Basic information and scope of application
We at Impact Hub Berlin GmbH collect, process and use personal data only in compliance with existing data protection regulations. The legal framework for data protection is provided by the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). The protection of your personal data is important to us. In the following, you will learn which personal data may arise from which of your activities on our homepage or through the use of our services and how you retain control over your data.
1.1 We work according to the principle of data minimisation
We collect, process and use data in accordance with the principle of data minimisation. The information of personal data within our forms for general contact, reservation inquiries, room reservation or application for a membership is limited exclusively to the purpose-related extent. We store personal data in accordance with the principles of data minimisation only as long as it is necessary or legally prescribed. If the purpose ceases to apply and there is no storage obligation, we will delete the data immediately after the purpose has expired. If there is a retention obligation, we block your data for the duration of the statutory retention period and delete the data after the expiry of the retention period. Further transmission of the data will only take place if it is legally permissible or if you have expressly agreed to the transmission.
We are responsible in the sense of the GDPR and the Federal Law for Data Protection (BDSG) as well as other data protection-juridical regulations for our website and the data processing connected with it to designate. Comprehensive information about our company can be found in the imprint.
Information of controller:
Information of the data protection officer:
2. Data processing on our website
2.1 Data security on our website
For the security of our website we use an SSL certificate with a 256 bit key, version TLS 1.2. A website encrypted with SSL transmits personal data encrypted to the server so that it is impossible for third parties to intercept or read it. A certificate verifies our identity. Depending on your browser, you can recognise that a secure connection exists by the green address bar and/or the lock. By clicking on the lock or the green address bar you can read our online proof of identity. By encrypting the transmission, you can assume that the data you have entered can only be read by us. You can see from the green address bar that you are connected to our server via a secure connection and that it is not a third-party site.
2.2 Provision of the website and log files
Each time our website is accessed, our system, i.e. the web server, automatically collects information from the system of the user’s computer or terminal device when our website is accessed.
The following data is collected by us:
The legal basis for the temporary storage of this data and the log files is our legitimate interest in ensuring a functioning website as the responsible website operator pursuant to Art. 6 para. 1 lit. f. GDPR.
The temporary storage of the user’s IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must inevitably remain stored for the duration of the session. The above data is stored in the log files to ensure the functionality of our website. This data is also used to optimise the website and to guarantee the security of our information technology systems (e.g. attack detection). An evaluation of the data for marketing purposes does not take place in this context. The above-mentioned data will be deleted as soon as they are no longer required for the achievement of the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storing the data in log files, this is the case after 7 days at the latest. In this case the IP address of the user is deleted or alienated by us, so that an assignment of the calling client is no longer possible and the data contained no longer have any personal reference. A storage going beyond this is possible, if there are indications for an illegal use of our offer.
This website uses so-called cookies. These are text files that are stored on your computer by the server. They contain information about the browser, the IP address, the operating system and the Internet connection. We do not pass this data on to third parties or link it to personal data without their consent. Cookies fulfil two main tasks. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly. They are not used to introduce viruses or start programs.
Users have the possibility to access our website without cookies. To do this, the corresponding settings must be changed in the browser. Please inform yourself about the help function of your browser to deactivate cookies. However, we would like to point out that this may impair some of the functions of this website and limit user comfort. The pages http://www.youronlinechoices.com/uk/your-ad-choices/ (Europe) and http://www.aboutads.info/choices/ (USA) allow you to manage online ad cookies.
These cookies are automatically deleted when you close your browser. These include in particular session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser.
These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
Prevention of cookies
You can configure your browser settings according to your wishes and, for example, reject the acceptance of third-party cookies or all cookies. We would like to point out that you may then not be able to use all the functions of this website.
Recipients of data or categories of recipients
Within Impact Hub Berlin, those offices that need your data to fulfil their contractual and legal obligations will have access to it.
External service providers (contract processors)
Your data will be passed on to service partners, e.g. IT and software service providers for support and maintenance work, as part of the support of our website in order to support us in providing our services. The website is hosted by a provider as an order processor according to Art. 28 GDPR.
Processing of your personal data by commissioned service providers may take place within the framework of order processing pursuant to Art. 28 GDPR.
2.4 Services and contents of third party providers
2.4.1 Matomo Analytics
This website uses Matomo (https://matomo.org/), an Open Source, self-hosted software for collecting anonymous usage statistics for this website.
The data is used to analyse the behaviour of the website visitors to identify potential pitfalls like not found pages, search engine indexing issues and to find out which contents are the most appreciated. Once the data (number of visitors reaching not found pages, viewing only one page…) is processed, Matomo generates reports for website owners to take action, for example changing the layout of the pages, publishing some fresh content… etc.
Matomo processes the following data:
You may choose to prevent this website from aggregating and analysing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.
Indirect data collection
If you are using this site, the visit is logged by the host of this website. This log contains your IP address which allows you to be identified indirectly via your internet service provider. The collection of this data is a legal obligation and required for security. You cannot oppose it and the data is at no time used for other purposes.
The legitimate interests
The processing of personal data is based on legitimate interests.
Processing your personal data such as cookies helps us identify what is working and what is not on our website. For example, it helps us identify if the way we are communicating is engaging or not and how we can organise the structure of the website better. Our team benefits from the processing of your personal data, and they are directly acting on the website. By processing your personal data, you can profit from a website which is getting better and better.
Without the data, we would not be able to provide you the service we are currently offering to you. Your data will be used only to improve the user experience on our website and help you find the information you are looking for.
Recipient of the data
The personal data received through Matomo are sent to:
Data subject’s rights
As Matomo processes personal data on legitimate interests, you can exercise the following rights:
You may choose to prevent this website from aggregating and analysing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.
2.4.2 Social media plugins
We integrate the following social media services into our websites on the basis of our legitimate interests in the representation of our company on social media as part of our public relations work pursuant to Art. 6 para. 1 lit. f GDPR.
These plugins usually collect data from you by default and transmit it to the servers of the respective provider. The plugins also collect personal data such as your IP address and send it to the servers of the respective provider, where it is stored and processed. In addition, social plugins set a cookie with a unique identifier when the website in question is accessed. This also enables the providers to create profiles about your usage behaviour. This also happens if you are not a member of the social network of the respective provider. If you are a member of the social network of the provider and you are logged into the social network during your visit to this website, your data and information about your visit to this website may be linked to your profile on the social network. We have no influence on the exact extent of the data collected from you by the respective provider. For more detailed information about the scope, type and purpose of data processing and about rights and setting options to protect your privacy, please refer to the data protection information of the respective provider of the social network. These are available at the following addresses:
2.4.3 Google reCAPTCHA
Google reCAPTCHA is a service from Google LLC that allows website operators to check whether a user on their site is a human or a bot. This is to ensure that no bots interact automatically on the site.
The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a person or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, length of stay of the website visitor on the website or mouse movements made by the user). The data collected during the analysis is stored by Google.
Data processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting his web offers from abusive automated spying and from SPAM.
For the transmission of data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, an adequate European Union (EU) data protection level exists due to the certification according to the Privacy Shield. Since 22 January 2019, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the data controller responsible for Google services within the European Economic Area and Switzerland.
If you do not want Google to collect, process or use data about you via our website, you can delete or block cookies in your browser settings. Or you can use the following opt-out: https://adssettings.google.com/authenticated to object.
2.4.4 Registration member log-in with Facebook Connect
Instead of registering directly on our website, you can use Facebook Connect to register. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We offer this registration option on the basis of our legitimate interest in a user-friendly registration option pursuant to Art. 6 para. 1 lit. f GDPR.
If you decide to register with Facebook Connect and click on the “Login with Facebook” / “Connect with Facebook” button, you will automatically be redirected to the Facebook platform. There you can log in with your usage data. This links your Facebook profile to our website or services. This link gives us access to your data stored on Facebook. These are above all:
This data is used to set up, provide and personalise your account.
2.4.5 CRM system from Salesforce
We use the CRM system of the provider salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, due to our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR in order to be able to process user enquiries faster and more efficiently.
Salesforce is certified under the Privacy Shield Agreement and thus offers an additional guarantee to comply with European data protection law if data is processed in the USA (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active).
Salesforce uses user data only for the technical processing of requests and does not pass them on to third parties. In order to use Salesforce, it is necessary to provide at least a correct email address. A pseudonymous use is possible. In the course of processing service requests, it may be necessary to collect further data (name, address).
The use of Zendesk is optional and serves the improvement and acceleration of our customer and user service. If users do not consent to the collection and storage of data by Salesforce’s external system, we will provide them with alternative contact options for submitting service requests by email, telephone, fax, or mail.
You can subscribe to our newsletter on our website. This is done by entering a valid email address in the “Newsletter” contact form. The indication of the name serves only for a personalised experience.
You will only receive our newsletter with your unambiguous consent in accordance with Article 6 para. 1 lit a GDPR.
The shipping service provider is appointed on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and a contract processing agreement pursuant to Art. 28 para. 3 sentence 1 GDPR.
The dispatch service provider can use the recipient’s data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass on the data to third parties.
If you no longer wish to receive the newsletter, you will find a corresponding button “unsubscribe” (at the end of the newsletter) in every newsletter you receive, which you can use to cancel your subscription.
Of course, you can revoke your consent to the storage and processing of the data provided within the scope of the newsletter dispatch at any time with effect for the future via our contact provided.
2.6 Further contact forms / contact by email
If you contact us via the online form or by email, we store the information you provide in order to be able to answer your enquiry and ask possible follow-up questions.
On our website you can also make a request for a room reservation “book our space” or apply for a membership at Impact Hub Berlin “membership”.
We collect, process and use this data only to the extent necessary to process your order directly or to initiate or conclude a contract pursuant to Art. 6 para. 1 lit. b GDPR. For the answering of all other inquiries, which do not aim at an initiation or a conclusion of a contract, the indicated personal data become on the legal basis of our entitled interests after Art. 6 exp. 1 lit. f DSGVO to answer the inquiries duly. The customer data collected will be deleted after conclusion of the order or termination of the business relationship as well as the final answer to the enquiry. Legal retention periods remain unaffected.
We only transfer personal data to third parties if this is necessary within the framework of contract processing, for example to the credit institution commissioned with payment processing, is legally permissible or you have given your consent.
2.7 Careers / job offers
To carry out recruitment procedures, we use the tool Teamtailor, a service of Teamtailor AB Östgötagatan 16 116 21 Stockholm Stockholms län on our website based on our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO in the efficient implementation of the recruitment procedure as part of a commissioned processing pursuant to Art. 28 DSGVO. The processing of personal data thus takes place in the EEA.
In this context, we process data non users when they:
The categories of personal data collected by the service may be used to identify individuals by name, email, pictures and videos, Facebook and LinkedIn account information, answers to questions asked as part of the recruitment process, title, education and other information provided by the user or others through the service. Only data relevant to the recruitment process is collected and processed.
Personal data processed for the purposes of aggregate analysis or market research will always be made unidentifiable. Such personal data cannot be used to identify a specific user. Therefore, such data is not considered personal data.
Personal data collected through the service is stored and processed within the EU/EEA. If a data transfer to third countries should be necessary, this was only carried out insofar as a permissible circumstance as well as a guarantee according to Art. 44 ff. GDPR (e.g. EU adequacy decision, EU standard contractual clauses, binding corporate rules) exists and where appropriate safeguards apply to protect the rights of the data subjects whose data are transferred.
However, the transmission of data over the Internet and mobile networks can never be without risk, so all transmissions are at the own risk of the person transmitting the data. It is important that users also take responsibility for the protection of their data. It is the users’ responsibility to keep their access information private.
We will not sell or otherwise disclose users’ personal data to third parties.
However, we may share users’ personal information with the following:
We will only share users’ personal data with third parties that we trust. We carefully select partners to ensure that the users’ personal data is processed in accordance with applicable data protection laws. We work with the following categories of processors of personal data: Teamtailor, who deliver the service, server and hosting companies, email reference companies, video-processing companies, information-gathering companies, analytics service providers, and other companies that help provide the service.
We may share aggregated data with third parties. In such cases, the aggregated data has been compiled from information collected through the service and may consist of, for example, Internet traffic statistics or geological location for use of the service. Aggregate data does not contain information that can be used to identify individuals and is therefore not Personally Identifiable Information.
For a qualified application, please submit your resume and references. Without this information, we are unfortunately unable to process your application. Furthermore, you have the option to voluntarily provide additional information. The legal basis for the data processing of your application is the initiation of an employment relationship in accordance with Art. 6 para. 1 b GDPR in conjunction with § 26 BDSG.
If you have applied for a specific position and it has already been filled or we consider you equally or even more suitable for another position, we would be happy to forward your application within our group of companies. Please let us know if you agree to forwarding.
Your personal data will be deleted within a maximum of 6 months after completion of the application process, unless you have given us your express consent to store your data for a longer period or a contract has been concluded.
3 Rights of data subjects
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal email notification to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which a processing is based can be found in this data protection declaration. If you file an objection, we will no longer process your personal data concerned unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims (objection according to Art. 21 para. 1 GDPR).
If your personal data are processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 para. 2 GDPR).
Right of appeal to a supervisory authority
In the event of infringements of the GDPR, the persons concerned have the right to appeal to a supervisory authority, in particular in the member state of their habitual residence, workplace or place of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.
Right to data transferability
You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.
Information, blocking, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. You can contact us at any time at the address given in the text above for this and other questions on the subject of personal data.
Right to limitation of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given. The right to limit the processing exists in the following cases:
If you have restricted the processing of your personal data, such data may not be processed – apart from its storage – without your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the EU or a member state.
4 Data processing within the scope of our business services
We process the data of our contractual partners and interested parties as well as clients, suppliers, service providers and customers according to Art. 6 Para. 1 lit. b. GDPR in order to provide them with our contractual or pre-contractual services. The data processed, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. The processing data includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. email addresses and telephone numbers) as well as contract data (e.g. services used, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). We do not process any special categories of personal data, unless these are part of a commissioned or contractual processing. We process data which are necessary for the justification and fulfilment of the contractual services and point out the necessity of their indication, if this is not evident for the contracting parties. Disclosure to external persons or companies will only take place if it is necessary within the framework of a contract. When processing the data provided to us within the framework of an order, we act in accordance with the instructions of the client and the legal requirements.
Within the scope of using our online services, we can store the IP address and the time of the respective user action. The storage takes place on the basis of our justified interests of the users in the protection from abuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims pursuant to Art. 6 para. 1 lit. f. GDPR is necessary or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. GDPR.
The data will be deleted when the data is no longer required for the fulfilment of contractual or statutory duties of care and for handling any warranty and comparable obligations, whereby the necessity of storing the data is reviewed every three years. In all other respects, the statutory storage obligations shall apply.
Data processing at trade fairs / handling business cards
If you provide us with your contact data at a trade fair, e.g. by providing us with your business card, we store this data in our CRM system. We use your data to contact you as requested, to establish a business relationship and to send you information material (Art. 6 para. 1 lit a, b and f GDPR). Your data will be deleted if you so wish or if the purpose of the processing no longer applies and storage is no longer necessary, provided there are no legal storage periods to the contrary.
We may use the email address and postal address provided within the framework of the initiation and conclusion of a contractual relationship to inform you about similar product and service offers by email and post from now on due to our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. If you do not wish to receive any further advertising information by email or post, you can object to the use of your contact data for advertising purposes at any time with effect for the future without incurring any costs other than the transmission costs according to the basic tariffs. You can address your objection to the following contact addresses: email [email protected]erlin or mail to Impact Hub Berlin GmbH, Rollbergstraße 26, 12053 Berlin.
Your data will be deleted if there is a legal obligation, the purpose of processing no longer applies and storage is no longer necessary or is objected to, unless there are legal storage periods to the contrary.
Cooperation with contract processors and third parties
Insofar as we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, pursuant to Art. 6 para. 1 lit. b GDPR is necessary for the performance of the contract), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
Other service providers, partners and third parties
We may cooperate with other partners if it is necessary to fulfil our service offers or if we are legally obliged to disclose data. These may be the following partners or third parties:
We attach great importance to processing your data within the EU. However, it may happen that we use service providers who operate outside the EU. In these cases, we ensure that an appropriate level of data protection is established in accordance with Art. 44-49 GDPR before your personal data is transferred. This means that EU standard agreements or an adequacy decision, such as the EU Privacy Shield, or other contractual and technical measures achieve a level of data protection that is comparable to the standards within the EU.
Origin of personal data
We process personal data that we receive within the scope of our business relationship. In addition, to the extent necessary for the provision of our services and for the fulfilment of the contract, we process personal data which we have received from other companies in our group of companies or from other third parties (e.g. credit agencies) in a permissible manner (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of consents given by you). In addition, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. trade and association registers, press, media).
Categories of personal data
We process the following categories of personal data about you:
Personal data (name, address and other contact data, date of birth), possibly order data (e.g. delivery order), payment data, data from the fulfilment of our contractual obligations, advertising and sales data, documentation data (data from consultation and service discussions) as well as comparable data.
5 General notes
Transfers to third countries
If we process data in a third country (i.e. outside the EU/EEA) or if this is done in the context of the use of third party services or disclosure or transfer of data to third parties, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. GDPR. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the Privacy Shield) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
If necessary, we process and store personal data for the duration of the business relationship. This also includes the initiation and execution of a contract. For the duration of the existence of warranty and guarantee claims, the necessary personal data will be stored. In addition, we store personal data insofar as we are legally obliged to do so. Corresponding proof and storage obligations result from the commercial code and the tax code. The time limits for storage or documentation assigned there are six years in accordance with commercial law requirements in accordance with § 257 HGB and up to ten years due to tax requirements in accordance with § 147 AO. We delete personal data of the person concerned as soon as the purpose of storage no longer applies and statutory retention periods do not prevent deletion.
Legal or contractual provisions governing the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data
We will inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). For the conclusion of a contract it is necessary that you provide us with personal data. Without this data, we will generally have to refuse to conclude a contract or will no longer be able to execute an existing contract and may have to terminate it. If there is a legal obligation to provide the data, you are obliged to provide us with personal data. If you do not provide the data, we may not establish the desired business relationship. Before the data subject provides personal data, the data subject may contact our data protection officer. Our data protection officer informs the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences the non-availability of the personal data would have.
As a responsible organisation, we do not use exclusively automated decision-making within the meaning of Art. 22 GDPR, which has legal effect for you, to establish contractual relationships.
Objection to advertising emails
We hereby object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action against unsolicited mailing or emailing of spam and other similar advertising materials.
Liability for links
Our offer contains links to external websites of third parties, on whose contents we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal infringements at the time of linking. Illegal contents were not recognisable at the time of linking. A permanent control of the contents of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of any legal infringements, we will remove such links immediately.
Changes to our data protection information
In order to ensure that our data protection information always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection information has to be adjusted due to new or revised services, for example new services. The new data protection information will then take effect the next time you visit our website. This page should be called up regularly in order to obtain information on the current status of our data usage regulations.
(Current status: December 2021)