes (objection pursuant to Art. 21, 2. GDPR). 

Right to lodge a complaint with the competent supervisory authority 

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies. 

The supervisory authority responsible in our case is: 

State Commissioner for Data Protection and Freedom of Information 
North Rhine-Westphalia  
Postbox 20 04 44  
40102 Düsseldorf  

Phone.: +49 211 38424-0  
Fax: +49 211 38424-999  
Email: poststelle@ldi.nrw.de  

Right to data portability 

You have the right to have data that we process automatically based on your consent or in performance of a contract provided to you or to a third party in a common, machine-readable format. Should you request direct transfer of the data to another controller, this will only occur if it is technically feasible. 

Information, erasure and rectification 

You have the right at any time within the scope of the applicable statutory provisions to obtain free information regarding your retained personal data, its origin and recipient and the purpose of data processing and, as necessary, a right to rectification or erasure of such data. You can contact us at any time regarding this and if you have any further questions on the topic of personal data. 

Right to restriction of processing 

You have the right to request the restriction of processing of your personal data. You can contact us at any time regarding this. The right to restrict processing exists in the following cases: 

If you dispute the accuracy of your personal data that we retain; we usually need time to verify this. You have the right to request restriction of processing of your personal data for the duration of such verification. You can request restriction of data processing instead of erasure if the processing of your personal data has been/is unlawful. You have the right to request restriction of processing of your personal data instead of erasure if we no longer need your personal data, but you need it to exercise, defend or assert legal claims. A balance must be made between your and our interests if you have lodged an objection pursuant to Art. 21, 1. GDPR. You have the right to request restriction of processing of your personal data as long as it remains unclear whose interests prevail. 

Should you have restricted the processing of your personal data, such data – with the exception of retention – may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or to protect the rights of another natural or legal person or for reasons of significant public interest of the European Union or of a Member State. 

Processing agents 

To the extent necessary, we have entered into a processing agency contract (Vertrag über Auftragsverarbeitung – AVV) regarding use of the services mentioned herein. This is a contract subject to data protection law which ensures that our data subjects' personal data are processed in compliance with the GDPR. We accordingly oblige our processing agents, among other things, to treat your data exclusively in accordance with our instructions and the applicable data protection laws. They are in particular obliged to treat your data in strict confidence. They are also prohibited from processing the data for purposes other than those that have been agreed. 

We transfer data to processors based on Art. 28, 1. GDPR. 

Website 

Server log files 

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: 

• Browser type and browser version 
• Operating system used 
• Referrer URL 
• Host name of the accessing computer 
• Time of the server request 
• IP address 

The data are not merged with other data sources. 

These data are collected based on Art. 6, 1. (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – the server log files need to be recorded for this purpose. 

Encryption 

Your data will only be transferred from the browser to the web server following encryption. We use an SSL certificate for this. 

Web analytics 

This website uses Matomo, the open source web analytics service. 

Matomo enables us to collate and analyse data regarding how visitors use our website. This allows us to learn, among other things, when which page views were made and the region from which they originate. We also collate various log files (e.g. IP address, referrer, browser version and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.). 

Our use of this analysis tool is based on Art. 6, 1. (f) GDPR. The website operator has a legitimate interest in the analysis of user behaviour to optimise both its website and its advertising. Insofar as corresponding consent has been granted, the processing occurs exclusively based on Art. 6, 1. (a) GDPR and Section 25 para. 1 TDDDG, insofar as such consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Such consent is revocable at any time. 

IP anonymisation 

We use IP anonymisation when deploying Matomo for analysis. Your IP address is shortened prior to analysis so that it can no longer be uniquely assigned to you. 

Cookie-free analysis 

We have configured Matomo so that Matomo does not store cookies in your browser. 

Hosting 

We exclusively host Matomo on our own servers, so all analysis data remains with us and is not shared. 

Cookies 

Our internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your device. They are either stored on your device temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser. 

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies allow the inclusion of certain third-party services within websites (e.g. payment service processing cookies). 

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies may be used to evaluate user behaviour or for advertising purposes. 

Cookies that are necessary to implement the electronic communication process, to provide certain functions you wish to use (e.g. the shopping cart function) or to optimise the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored based on Art. 6, 1. (f) GDPR, unless another legal basis is specified. 
The website operator has a legitimate interest in the storage of necessary cookies for technically error-free and optimised provision of its services. Insofar as consent to the storage of cookies and comparable recognition technologies has been granted, the processing occurs exclusively based on this consent (Art. 6, 1. (a) GDPR and Section 25 (1) TDDDG); such consent can be revoked at any time. 

You can set your browser to ensure that you are notified about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when the browser is closed. The functionality of this website may be restricted if cookies are disabled. 

Our Privacy Statement also explains which cookies and services are used on this website. 

Consent via Cookiebot 

Our website uses Cookiebot consent technology to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document them in compliance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark ("Cookiebot"). 

A connection is established to Cookiebot servers when you access our website to obtain your consent and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser to enable it to assign to you the consents granted or their revocation. The data collected in this way will be retained until you ask us to erase it, delete the cookie yourself or the purpose for retaining the data is no longer valid. Mandatory statutory retention obligations remain unaffected. 

Cookies are used to obtain the legally prescribed consent for the use of cookies. The legal basis for this is Art. 6, 1. (c) GDPR. 

Plug-ins and tools 

Google Fonts (local hosting) 

This website uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. These Google Fonts are installed locally. A connection to Google servers is not established. 

For more information on Google Fonts, please visit developers.google.com/fonts/faq and read Google's Privacy Statement: 
https://policies.google.com/privacy?hl=en. 

Google Maps 

This page uses the Google Maps map service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. 

It is necessary to save your IP address for Google Maps to function. This information is usually transmitted to and stored on a Google server in the United States. The provider of this website has no influence on this data transfer. Google can use Google Fonts to uniformly present fonts if Google Maps is enabled. Your browser loads the required web fonts into its browser cache to display texts and fonts correctly when you access Google Maps. 

The use of Google Maps is in the interest of an appealing presentation of our online services and helps you to easily find the places we refer to on our website. This constitutes a legitimate interest in the meaning of Art. 6, 1. (f) GDPR. Insofar as a corresponding consent has been granted, the processing occurs exclusively based on Art. 6, 1. (a) GDPR and Section 25 para. 1 TDDDG insofar as such consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Such consent is revocable at any time. 

Data transmission to the USA is based on the standard contractual clauses adopted by the EU Commission. Details can be found here: 
privacy.google.com/businesses/gdprcontrollerterms/ and privacy.google.com/businesses/gdprcontrollerterms/sccs/. 

For more information on how user data is handled, please see the Google Privacy Statement: https://policies.google.com/privacy?hl=en​​​​​​​. 

Social media 

VDI Technologiezentrum GmbH maintains several online presences within social networks and platforms, including X and LinkedIn. This gives us the opportunity to communicate with active users and inform them about our service portfolio. This is the purpose for which VDI Technologiezentrum GmbH uses the technical platforms and services offered by such operators. The respective operators' own privacy statements apply within social networks and on other external platforms, even if we distribute information and maintain a presence there. 

Please note that you use the social networking and platform services offered there, as well as their functions, at your own responsibility. This applies in particular to the use of interactive functions (e.g. comments, sharing, rating, etc.). The data collected about you in this context will be processed by those platform operators and may as necessary be transferred to countries outside the European Union. The information received by these operators and how it is used are described in general terms in their respective privacy policy. Each platform also contains information on how to contact the operators and how to adjust advertisement settings. 

• On Instagram: https://privacycenter.instagram.com/policy
• On LinkedIn: www.linkedin.com/static 
• At X: www.x.com/en/privacy
• At Xing: https://privacy.xing.com/en/privacy-policy 

These social network operators do not conclusively and clearly specify how they use the data from visiting the respective website for their own purposes, to what extent activities on the s are assigned to individual users, how long these data are retained and whether data from a visit to the respective website is passed on to third parties and these aspects are therefore not known to us. 

X 

This website integrates functions of the X service. These features are offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. 

A direct connection is established between your end device and the X server when the social media element is active. X will receive information about your visit to this website. Using X and the "Re-tweet" function means that the websites you visit will be linked to your X account and shared with other users. Please note that we, as a website provider, are not made aware of the data content transmitted by X or how it is used. For more information, please refer to X's privacy statement at: www.x.com/en/privacy. 

Insofar as consent has been obtained, the above-mentioned service is used based on Art. 6, 1. (a) GDPR and Section 25 TDDDG. Such consent is revocable at any time. Should consent not have been obtained, use of the service is based on our legitimate interest in the broadest possible visibility on social media. 

Data transmission to the USA is based on the standard contractual clauses adopted by the EU Commission. Details can be found here: https://gdpr.x.com/en/controller-to-controller-transfers.html. 

You can change your privacy settings on X in the account settings at https://x.com/settings/account. 

LinkedIn 

Our website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. 

A connection to LinkedIn servers is established each time you access a page from our website that contains LinkedIn elements. Your IP address notifies LinkedIn that you have visited our website. LinkedIn is able to associate your visit to our website with you and your user account if you click on the LinkedIn "Recommend" button and are logged into your LinkedIn account. Please note that we, as a website provider, are not made aware of the data content transmitted by LinkedIn or how it is used. 

Insofar as consent has been obtained, the above-mentioned service is used based on Art. 6, 1. (a) GDPR and Section 25 TDDDG. Such consent is revocable at any time. Should consent not have been obtained, use of the service is based on our legitimate interest in the broadest possible visibility on social media. 

Data transmission to the USA is based on the standard contractual clauses adopted by the EU Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190?lang=en-US

For more information, please refer to LinkedIn's privacy statement at: https://www.linkedin.com/legal/privacy-policy. 

XING 

Our website uses elements of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. 

A connection to XING servers is established each time you access a page from our website that contains XING elements. We do not believe that personal data will be stored. IP addresses in particular are not stored nor is usage behaviour evaluated. 

Insofar as consent) has been obtained, the above-mentioned service is used based on Art. 6, 1. (a) GDPR and Section 25 TDDDG. Such consent is revocable at any time. Should consent not have been obtained, use of the service is based on our legitimate interest in the broadest possible visibility on social media. 

Further information on data protection and the XING Share button can be found in XING's privacy statement at: https://privacy.xing.com/en/privacy-policy. 

Events  

We need personal data from you if you would like to register for one of our events. The purpose of processing your personal data is to conduct the event and to provide (subsequent) material/documents as necessary. 

Your personal data will be processed and used for the event as follows: 

• Your contact details for registering at the event 
•  If associated with an overnight stay, your arrival and departure dates, any preferences and payment information, if applicable 
• If catering is provided, details of any intolerances and/or allergies as well as food choices, as required  
• Data regarding disabilities and other physical restrictions that may be required to make participation as comfortable as possible and to organise any necessary measures.  

The data required for your invitation or registration at the event will be taken from our central MAILINGWORK database or will be provided by you if you are not yet in a customer relationship with us. Any other data required to conduct the event will be provided by you if you decide to participate in the event. The legal basis for such processing is Art. 6, 1. (b) GDPR (contractual basis), or Art. 6, 1. (f) GDPR with regard to the information you voluntarily provide. 

You will receive invitations to events via email. We may for this purpose use MAILINGWORK, a service provided by Mailingwork GmbH, Schönherrstraße 8, 09113 Chemnitz, Germany. We have concluded a corresponding data processing agreement with Mailingwork. You can read Mailingwork's privacy policy at https://mailingwork.de/datenschutzerklaerung.  

Your data will only be processed in the context of the event and will not be stored for more than 1 year after the event has ended, unless we are legally obliged to retain the data for a longer period. Your personal data will be erased once the data retention period has expired (based on the applicable regulations and/or processes). 

Event registration forms via MAILINGWORK 

We offer you the opportunity to register for our events online. Your personal data will be stored in a form, which we provide via our service provider Mailingwork, (Mailingwork GmbH, Schönherrstraße 8, 09113 Chemnitz). 

For the registration and participation in our events, the following personal data will be processed by you: 

• Name 
• First name 
• Email  
• Salutation 
• Title 
• Company 
• Position 

The processing of your personal data is based on Art. 6, 1. (b) GDPR (contractual relationship). Your personal data will not be transmitted to third parties. Your data will be erased after one year at the latest, provided that this is not prevented by legal retention periods. 

Live polls 

Live polls may be conducted during our events. This involves us using the Slido service provided by sli.do s.r.o., Vajnorská 100/A, 831 04 Bratislava, Slovakia. Participation in these polls is voluntary. The legal basis for such data processing is Art. 6, 1. (a) GDPR. Such processing of personal data concerns your IP address, the browser with which you visit the website, the time and date of your visit and of course the content of the information you provide. Slido also creates a session identifier and maps that session identifier to the information you provide to us. You will however remain anonymous to us and sli.do despite this session identifier unless you voluntarily provide your name or other unique information that enables you to be identified. You can revoke your consent at any time. Revocation of your consent does not affect the lawfulness of processing your data performed based on your consent prior to revocation. 

Webinar/ online event 

Data processing 

We use other online conferencing tools to communicate with our customers. The specific tools we use are listed below. When you communicate with us via internet video or audio conferencing, your personal data will be collated and processed by us and the provider of the respective conference tool. 

These conference tools collate all the data you provide when using the tools (email address and/or your phone number). The conference tools also process the duration of the conference, the start and end (time) of your participation in the conference, the number of participants and other "contextual information" related to the communication process (metadata). 

The tool provider furthermore processes all the technical data that is required to manage online communication. This includes, but is not limited to, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker and the type of connection. 

Content that is exchanged, uploaded or otherwise provided within the tool will also be stored on the tool provider's servers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemail, uploaded photos and videos, files, whiteboards, and other information shared while using the service. 

Please note that we cannot exert full influence over the data processing operations of the tools that are used. Our options are based on the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy statements of the respective tool providers, which are listed below. 

Purpose and legal bases 

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6, 1. (b) GDPR). Use of these tools moreover generally simplifies and accelerates communication with us or our company (legitimate interest in the meaning of Art. 6, 1. (f) GDPR). Insofar as consent has been granted, use of the relevant tools is based on this consent; such consent can be revoked at any time with effect for the future. 

Retention period 

Data we directly collate via the video and conference tools will be erased from our systems as soon as you request us to erase them, revoke your consent to their retention or the purpose for data retention is no longer valid. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected. 

We have no influence over the retention period relating to your data, that is stored by the operators of the conference tools for their own purposes. Please contact the conference tool operators directly to obtain details. 

Conference tools used 

We use the following conference tools: 

Zoom 

We use Zoom. The provider of this service is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on its data processing, please refer to Zoom's privacy statement: https://explore.zoom.us/en/privacy/. 

Data transmission to the USA is based on the standard contractual clauses adopted by the EU Commission. Details can be found here: https://explore.zoom.us/en/privacy/. 

TeamViewer 

We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. For details on its data processing, please refer to TeamViewer's privacy statement: www.teamviewer.com/de/datenschutzerklaerung/. 

GoToMeeting 

We use GoToMeeting. The provider is LoMeIn, Inc., 320 Summer Street Boston, MA 02210, USA. For details on its data processing, please refer to GoToMeeting's privacy statement: https://www.goto.com/company/legal/privacy/us.

Data transmission to the USA is based on the standard contractual clauses adopted by the EU Commission. Details can be found here: logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf. 

Microsoft Teams 

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on its data processing, please refer to the Microsoft Teams privacy statement: https://privacy.microsoft.com/en-gb/privacystatement. 

BigBlueButton 

We use BigBlueButton. If you communicate with us via BigBlueButton, all data associated with this communication process will be processed exclusively on servers within the European Union or a third country that is secure under data protection law. 

WebEx 

We use WebEx. The provider of this service is WebEx Communications Deutschland GmbH, Hansaallee 249 c/o Cisco Systems GmbH, 40549 Düsseldorf, Germany. 

It cannot be ruled out that the data processed via WebEx will be transferred to third countries (e.g. the USA). WebEx has adopted Binding Corporate Rules (BCRs) approved by Dutch, Polish, Spanish and other relevant European data protection regulators. These are binding corporate rules that legitimise corporate data transmission to third countries outside the EU and the EEA. You can find details here: https://www.cisco.com/c/en/us/about/trust-center/global-privacy-policy.html. 

For details on its data processing, please refer to the WebEx privacy statement: https://www.cisco.com/c/en_uk/about/legal/privacy-full.html. 

Contact options 

Contact form 

Should you send us enquiries via the contact form, we will retain your details from the enquiry form including the contact details you provide there for the purpose of processing the enquiry and to deal with any follow-up questions. We will not disclose these data without your consent.  

We can occasionally use external service providers to provide our contact forms. We use "MAILINGWORK", a service provided by Mailingwork GmbH, Schönherrstraße 8, 09113 Chemnitz, Germany. We have concluded a corresponding processing agency contract.  

Processing of these data is performed based on Art. 6, 1. (b) GDPR if your request is related to the performance of a contract or is necessary to take steps prior to entering into a contract. Processing in all other cases is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6, 1. (f) GDPR) or on your consent (Art. 6, 1. (a) GDPR) if this has been granted; such consent can be revoked at any time. 

The data entered by you in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage is no longer applicable (e.g. after completion of processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.  

Request by e-mail, telephone or fax 

If you contact us by e-mail, telephone or fax, your request including all personal data resulting from it (name, request) will be stored and processed by us for the purpose of processing your request. We will not disclose these data without your consent. 

The processing of these data is performed based on Art. 6, 1. (b) GDPR if your request is related to the performance of a contract or is necessary to take steps prior to entering into a contract. Processing in all other cases is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6, 1. (f) GDPR) or on your consent (Art. 6, 1. (a) GDPR) if this has been granted; such consent can be revoked at any time. 

We will retain the data you send to us via contact enquiries until you request their deletion, revoke your consent to retention or the purpose for data retention is no longer valid (e.g. once your enquiry has been fully processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected. 

Business communication and initial contact 

We will exchange information via various communication channels in the course of our business contact or to perform our project mandate.  

We therefore process your data for the purpose of communicating with you in responding to your enquiries, for the unilateral provision of information, or for the establishment, implementation and modification of the contractual relationship based on Art. 6, 1.(a) or (b) GDPR and only insofar as this is necessary for processing. To the extent that this communication is necessary for the performance of a task carried out in the public interest, the legal basis is Art. 6, 1. (e) GDPR. Insofar as it concerns information that we are obliged to provide to you, the processing is performed based on Art. 6, 1. (c) GDPR. 

We may offer consulting services in advance or in parallel in the context of various project activities. Processing of your (business) contact details will be necessary on a regular basis to enable us to help you with the likes of technical, legal, or business aspects regarding funding behaviour. It may also be necessary to collect further personal data to ensure individual and effective support.  

The contact information we use may come from a variety of sources, including business cards provided to us, information publicly available via the internet, or lists purchased from third parties. Your data was collected directly from you in most cases. The legislator has decreed a variety of retention periods and obligations. The corresponding data will be routinely erased once these deadlines have expired. Insofar as data is unaffected by this, they will be erased or anonymised if the purposes specified in this Privacy Statement cease to apply. 

Processing of business cards and other contact data 

We continue to process personal data that we receive from you in the context of your contact, e.g. in the form of a business card during an event. There is also the possibility to network directly with us via a digital business card. We use Lemontaps, a service provided by Lemon Innovation & Technology GmbH, Seyfferstraße 34, 70197 Stuttgart, Germany.  

Processing your personal data occurs as far as this is necessary for the performance of a contract to which you are a party, to take steps at your request prior to entering into a contract, for other business relationships or to pursue our legitimate interests in the presumed desired contact. Insofar as the processing is necessary for the performance of a contract or to take steps prior to entering into a contract, the legal basis is Art. 6, 1. (b) GDPR. Should this not be the case, the processing of your personal data occurs to safeguard legitimate interests pursuant to Art. 6, 1. (f) GDPR. Insofar as you have given us consent to the processing of personal data for specific purposes, the lawfulness of such processing is based on your consent (Art. 6, 1. (a) GDPR).  

We process and retain your personal data to the extent necessary for subsequent contact. It may therefore be necessary to digitise the personal data you have provided to us (e.g. from business cards).  

The personal data we collect during an event will be stored for the duration of the business relationship (Art. 6, 1. (b) GDPR) and subsequently erased unless we are obliged to retain them for longer due to retention and documentation restrictions (e.g. under HGB, StGB or AO) or if there is a legitimate interest in retention pursuant to Article 6, 1. (f) GDPR or if you have given consent to the processing of your personal data for one or more specific purposes pursuant to Art. 6, 1. (a) GDPR. Your data will be promptly erased as soon as retention of the data is no longer required for performance of the aforementioned retention purposes or you object to it.