Data protection at BayStartUP

BayStartUP takes the protection of your personal data very seriously and adheres strictly to the rules of data protection laws. Personal data is only collected on this website if you use our services described below or if we have a legitimate interest in processing your data (e.g. website provision and analysis). Under no circumstances will the collected data be sold.

If you have any questions, you can contact us:

BayStartUP GmbH
Am Tullnaupark 8
D-90402 Nuremberg

Phone: 0911 13 13 97-30
e-mail: infobaystartupde

We have appointed an external data protection officer who regularly checks the security of your data and is available to answer questions about data protection.

You can contact him at: dsbbaystartupde (e-mail with automatic forwarding to the data protection officer)

The following declaration gives you an overview of the collection and treatment of your data.

Data processing on this website

BayStartUP.de automatically collects and stores in its server log files information that your browser sends to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

BayStartUP is not able to assign this data to specific persons. It is used for the technical provision of the website and must therefore be collected in our legitimate interest in order to provide you with a stable and secure website. Legal basis for this is Art. 6 para. 1 p. 1 lit. f) DSGVO.

The data will be deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the purpose of providing the website, this is the case when the respective session has ended.

In the case of storage of the data in log files, this is the case after 7 days at the latest. A storage beyond this is possible if this is necessary due to a legitimate interest of the operator of the site, to prevent misuse, to ensure data security and to avert danger or due to legal regulations.

Your contact with us

When you contact us by e-mail, the data you provide (your e-mail address, your name, if applicable, or other data provided voluntarily by you) will be stored by us to answer your questions. We delete the data processed in this context after the storage is no longer necessary, or we restrict the processing if there are legal storage obligations.

We will not pass on this data without your consent.

The legal basis for the processing of the data, if the user has given his consent, is Art.6 paragraph 1 lit.a DSGVO.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art.6 para.1 lit.f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art.6 para.1 lit.b DPA.

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.

The revocation of the consent and the objection against the storage can be carried out as follows:

By e-mail to infobaystartupde

By letter to: an:                       

BayStartUP GmbH
Am Tullnaupark 8
D-90402 Nuremberg

The revocation of consent or objection must indicate which person wishes the personal data to be deleted or revokes their consent.

If only certain data are to be deleted or only a certain consent is to be revoked, this must be indicated. Without such a restriction, all consents will be regarded as revoked and all personal data deleted.

Cookies

In addition, cookies are stored on your computer when you use the website. Cookies are small text files that are stored on your hard drive and through which we receive certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective for you.

Transient cookies are set on the website. These are automatically deleted when you close the browser. These include in particular session cookies, which make it possible to assign different requests from your browser to the same session by means of a session ID. These cookies allow us to process your contact form information. Tracking across websites does not take place. The cookies we set are used exclusively to provide the website. In addition, the website uses persistent cookies, which are automatically deleted after a specified time, which may vary depending on the cookie. You can delete these cookies in the settings of your browser at any time.

Cookie Consent with Usercentrics

This website uses Usercentrics' cookie-content-technology to obtain your consent to the storage of certain cookies on your terminal device and to document this consent in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter referred to as "Usercentrics").

When you enter our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your end device
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie itself or until the purpose for which the data is stored no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c DSGVO.

Contract on order processing

We have concluded a contract for order processing with Usercentrics. This is a contract which is required by data protection law and ensures that Usercentrics processes the personal data of our website visitors only in accordance with our instructions and in compliance with the DSGVO.

Registration for events

If you have provided us with personal data in order to participate in events, we will store and use this information exclusively for the purpose of holding the events. If you register for an event, you will be included in the e-mail distribution lists relevant for participants. It is in our interest to enable you to participate smoothly in the events and to send you relevant e-mails. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f DSGVO and §7 para. 3 UWG. You can object to the continuation of your e-mail in the distribution list at any time.

Should you have decided to receive the free newsletter or invitations when registering for the event, the e-mail address will also be stored and used for this purpose. The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO.

Your data will be stored by us until the end of the event and then deleted subject to legal retention periods.

You can revoke your consent to the storage of your personal data and to the use of the data for sending a newsletter and event information at any time by sending an e-mail to: infoBayStartUPde

Save and delete data

Participants Business Plan Competitions

BayStartUp GmbH regularly organizes business plan competitions and invites young entrepreneurs in Bavaria to present their ideas to a selected jury. For the realization of the competition we need a name, the address with postal code and at least one team e-mail address from all team members. Other data may also be required depending on the competition and will be requested in connection with it if necessary. The execution of the business plan competitions is one of the central tasks of BayStartUp GmbH and a legitimate interest according to Art. 6 para. 1 p. 1 lit. f. DSGVO.

You will also automatically be included in an e-mail distribution list relevant to the business plan competitions. We want to use this to send you current information on your competition as well as on similar competitions and events. You can object to the continuation of your e-mail address in the distribution list at any time.

Your data will be stored and processed by us until the end of the competition and then deleted subject to statutory retention periods.

Investor Network

f you decide to join our investor network, we store the e-mail address, name and telephone number of all contact persons. We use this data to connect you with interesting teams and to fulfill our legitimate interest in providing our competition participants and you with a long-term partnership. The legal basis for this is Art. 6 para. 1 p. 1 lit. f. DSGVO.

We will delete the data of the contact persons immediately if you inform us of any changes.

Jurors

For the execution of our business plan competitions we are regularly looking for experienced jurors to help us conduct the competition and evaluate the submitted business plans. For this purpose, we collect the name, e-mail address, telephone number and a brief introduction of yourself from our jurors. In the course of the competitions, it may happen that we publish personal data (name, short CV) of a juror, as is usually the case with jurors. This is done in our legitimate interest in holding the competitions and is based on art. 6 par. 1 p. 1 lit. f. DSGVO.

Jurors who do not wish their data to be published can contact us at any time and we will refrain from publishing their data if it is not absolutely necessary.

We usually store your data for one year before we contact you again and ask if you are still interested in the activity.

Newsletter

If you would like to receive the newsletter offered on the website, we require a valid email address from you as well as information that allows us to verify that you are the owner of the email address provided or that the owner of the email address agrees to receive the newsletter (so-called double opt-in procedure). Furthermore, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible abuse of your personal data.

The provision of additional data is voluntary and is used to address you personally. The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO.

In addition, we send our partners a newsletter with relevant content and information on events, if necessary, after weighing up the interests between our cooperation status and the interests of the contact person worthy of protection. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f DSGVO.

You can revoke your consent to the storage of the person's personal data and to the use of the data for sending a newsletter and event information at any time, for example by sending an e-mail to: infobaystartupde, by clicking on the link provided in each newsletter e-mail or by sending a message to the contact data provided in the imprint.

Delete your data

Please send an email to infobaystartupde if you would like us to irrevocably delete all of your data stored in our system.

Online services

Fonts

We use external fonts on our website for a harmonious presentation of the content and to provide a modern looking website. These fonts are loaded from external servers in order to reduce the loading time of the website for repeated calls.

This processing of your data is based on our legitimate interest in making the website available efficiently, securely and with low maintenance in accordance with Art. 6 para. 1 sentence 1 lit. f) DSGVO.

We use fonts of the following providers:

  • Monotype Imaging Holdings Inc. with headquarters in Delaware and 600 Unicorn Park Drive, Woburn, MA 01801, USA (https://www.monotype.com/de), hereinafter referred to as "Monotype
  • Fonticons, Inc., 307 S. Main St., Suite 202, Bentonville, AR 72712, USA (https://fontawesome.com), hereinafter "FontAwesome".

When you load our website, the providers will know which exact subpage you have opened and which IP address you are using.

The information is only used to load the font files and to keep statistics about which fonts are used on which devices. This serves the providers for billing purposes and for purposes of maintenance and system stability.

Monotype's privacy policy: https://www.monotype.com/de/rechtshinweise/datenschutzrichtlinie/datenschutzrichtlinie-zum-tracking-von-webschriften

Privacy policy of FontAwesome: https://fontawesome.com/privacy

CleverReach

This website uses CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service with which the sending of newsletters can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on the CleverReach servers in Germany or Ireland.

Our newsletters sent with CleverReach allow us to analyze the behavior of the newsletter recipients. Among other things, we can analyze how many recipients opened the newsletter message and how often which link in the newsletter was clicked on. With the help of the so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. registration for workshops or events) was performed after clicking the link in the newsletter. Further information about data analysis by CleverReach newsletter can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/ .

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

If you do not want CleverReach to analyze your data, you have to unsubscribe from the newsletter as described under Newsletter.

The data that you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data stored for other purposes (e.g. e-mail addresses via direct inquiries) remain unaffected.

You can find more details in the CleverReach privacy policy at: https://www.cleverreach.com/de/datenschutz/.

CleverReach - Conclusion of a contract for commissioned data processing

We have concluded a contract with CleverReach for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using CleverReach.

Social Media

We operate the following social media appearances:

We use these appearances for the purpose of self-promotion and publicity of our cooperations and the success of the startups we support towards the users active there.

The social media platforms described in more detail below collect data about your behavior and interests when you visit our websites and provide us with a partially anonymous analysis of visitor groups and interactions. This processing of your data is based on our legitimate interest in a better understanding of our target groups in accordance with Art. 6 para. 1 sentence 1 lit. f) DSGVO.

Furthermore, the data may be processed by the social media platforms for their own purposes for market research and advertising purposes. Cookies may be stored on your computer to evaluate the usage behavior. Other data about your devices, internet connection or your location may also be recorded and, if necessary, linked to your account.

A user profile may be created about you, even if you are not logged on to the social media platforms or do not have an account. These profiles can be used to serve ads customized to you on various platforms.

How the social media platforms use the data from the visit of the appearances for their own purposes, how long the social media platforms store this data is not clearly stated by the social media platforms and is not known to us beyond the processing mentioned above.

It may happen that your data is processed outside the European Union when you visit our social media sites.

Overview and information about the platforms used:

  • LinkedIn is a business platform offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland with parent company LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085.

    Data transmission to the USA cannot be excluded. We have entered into a shared responsibility agreement with LinkedIn, which you can access here: https://legal.linkedin.com/pages-joint-controller-addendum. In summary, LinkedIn is responsible for all processing of your personal data on the Platform. You also agree to be responsible for implementing the rights of data subjects. You have the right at all times to assert your rights of privacy and data protection against LinkedIn or us in relation to our LinkedIn site and the page views that appear on it. If you contact us, we will forward your request directly to LinkedIn for response. You can review LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy. If you have a LinkedIn account, you can change your privacy settings at https://www.linkedin.com/psettings/.

Analysis tools and advertising

Piwik (now Matomo)

This website uses the open source web analytics service Piwik (now Matomo) to analyze and regularly improve the use of our website. With the help of these statistics we can improve our offer and make it more interesting for you as a user. The legal basis for the use is Art. 6 para. 1 sentence 1 lit. a) DSGVO. Cookies are stored on your computer for evaluation purposes. We store the information collected in this way exclusively on our servers in Germany.

These cookies are only set after the opt-in granted by the Consent Management Platform UserCentrics used on the website. You can change / revoke your consent at any time later by clicking on the Settings button in the lower left corner of the page.

Piwik also uses this website with an extension to process your IP address in a shortened form only, so that a direct personal reference of your data can be excluded. The IP address collected by Piwik is not merged or processed with any other data collected by us. You can find more information about Piwik at: https://matomo.org/privacy-policy/

Live online meetings and webinars with Zoom

Privacy policy for online meetings, conference calls and webinars via "Zoom" of BayStartUp GmbH

We would like to inform you in the following about the processing of personal data in connection with the use of "Zoom".

Purpose of processing

We use the "Zoom" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter collectively referred to as online meetings). "Zoom" is a service provided by Zoom Video Communications, Inc. which is located at 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.

Responsible

The person responsible for data processing that is directly related to the execution of online meetings is BayStartUp GmbH.

Note: If you call up the "Zoom" website, the provider of "Zoom" is responsible for data processing. However, calling up the Internet site is only necessary for the use of "Zoom" in order to download the software for the use of "Zoom". The data protection information of Zoom can also be found here: https://zoom.us/de-de/privacy.html

You can also use "Zoom" if you enter the respective meeting ID and, if necessary, additional access data for the meeting directly in the "Zoom" app.

If you do not want to or cannot use the "Zoom" app, the basic functions can also be used with a browser version, which you can also find on the "Zoom" website.

Which data is processed?

When using "Zoom", different types of data are processed. The extent of the data also depends on the data you provide before or during participation in an online meeting

The following personal data are subject to processing:

User data: first name, last name, telephone (optional), e-mail address, password, profile picture (optional)

Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.

When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data, such as the IP address of the device, can be saved.

Text, audio and video data: You may be able to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Zoom" applications.

In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.

Scope of processing

We use "zoom" to conduct online meetings. If we want to record online meetings, we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed in the "Zoom" app.

If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case.

In the case of webinars, we can also process the questions asked by webinar participants for the purposes of recording and follow-up of webinars.

If you are registered as a user at "Zoom", reports on online meetings (meeting meta data, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at "Zoom".

The possibility of software-based "attention tracking" in online meeting tools like "Zoom" is deactivated.

Automated decision making in the sense of Art. 22 DSGVO is not used.

The legal basis for data processing when conducting online meetings Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are conducted within the framework of contractual relationships.

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here too, we are interested in the effective implementation of online meetings.

Receiver / passing on of data

Personal data processed in connection with participation in online meetings is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that content from online meetings, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.

Zoom Video Communications, Inc. necessarily obtains knowledge of the above-mentioned data, as far as this is intended within the scope of the concluded order processing contract.

Data processing outside the European Union

"Zoom" is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country.

An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contract clauses.

Live online-Meetings with Brella

In order to organize and conduct certain events, we use the "Brella" platform provided by Brella Oy (c/o Maria01 Lapinlahdenkatu 16, 00180 Helsinki Finland) and Brella Inc (470 Ramona Street Palo Alto, CA 94301, USA), collectively "Operator". We are jointly responsible with the Operator for processing your data. To participate in events conducted via Brella, you must register on the Operator's platform and accept their "Attendee Terms". The Operators collect data about the interests and behavior of the participants in order to suggest suitable further events, companies and participants. We have no direct influence on this processing. We have entered into a shared responsibility agreement with the Operator. This stipulates that the Operators assume primary responsibility for compliance with information obligations and data subject rights. You can view Brella's privacy policy here: https://www.brella.io/privacy-notice. You can view the Attendee Terms here: https://www.brella.io/attendee-terms.

BayStartUP uses the data generated by your participation in these events only to organize and run the event smoothly. In some cases, which we will explicitly inform you about in advance, we will share certain personal data with sponsors. As far as necessary, we will ask for your consent in this case, without which we will not pass on any data. The use of the Brella platform is based on Art. 6 para. 1 p. 1 lit. b. DSGVO, our contractual obligation to you to carry out the booked events and on the basis of Art. 6 para. 1 p. 1 lit. f. DSGVO, our legitimate interest in offering a modern platform for events that enables active participation of the participants.

 

Your rights

Your rights

You have the following rights against us at all times with regard to the personal data concerning you:

Right to information

You may request confirmation from the person responsible as to whether personal data concerning you is being processed by us.

Right to correction or deletion

You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller must make the correction without delay.

You may request the data controller to delete the personal data concerning you without delay and the data controller is obliged to delete such data without delay, unless another legal basis prevails.

Right to limit processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

  • if you dispute the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data;
  • if the processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data;
  • if the data controller no longer needs the personal data for the purposes of the processing, but you need it for the purpose of asserting, exercising or defending legal claims; or
  • if you have lodged an objection to the processing in accordance with Art. 21 para. 1 DPA and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data relating to you has been restricted, such data - apart from being stored - may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right of objection/revocation against processing

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data in question, which is carried out on the basis of Art.6, paragraph 1, letter e or f of the DPA; this also applies to profiling based on these provisions.

The data controller will no longer process your personal data unless it can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If your personal data concerned are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data concerned for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.

If you object to processing for the purposes of direct marketing, your personal data concerned will no longer be processed for those purposes.

You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.

You have the right to revoke your declaration of consent under data protection law at any time. Revocation of your consent does not affect the lawfulness of the processing that has taken place on the basis of your consent until revocation.

Right to data transferability 

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without interference from the controller to whom the personal data has been made available, provided that the processing is based on consent pursuant to art. 6 paragraph 1 letter a DPA or art. 9 paragraph 2 letter a DPA or on a contract pursuant to art. 6 paragraph 1 letter b DPA and that the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to obtain that your personal data in question be transmitted directly from one responsible party to another, insofar as this is technically feasible. The freedoms and rights of other persons may not be impaired by this.

The right to data transferability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

You can send inquiries about your rights to us by any means, for example by contacting our data protection officer by e-mail. You can use the e-mail address: dsb@baystartup.de for this purpose.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. For example, you can contact the Bavarian State Office for Data Protection Supervision for this purpose. https://www.lda.bayern.de/de/kontakt.html