The following notices provide a simple overview of how personal data is processed when you visit our website. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to the data protection notices listed in the following text.
We collect, process and use data in accordance with the principle of data minimisation. The provision of personal data within our forms for general contact, reservation inquiries, room booking or membership application is limited exclusively to the purpose-related scope. We store personal data in accordance with the principles of data minimisation only as long as it is necessary or required by law. If the purpose ceases to apply and there is no obligation to retain the data, we delete the data immediately after the purpose ceases to apply. If there is a retention obligation, we block your data for the duration of the legal retention period and delete the data after the retention period has expired. Further transmission of data will only take place if it is legally permissible or if you have expressly consented to the transmission.
Of course, the protection of your personal data, and fair and transparent data processing, are important to us. In the following, we provide you with the information according to Articles 13 and 14 of the European Union’s (EU) General Data Protection Regulation (GDPR) that you need to review and exercise your rights regarding data protection. We are to be designated as the responsible party within the meaning of the GDPR and the Federal Data Protection Act (BDSG) as well as other data protection regulations, such as the Telecommunications and Telemedia Data Protection Act (TTDSG), for our website and the associated data processing. Comprehensive information about our organisation can be found in the imprint.
The following data protection information is divided into the following sections:
Responsible for data collection:
Impact Hub Berlin GmbH
Tel.: +49 30 259 257 25
Email: [email protected]
Data Protection Officer:
GFAD Datenschutz GmbH
Tel.: +49 30 269 111 1
Email: [email protected]
Data security on our website
To ensure the security of our website, we use a valid state-of-the-art Secure Sockets Layer (SSL) certificate. A website encrypted with SSL transmits personal data to the server in an encrypted form so that it is impossible for third parties to intercept or read them. A certificate verifies our identity. Depending on your browser, you can recognise that a secure connection exists by the display of a lock symbol. By clicking on the lock symbol, you can view our online proof of identity. By encrypting the transmission, you can assume that your entered data is sufficiently protected against unauthorised access during transmission according to the state of the art.
Protection of minors
Our offer is directed at adults. Persons under the age of 18 may not transmit any personal data to us without the consent of their parents or legal guardians.
The hosting services used by us provide the following services:
In doing so, we, or our hosting service provider on our behalf, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online offer based on our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f GDPR. The data processing of our hosting service provider is carried out within the framework of a contract processing agreement pursuant to Art. 28 GDPR.
Provision of the website and log files
The entry of personal data is not necessary for purely informational use, i.e. if you do not otherwise transmit information to us or our website. Nevertheless, every time our website is called up, personal data is automatically collected in addition to information from the system of the calling computer or end device of the user, which your browser transmits to our server. The following data, which is technically necessary for us to display our website to you, is collected by us in this context:
The legal basis for the temporary storage of this data in so-called log files are our legitimate interests as the responsible website operator according to Art. 6 para. 1 lit. f. GDPR, to ensure the technical presentation and stability and security of the website.
The temporary storage of the user’s IP address by our system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must necessarily remain stored for the duration of the session. The storage of the above-mentioned data in the log files is done to ensure the functionality of our website. In addition, we use this data to optimise the website and to ensure the security of our information technology systems (e.g. attack detection). An evaluation of the data for marketing purposes does not take place in this context. The above-mentioned data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 7 days at the latest. Storage beyond this period is possible if there are indications of an illegal attack on our systems.
This website uses the following types of cookies, the scope and functionality of which are explained below:
These cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. These cookies are technically necessary for the optimisation and presentation of the website. Session cookies are deleted when you log out or close the browser.
These cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
Prevention of cookies
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of this website.
In addition, users have the option of accessing our offer without cookies. To do this, the corresponding settings must be changed in the browser. Please use the help function of your browser to find out how to disable cookies. However, we would like to point out that this may impair some functions of this website and reduce user comfort. The http://www.youronlinechoices.com/uk/your-ad-choices/ (Europe) and http://www.aboutads.info/choices/ (USA) sites allow you to manage online ad cookies.
Third-party services and content
Content management tool Borlabs Cookie
This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consent. Borlabs Cookie does not process any personal data. The borlabs-cookie cookie stores your consents, which you can give when you access the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you reload the website, you will be asked again for your cookie consent. You can also access the Borlabs cookie banner in the privacy information at any time and change your cookie settings. We use Borlabs based on our legitimate interests in lawfully obtaining effective consent pursuant to Art. 6 para. 1 lit. f. GDPR.
For cookie opt in, we use the WordPress plugin from Borlabs (https://borlabs.io/borlabs-cookie/).
In order to obtain your consent to the storage of certain cookies on your terminal device and to document it in a data protection compliant manner, we use the Cookie Consent Manager Borlabs Cookie, of the provider Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg.
Only technically necessary cookies (borlabs-cookie) are set by the Borlabs cookie. If our website is called up, the following data is transmitted to Borlabs Cookie: Your consent or revocation of your consent to set cookies, a cookie set by Borlabs Cookie in your browser, the cookie runtime and version, domain and path of the WordPress website and the Unique ID (UID). Whereas the UID is a randomly generated ID and not personal information. Borlabs Cookie does not process any personal data.
If you wish to revoke the consents to set certain cookies, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.
Google Tag Manager
For reasons of transparency, we would like to point out that we use the Google Tag Manager. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour, to record the impact of online advertising and social channels, to set up re-marketing and targeting, and to test and optimise websites. In the process, personal data of the user, such as the IP address when the website is called up, is also processed. The processing of the IP address is necessary for the technical presentation of the website. We use the Tag Manager on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR for the management of Google services. For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html.
This website uses functions of the web analytics service Google Analytics based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR for statistical analysis of user behaviour for optimisation and marketing purposes. If consent is given, further processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR. Consent is granted for a period of 24 months. Through appropriate cookie settings, a granted consent may be revoked at any time with effect for the future. For Google services within the European Economic Area (EEA) and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the provider of the service and the responsible “data controller” under data protection law since 22.01.2019. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. In order to provide the service, it may be necessary for the information generated by the cookie about your use of the website to be transmitted to and stored by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA on servers in the United States. If consent is given, the data is transferred to the USA to Google LLC. Google LLC, 1600 Amphitheatre Parkway based on the consent given in accordance with Art. 49 para. 1 lit. a GDPR. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy.
This data is stored for 24 months before it is automatically deleted, unless the cookies are already deleted by the user beforehand or the cookie settings are changed accordingly. The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.
Data protection and data security in Google Analytics
The EU standard contractual clauses have been agreed for the transfer of data to Google LLC in the USA. The EU standard contractual clauses represent a guarantee of an adequate EU level of data protection in accordance with Art. 46 GDPR. As additional protective measures, the IP anonymisation function is activated. Furthermore, Google contractually undertakes to continue to comply with the previous self-certification requirements from the EU Privacy Shield, which was declared invalid by the European Court of Justice (ECJ).
In addition, Google Analytics and Google Analytics 360 have been certified in accordance with the independent security standard ISO 27001. ISO 27001 is one of the most widely recognised standards in the world. The certification applies to the systems provided through Google Analytics and Google Analytics 360.
We have activated the IP anonymisation function on this website. This means that your IP address will be shortened by Google within member states of the EU or in other states party to the Agreement on the EEA before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will process this information for the purpose of evaluating your use of the website statistically, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. The controller uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymised by Google if access to our Internet pages is from a member state of the EU or from another state party to the Agreement on the EEA.
Objection to data collection
Google reCAPTCHA is a service provided by Google LLC that allows website operators to check whether a user on their site is a human or a bot. This is to ensure that no bots interact on the website in an automated way.
On our website, we use Invisible reCAPTCHA V3, which no longer requires the user to perform any action themselves. Google checks in the background of the page itself whether the user is a human or a bot. To do this, Google processes cursor movements and the user’s IP address. During the check by reCAPTCHA, website operators and thus Google record a number of data from the user. For example, Google reCAPTCHA also processes information about the:
The purpose of reCAPTCHA is to check whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor, etc.) on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. Google also sets cookies in the process.
The reCAPTCHA analyses run entirely in the background. Website visitors are informed in the data protection information that an analysis takes place. The data processing is based on Art. 6 para. 1 lit. f GDPR.
The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from spam. The Google reCAPTCHA security tool represents a technical measure to ensure the security of processing in accordance with Art. 32 GDPR. Currently, no technically equivalent alternative exists from EU service providers, so that the use of Google reCAPTCHA is technically necessary for the security of our website. If consent is given, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR. Consent given can be revoked at any time with effect for the future.
For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the responsible data controller since 22.01.2019. Thus, the data is generally stored on servers in the EEA. However, it may be necessary for the service provision that data is transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For the transfer of data to third countries and the USA, the standard contractual clauses have been agreed, which are a guarantee of an adequate EU level of data protection in accordance with Art. 46 GDPR. We would like to point out that the USA is currently assessed by the ECJ as a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy.
If you do not want Google to collect, process or use data about you via our website, you can delete or also block cookies in your browser settings.
To make it easier for you to find the location of our organisation, we have integrated map material from the Google Maps service of Google LLC into our website via an API for the visual display of geographical information in interactive maps on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. If consent is given, the processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR. Consent given can be revoked at any time with effect for the future.
In order to display the content in your browser, Google must receive your IP address, otherwise Google would not be able to show you this embedded content. Google obtains this via an Application Programming Interface (API) and / or via cookies that are set by Google. In addition, the use of Google maps, to our knowledge, the following additional data to Google LLC. Transmitted are the:
For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the responsible “data controller” since 22.01.2019. The data is thus processed on servers within the EEA. Nevertheless, it may be necessary for the provision of the service that data is transmitted to the parent company Google LLC.
The transfer of data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA is based on the EU standard contractual clauses concluded with Google LLC in the context of the Google maps API platform. The EU standard contractual clauses provide a guarantee in accordance with Art. 46 GDPR for an adequate EU level of data protection.
YouTube video service
We use the video service of YouTube LLC, based in San Bruno, California, since 2006 a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to post our own videos and make them publicly available. References to the “affiliated” companies of YouTube refer to the companies of the Alphabet Inc. group of companies pursuant to section 15 of the German Stock Corporation Act.
We integrate videos stored on YouTube directly on the basis of our legitimate interests of public relations and freedom of expression pursuant to Art. 6 para. 1 lit. f GDPR. With this integration, content from the YouTube website is displayed in parts of a browser window. If consent is given, the processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR. Consent given can be revoked at any time with effect for the future.
The provision of this service within the EEA and Switzerland is carried out since 22.01.2019 by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as the responsible “Data Controller”. This service is basically provided by Google Ireland Limited within the framework of a commissioned processing agreement in accordance with Art. 28 GDPR. To ensure the service, data may be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA”. To ensure an appropriate level of data protection for the transfer of data to Google LLC in the USA, the EU standard contractual clauses will be contractually agreed. In addition, the transfer is necessary for the fulfilment of a contract concluded with Google for the provision of this service in the interest of the user and the responsible party as the website operator in a pictorial and interactive provision of information via video on the website in accordance with Art. 49 para. 1 lit. c GDPR. If the service is activated by an effective consent pursuant to Art. 6 para. 1 lit. a GDPR, the data transfer to affiliated companies of Google LLC to the USA and other third countries is based on the consent given pursuant to Art. 49 para. 1 lit. a GDPR. We would like to point out that the USA is currently assessed by the ECJ as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy. Data processing by YouTube is carried out within the framework of commissioned processing in accordance with Art. 28 GDPR (https://www.youtube.com/t/terms_dataprocessing).
If the cookies are not permitted by the user, the user is redirected via a corresponding link or links to the YouTube offer. In general, we are not responsible for the content of websites to which links are provided. In the event that you follow a link on YouTube, however, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes. You tube uses the advertising function Double click from Google LLC for the provision of the video service.
These cookies can be prevented by appropriate browser settings and extensions. Provided that the extended data protection function of You tube is activated, no cookies are set by Google.
Social media plugins
We integrate plug-ins of the following social media services on our websites due to our legitimate interests for company presentation on social media in the context of public relations pursuant to Art. 6 para. 1 lit. f GDPR:
Customer Relationship Management (CRM) system HubSpot
For the management of our customer data, we use the CRM tool HubSpot of HubSpot Ireland Limited, 2nd Floor 30, North Wall Quay, Dublin 1, Ireland, as part of our legitimate interest in optimised customer management pursuant to Art.6 para. lit.f GDPR.
HubSpot Ireland Limited is a subsidiary of HubSpot Inc. with headquarters in the USA. The processing of personal data therefore generally takes place in the EEA. For the transfer of data to third countries, in particular the USA, the EU standard contractual clauses are contractually agreed, which constitute a guarantee of an adequate EU level of data protection in accordance with Art. 46 GDPR.
A transparent listing of the cookies set by HubSpot, if applicable, can be found here: https://legal.hubspot.com/de/cookie-policy.
We have concluded an order processing agreement with HubSpot, according to which HubSpot only processes your data on our behalf: https://legal.hubspot.com/de/dpa
HubSpot Customer Management System (CMS) / CRM
HubSpot also takes physical, electronic, and procedural safeguards to protect your personal information. You can find more information about this from HubSpot here: https://legal.hubspot.com/security.
We use Hubspot as our CMR to manage contract data. Here, we store all data that you have transmitted to us for the initiation or conclusion of a contract, in particular your name, your contact data and, if applicable, payment data. This data remains stored by us as long as we still need it for the fulfilment of the contract, in particular before the expiry of statutory or contractual warranty periods or statutory retention periods under commercial or tax law.
HubSpot contact form
We use HubSpot as part of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in economically efficient customer communication for contact forms on our website. Hubspot receives all data that you enter in our forms and also collects usage data for this purpose as part of order processing. For this, we refer to our general presentation on contact forms.
We use HubSpot as part of our legitimate interest pursuant to Art. 6 para. lit. f GDPR in economically efficient customer communication for appointments on our website. HubSpot receives all data that you enter in our forms and also collects usage data for this purpose as part of order processing. For this, we refer to our section on contact forms.
We use HubSpot within the scope of our legitimate interest pursuant to Art. 6 para. lit. f GDPR in economically efficient customer communication for our newsletter and mail dispatch. If you order the newsletter offered on our site, we will inform you in detail about what we will communicate with you, which of your data will be stored and what it will be used for. We will not pass on your data to third parties and will only use it for sending the newsletter.
We will only send the newsletter to you if you have previously given us your consent to do so. For this purpose, you will receive an email from us with a link and more detailed instructions and a request for your consent. By clicking on this link, you agree to receive the newsletter and advertising from us.
The basis for the storage is your consent according to Art. 6 para. 1 lit. a GDPR, which you give us with the registration for the newsletter. You can revoke this consent at any time by sending us an informal message (e.g. by contact form or email, or the unsubscribe link in every mail). This revocation does not affect the legality of the data processing carried out up to that point.
Since we are legally required to log your consent as part of the so-called double opt in, your order for the newsletter, the sending of our consent email and your consent by clicking on the link will be logged and stored according to place and time as well as with your IP address.
The data used by HubSpot contains a “web-beacon” that sends the opening of the newsletter and/or the activation of a link contained therein by you to HubSpot. In the process, information about your browser, your location and your IP address is transmitted to HubSpot. This information is processed on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR to improve our content in the newsletter.
The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of the newsletters or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
Your data will remain stored as long as it is stored in our email list, the storage is still necessary for legal prosecution by us or for our other legitimate interests, or we are required by law to still retain your data.
We use the Typeform online form from TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain (Typeform) for surveys and contact forms. This allows us to provide you with an easy way to contact us.
Typeform is a recipient of your personal data and acts as a processor on our behalf under a contract processing agreement pursuant to Art. 28 GDPR. Typeform also processes data in third countries, such as the USA. Data transfers to third countries by Typeform are carried out on the basis of the contractually agreed EU standard contractual clauses, which constitute a guarantee of an adequate EU level of data protection pursuant to Art. 46 para 2 lit. c GDPR. Nevertheless, we inform you that according to the case law of the ECJ, the USA is currently not a safe third country in the sense of EU data protection law. Due to surveillance laws in the U.S., U.S. service providers may be obliged to hand over personal data to security authorities without data subjects being able to appeal against this. It can therefore not be ruled out that U.S. authorities, such as intelligence agencies, may process, evaluate and permanently store your data located on servers of U.S. service providers for surveillance purposes. We have no influence on these processing activities.
The provision of the data specified under this section is neither legally nor contractually required. However, we cannot process your inquiry further or contact you without providing personal data, in particular contact data. In addition, you have the option of contacting us at the email address [email protected]. The data processed includes master data (e.g. names and company addresses), contact data (e.g. mail addresses and telephone numbers) as well as contract data (e.g. services used, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). The data is processed exclusively for the purpose of the application process, answering the inquiry and contacting you. The mandatory data is used for the evaluation of the company application, answering the inquiry and contacting in the context of the application.
In addition, Typeform processes the following personal data using cookies: Information about your terminal device (IP address, device information, operating system, browser settings). Furthermore, usage data is processed such as date and time and when you used the contact form. Typeform needs this data to ensure the display of the contact form and its functionality. This corresponds to Typeform’s legitimate interest according to Art. 6 para. 1 lit. f GDPR and serves the execution of the contract according to Art. 6 para. 1 lit. b GDPR. Further information can be found at: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data.
For further information on objection and removal options vis-à-vis Typeform, please visit: https://admin.typeform.com/to/dwk6gt.
The legal basis for the processing of personal data in the context of the online form is Art. 6 para. 1 lit. b GDPR insofar as this is necessary for the initiation or conclusion of a contract. If the processing of the personal data provided is necessary for answering or contacting you, this is done to protect our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR to answer the request satisfactorily or to contact you. The data will be deleted when it is no longer necessary for the fulfilment of the stated purpose.
Registration, implementation and administration of events
As a booking system for participation in our events (events), we use Eventbrite, an event platform of Eventbrite Inc. (“Eventbrite”). If you wish to make a booking on our site and click on the corresponding button or link, you will be redirected to the website of Eventbrite for this purpose.
When you make a booking with Eventbrite, Eventbrite collects and processes the following personal data for Impact Hub Berlin:
To find out what Eventbrite does as a processor and how Eventbrite processes and protects personal data on behalf of Impact Hub, please see the Data Processing Addendum-Contract Data Processing for Event Organisers: https://www.eventbrite.de/support/articles/de/Troubleshooting/datenverarbeitungsnachtrag-fuer-veranstalter.
As an event organiser, we receive your personal data from Eventbrite in order to be able to administer and authenticate you as an attendee at the event and to provide you with information before and after the event that you need to take advantage of the full range of services.
The processing of the data is thus based on Art. 6 para. 1 lit. b GDPR. This means you provide us with the data on the basis of the contractual relationship between you and Impact Hub Berlin.
The event platform Eventbrite is provided by Eventbrite Inc. 155 5th Street, Floor 7, San Francisco, CA 94103. In Europe, the company is represented by Eventbrite NL BV, Silodam 402, 1013AW, Amsterdam, The Netherlands.
Any transfers to the USA are based on standard data protection clauses according to Art. 46 sentence 2 lit. c GDPR. For more information, please visit: https://www.eventbrite.de/support/articles/de/Troubleshooting/datenschutzrichtlinie-von-eventbrite?lg=de.
Careers / job offers
We use the TeamTailor service on our website to carry out recruitment procedures. We use this service of TeamTailor AB Östgötagatan 16 116 21 Stockholm Stockholms on the basis of our legitimate interests pursuant to Art. 6 para. lit. f GDPR in the efficient implementation of the recruitment procedure as part of a commissioned processing pursuant to Art. 28 GDPR. The processing of personal data thus takes place in the EEA.
In this context, we process data non users when they:
The categories of personal data collected by the service may be used to identify individuals by name, email, pictures and videos, Facebook and LinkedIn account information, answers to questions asked as part of the recruitment process, title, education and other information provided by the user or others through the service. Only data relevant to the recruitment process is collected and processed.
Personal data processed for the purposes of aggregate analysis or market research will always be made unidentifiable. Such personal data cannot be used to identify a specific user. Therefore, such data is not considered personal data.
Personal data collected through the Service is stored and processed within the EU/EEA. If a transfer of data to third countries should be necessary, this only took place as far as a permissible circumstance as well as a guarantee according to Art. 44 ff. GDPR (e.g. EU adequacy decision, EU standard contractual clauses, Binding corporate rules) exists and where appropriate safeguards apply to protect the rights of the data subjects whose data are transferred.
However, the transmission of data over the Internet and mobile networks can never be without risk, so all transmissions are at the own risk of the person transmitting the data. It is important that users also take responsibility for the protection of their data. It is the user’s responsibility to keep their access information private.
We will not sell or otherwise disclose users’ personal data to third parties. However, we may share users’ personal information with the following:
We will only share users’ personal information with third parties we trust. We carefully select partners to ensure that users’ personal data is processed in accordance with applicable data protection laws. We work with the following categories of processors of personal data:
We may share aggregated data with third parties. In such cases, the aggregated data has been compiled from information collected through the service and may consist of, for example, internet traffic statistics or geological location for use of the service. Aggregate data does not contain information that can be used to identify individuals and is therefore not personally identifiable information.
For a qualified application, please submit your resume and references. Without this information, we are unfortunately unable to process your application. Furthermore, you have the option to voluntarily provide additional information. The legal basis for the data processing of your application is the initiation of an employment relationship in accordance with Art. 6 para. 1 b GDPR in conjunction with § 26 BDSG.
If you have applied for a specific position and it has already been filled or we consider you equally or even more suitable for another position, we would be happy to forward your application within our group of companies. Please let us know if you agree to forwarding.
Your personal data will be deleted within a maximum of 6 months after completion of the application process, unless you have given us your express consent to store your data for a longer period or a contract has been concluded.
If you send us inquiries via our contact forms, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions.
The processing of the data entered in the contact form is thus based on our legitimate interests to answer your request satisfactorily according to Art. 6 para. 1 lit. f GDPR. Without providing personal data in the marked mandatory fields, it is not possible to respond to the request. In addition, some information can be entered voluntarily, which will then be processed in accordance with Art. 6 para. 1 lit. a GDPR. If your request is aimed at the initiation, conclusion or fulfilment of a contract or membership, we process your request in accordance with Art. 6 para. 1 lit. b GDPR. For this purpose, we require a precise description of your request. Here, too, your data will be treated confidentially and will not be passed on to third parties without your consent. Also a link with above-mentioned communication data takes place. For our contact forms, we use the CRM tool HubSpot as part of an order processing pursuant to Art. 28 GDPR.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
Contact by email
We can be contacted via the email addresses provided. In this case, the personal data of the sender, i.e. the user, transmitted with the inquiry will be stored. In this context, we would like to point out that transmission as an unencrypted email poses certain security risks, as it cannot be ruled out that the data may be read or accessed by unauthorised persons. The processing of this data, which is transmitted in the course of sending a request, is carried out on the legal basis of Art. 6 para. 1 lit. f. GDPR of our legitimate interests to answer your request satisfactorily. If the request is aimed at the fulfilment of an existing contract or the conclusion of a new contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR for the initiation and fulfilment of a contract. The processing of this personal data serves us solely to process the contact. Your data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by email, this is the case when the respective request is answered and the conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified and no contract has been concluded. Inquiries regarding the contractual relationship are stored for the duration of the existing contractual relationship or membership.
All personal data stored in the course of contacting us will be deleted in this case, provided that there are no legal retention periods to the contrary.
Recipients of the data or categories of recipients
Within our organisation, those entities will have access to your data that need it to fulfil contractual and legal obligations.
External service providers (order processors)
Your data will be shared with our IT and software service providers for maintenance and support to assist us in providing our services. A processing of your personal data by contracted service providers takes place within the framework of order processing according to Art. 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the EU or the EEA) or if this is done in the context of using third-party services or disclosing, or transferring data to third parties, this will only be done if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests, or if another legal basis permits this. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. GDPR are met, i.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU (EU adequacy decision) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Data transfer to the USA
Among other things, services of companies based in the USA are integrated on our website. If these services are active, your personal data could be transferred to the US servers of the respective companies. We inform that the USA is currently not a safe third country in the sense of EU data protection law according to the case law of the ECJ. Due to surveillance laws in the USA, US service providers may be obliged to hand over personal data to security authorities without data subjects being able to appeal against this. It can therefore not be ruled out that US authorities, such as intelligence agencies, may process, evaluate and permanently store your data located on servers of US service providers for surveillance purposes. We have no influence on these processing activities.
Contractual services with business partners
We process the data of our contractual partners and interested parties as well as clients, suppliers, service providers and customers in accordance with Art. 6 para. 1 lit. b. GDPR in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship. The data processed includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. mail addresses and telephone numbers) as well as contractual data (e.g. services used, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). As a matter of principle, we do not process special categories of personal data, unless these are components of a commissioned or contractual processing. We process data that are required for the justification and fulfilment of contractual services and point out the necessity of their disclosure, unless this is evident to the contractual partners. Disclosure to external persons or companies is made only if it is necessary in the context of a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements.
In the context of the use of our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests of the user to protect against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the prosecution of our claims pursuant to Art. 6 para. 1 lit. f. GDPR or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. GDPR.
The deletion of the data takes place when the data is no longer required for the fulfilment of contractual or legal duties of care as well as dealing with any warranty and comparable obligations. In all other respects, the statutory retention obligations apply.
Photographs at company events
In the context of company events, photographs are taken on the legal basis of our legitimate interests pursuant to Art. 6 para. lit. f GDPR and published for the following purposes:
For the aforementioned purposes, the following categories of personal data are processed:
The legal basis for the taking of photographs and their publication is, unless expressly stated otherwise, Art. 6 para. 1 lit. f GDPR or the expressly given consent (Art. 6 para. 1 lit. a GDPR) of the person concerned.
If the photographs are taken by an external photographer commissioned by Impact Hub Berlin, we receive the photographs from the commissioned external photographer. The processed data is made available to recipients exclusively for a specific purpose in accordance with the principle of data minimisation:
Photos that are taken for the purposes of public relations are stored for an indefinite period of time for a specific purpose, subject to an objection by the persons concerned. Photos on the internet can be accessed by any number of persons. Despite all technical precautions, it cannot be ruled out that people will continue to use the photos or pass them on to other people. If an objection to the further processing of photos is only made after the printing of print publications, this can only be taken into account for the next subsequent print publications.
Data processing at trade fairs / handling of business cards
If you provide us with your contact data at a trade fair, for example by leaving us your business card, we store this data in our CRM system. We use your data to contact you as requested, to establish a business relationship and to send you information material (Art. 6 para. 1 lit a, b and f GDPR). Your data will be deleted if you so wish or if the purpose of the processing has ceased to apply and storage is no longer necessary, provided that there are no legal retention periods to the contrary.
If we receive your email address and postal address in the course of concluding a contract, we may process this data in order to inform you about our own similar product and service offers by email and post from now on. If you do not wish to receive any further advertising information by e-mail or post, you can object to the use of your contact data for advertising purposes at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rates. You can send your objection by mail or email to the following contact address:
Impact Hub Berlin GmbH
Tel.: +49 30 259 257 25
Email: [email protected]
Recipients of the data or categories of recipients
Within our organisation, those entities will have access to your data that need it to fulfil contractual and legal obligations.
External service providers (order processors)
Your data is shared with service partners, e.g. IT and software service providers for maintenance and support, to assist us in providing our services. Processing of your personal data by contracted service providers takes place within the framework of order processing pursuant to Art. 28 GDPR.
Other service providers, partners and third parties
We may cooperate with other partners if it is necessary to fulfil our service offerings or if we are legally obligated to disclose data. These may be the following partners or third parties:
It is important to us to process your data within the EU. However, it may happen that we use service providers operating outside the EU. In these cases, we ensure that an adequate level of data protection is established before transferring your personal data. This means that a level of data protection comparable to the standards within the EU is achieved via EU standard contracts or an EU adequacy decision.
Origin of personal data
We process personal data that we receive in the course of our business relationship. In addition, to the extent necessary for the provision of our services and for the performance of contracts, we process personal data that we have received from other companies in our group of companies or from other third parties (e.g. credit agencies) in a permissible manner (e.g. for the execution of orders, for the performance of contracts or on the basis of consent given by you). In addition, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. trade and association registers, press, media) and are permitted to process.
Categories of personal data
We process the following categories of personal data about you:
Storage of data
To the extent necessary, we process and store personal data for the duration of the business relationship. This also includes the initiation and processing of a contract. For the duration of the existence of warranty and guarantee claims, the personal data required for this purpose are stored. In addition, we store personal data insofar as we are legally obligated to do so. Corresponding obligations to provide proof and to store data result from the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). The periods for storage or documentation specified there are six years in accordance with commercial law requirements under Section 257 of the German Commercial Code (HGB) and up to ten years based on tax requirements under Section 147 of the German Fiscal Code (AO). We delete personal data of the data subject as soon as the purpose of the storage no longer applies and legal retention periods do not prevent a deletion.
Rights of the data subjects
If personal data of a user is processed, he or she is a “data subject” within the meaning of the GDPR. He or she is entitled to the following rights vis-à-vis us as the data controller:
Information, blocking, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if the legal requirements are met, the right to correction, blocking or deletion of this data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the EU or a Member State.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 para. 2 GDPR).
Right of complaint to a supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to other administrative or judicial remedies.
Rights in case of data processing according to the legitimate interest
Pursuant to Art. 21 para. 2 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 e GDPR (data processing in the public interest) or on the basis of Art. 6 para. 1 f GDPR (data processing for the purposes of a legitimate interest). This also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Rights in the event of direct advertising
If we process your personal data for the purpose of direct marketing, you have the right pursuant to Art. 21 para. 2 GDPR to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes. The objection can be made form-free and should preferably be addressed to:
Impact Hub Berlin GmbH
Tel.: +49 30 259 257 25
Email: [email protected]
Legal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data
We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). For the conclusion of the contract it is necessary that you provide us with personal data. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it. If there is a legal obligation to provide the data, you are obliged to provide us with personal data. Before providing personal data by the data subject, the data subject may contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.
Automated decision-making, performance of profiling
For the establishment and implementation of a business relationship, we generally do not use exclusively automated decision-making within the meaning of Art. 22 GDPR.
Objection to advertising emails
We hereby object to the use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.
Changes to the data protection declaration
This data protection declaration is continuously adapted in the course of the further development of the internet or our offer. We will announce any changes on this page in good time. In order to be informed about the current status of our data usage regulations, this page should be called up regularly.
(Current status: December 2021)