Data controller in the sense of the GDPR

The data controller in the sense of the General Data Protection Regulation (GDPR) and of other data protection laws applicable in the European Union and of other provisions with data protection character is:

innoWerft Technologie- und Gründerzentrum Walldorf Stiftung GmbH
Robert-Bosch-Str. 49
69190 Walldorf

Represented by:
Dr Thomas Lindner, CEO
Telephone: +49 6227 89934 0
Fax: +49 6227 89924 99
Email: kontakt@innowerft.com

Information on data processing / Definitions

  1. Your personal data in the sense of Art. 4 No. 1 GDPR (e.g. IP address, name, email address, telephone number and payment information) are processed by us only in accordance with the provisions of German data protection laws and taking into account the European General Data Protection Regulation (GDPR). The following provisions inform you about the type, scope and purpose of the collection, processing and use of personal data.
  2. Pursuant to Art. 6 GDPR, the processing of personal data in the sense of Art. 4 No. 2 GDPR is lawful where one of the following conditions exists:
    a) The data subject has given consent to the processing of their personal data for one or more specific purposes;
    b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    c) Processing is necessary for compliance with a legal obligation to which the data controller is subject;
    d) Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
    e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
  3. The processing of special categories of personal data (e.g. health data) in the sense of Art. 9 Para. 1 GDPR is lawful in particular pursuant to Art. 9 Para. 2 GDPR if one of the following conditions exists:
    – The person has given explicit consent
    – Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
  4. Automatic decision-making or profiling with regard to personal data in the sense of Art. 22 GDPR does not take place.
  5. The operator ensures the security of the data pursuant to Art. 32 GDPR, taking into account the principle of proportionality, by applying appropriate technical measures.
  6. If, contrary to expectations, a breach of data protection occurs, the competent supervisory authority pursuant to Art. 33 GDPR and the data subject pursuant to Art. 34 GDPR shall be notified.

Scope

This privacy policy applies only to our websites. If you are redirected to other pages via links on our pages, please inform yourself there about the respective handling of your data.

Disclosure of data to third parties

Data is only transmitted to third parties within the scope of the contractual relationship (Art. 4 No. 10 GDPR) if you expressly consent (Art. 4 No. 11 GDPR) or if transmitting the data is necessary for the fulfilment of the contract. You can revoke this consent at any time. Data collected as a result of your visit to the website is only collected by the third parties specifically mentioned below.

Data processing via website

Encryption

In accordance with the legal regulation set out in Sec. 13 Para. 7 TMG, this page uses SSL encryption, which can be recognized by a lock symbol in your browser’s address bar. If SSL encryption is activated, third parties are unable to read any data transferred.
This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. If individual pages of our website are being transmitted in encrypted form, the key or lock symbol in the lower status bar of your browser is shown in a closed position.
We also use appropriate technical and organizational security measures (TOM) to protect your data from accidental or deliberate manipulation, partial or complete loss, destruction or unauthorized access by third parties. We continually improve our security measures in line with technological developments.

Visiting our web pages

Every time our website is called up, our system automatically collects data and information from the computer system of the calling computer. This involves the following data:

  • Name of the file being called up
  • Date and time of call
  • Amount of data transferred
  • Message indicating whether the call was successful
  • IP address
  • Browser type
  • Browser version and its language
  • Operating system and its interface
  • Referrer URL

The data is saved in the log files of our host’s IT system.

Processing purpose: The processing of the above-mentioned data is necessary so we can display the website to you and guarantee the security and stability of our information technology systems as well as our website’s technology. In addition, the data is processed in order to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

Legal basis: We have a legitimate interest in data processing in the sense of Art. 6 Para. 1 (f) GDPR, whereby the legitimate interest arises from the stated purpose.

Storage duration: The data is deleted as soon as its storage can no longer fulfil the purpose. The time is to be determined in individual cases, whereby the storage must be terminated at the latest when any civil rights claims as set out in Sec. 199 of the German Civil Code (BGB) are statute-barred or prosecution is no longer possible due to the statute of limitations (Sec. 78, 79 of the German Criminal Code (StGB)).

Contact – general

If you contact us (e.g. by email or fax), we will store the data you include, such as your name, your email address and any other contact details you provide.

Processing purpose: We need to process the above-mentioned data so that we can answer your query.

Legal basis: The processing of the data may be supported by different legal bases depending on the query. In any case, processing is required in order to protect our legitimate interests in the sense of Art. 6 Para. 1 (f) GDPR. The legitimate interest results from the fact that we want to fulfil the processing purpose.

Storage duration: We will delete your personal data at the latest when it is no longer necessary to store it. The time is to be determined in individual cases, whereby the storage must be terminated at the latest when any civil rights claims as set out in Sec. 199 of the German Civil Code (BGB) are statute-barred or prosecution is no longer possible due to the statute of limitations (Sec. 78, 79 of the German Criminal Code (StGB)).

Contact – contact form

If you contact us via the contact form, the data you enter in the form will be transmitted and stored. If you use the contact form, the following data is also stored at the point when you send your message:

  • User’s IP address
  • Date and time of registration
  • Browser type

Processing purpose: Processing the personal data you enter on the input screen allows us to make contact with you and address your query. The other data processed when you send your message is used to prevent any abuse of the contact form and ensure the security of our information technology systems.

Legal basis: Before you send your message using our contact form, we obtain your consent and refer to this privacy policy. Based on your consent, the legal basis for processing is Art. 6 Para. 1 (a) GDPR.

Storage duration: The data is deleted as soon as its storage can no longer fulfil the purpose. The time is to be determined in individual cases, whereby the storage must be terminated at the latest when any civil rights claims as set out in Sec. 199 of the German Civil Code (BGB) are statute-barred or prosecution is no longer possible due to the statute of limitations (Sec. 78, 79 of the German Criminal Code (StGB)).

Subscription to our newsletter

On the website of innoWerft Technologie- und Gründerzentrum Walldorf Stiftung GmbH, users are given the opportunity to subscribe to our company’s newsletter. On the input screen where you subscribe to the newsletter, you can see which personal data is transmitted to the data controller when you subscribe.

innoWerft Technologie- und Gründerzentrum Walldorf Stiftung GmbH sends out a newsletter at regular intervals to inform its customers and business partners about the company’s offerings. Our company’s newsletter can only be received by the person concerned if (1) the person concerned has a valid email address and (2) the person concerned signs up to receive the newsletter. For legal reasons, when someone first signs up to receive the newsletter, a double-opt-in confirmation email is sent to the email address they have entered. This confirmation email is used to check whether the owner of the email address as the data subject has authorized receipt of the newsletter.

When you subscribe to our newsletter, we also store the IP address assigned by the internet service provider (ISP) of the computer system used by the data subject at the time of the subscription, plus the date and time of the subscription. We need to collect this data so that any (potential) misuse of the email address of a data subject can be traced at a later date. Collecting the data therefore serves to provide legal protection for the data controller.

The personal data collected in the context of a subscription to our newsletter will be used exclusively for sending our newsletter. Newsletter subscribers may also be informed by email if it is required for operating the newsletter service or for registering for it. This might be the case if changes are made to the newsletter offering or technical set-up.

No personal data collected as part of the newsletter service is passed on to third parties. The subscription to our newsletter can be cancelled by the data subject at any time. You can revoke your consent to the storage of personal data that you provided for the sending of the newsletter at any time. Each newsletter contains a link where you can revoke consent. You can also unsubscribe from the newsletter at any time, either directly on the data controller’s website or by informing the data controller in another way.

For our newsletters we use the Mailify tool from Sarbacane Software SAS, 3 avenue Antoine Pinay, Parc d’activités des 4 events, 59510 HEM (France). Our newsletters are sent out using ‘MailChimp’, a newsletter delivery platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The current Mailify privacy policy can be found at https://www.mailify.com/privacy.

Cookies

Absolutely necessary

Targeting

Functionality

Save

Our own cookies

We use our own cookies at various places on our website. In the subsection ‘Notes on data processing/Definitions’ you can read more about the function of cookies and how you can prevent them being set.

We use permanent and session cookies.

Session cookies store the following data:

  • Setting of cookies possible
  • Setting of cookies allowed by the visitor
  • PHP Session ID
  • Browser compatibility
  • Existence of navigation elements on a web page

Permanent cookies store the following data:

  • ID codes used to analyse usage behaviour

Cookies on our website that are (at least) used to analyse the user behaviour of visitors to our website (tracking) are only set for visitors who have previously given their consent. Cookies that are not used for tracking are set by our system without this consent.

Processing purpose: The cookies enable us to recognize your browser the next time you visit. Cookies are used by us to provide the service, to analyse the surfing behaviour of our users on our website and to increase user-friendliness.

Legal basis: If setting the cookie and processing the acquired data at least serves to analyse the user behaviour of visitors to our website (tracking), processing takes place based on the data subject’s consent pursuant to Art. 6 Para. 1 (a) GDPR. In other cases, cookies are set to protect our legitimate interests as defined in Art. 6 Para. 1 (f) GDPR, in which case the legitimate interest arises from the fact that we want to fulfil the processing purpose.

Storage duration: Session cookies are deleted automatically after your visit. Permanent cookies are stored for a maximum of one month or remain on your device until you delete them. The data transmitted by the cookie is deleted immediately after it has been evaluated

Use of eveeno for conferences, seminars and business events

We use eveeno for the purpose of running conferences, seminars and business events. The provider of eveeno is Andreas Bothe, Ellenbogen 8, 91056 Erlangen, Germany, Phone: +49 157 57 00 00 59, website: www.eveeno.com, email: info@eveeno.de.

In this context, any participant data that is part of our communication process is processed and stored on the eveeno servers. This data may include, in particular, login and contact information, visual and voice contributions, as well as input in chats and shared screen content. According to eveeno, the data is stored by the DCSA-certified Cologne-based company, Hosteurope. The data is located in one of the most environmentally friendly and secure data centres in Europe, in the Datadock in Strasbourg.

We use eveeno on the basis of Art. 6 Para. 1 (f) GDPR. We have a legitimate interest in organizing the above-mentioned events as efficiently as possible.

The current eveeno privacy policy can be found at https://eveeno.com/de/privacy.

Use of Eventbrite (link)

On our website we offer you the option to sign up to participate in events. We use the technical solution ‘Eventbrite’, which is operated by Eventbrite, Inc., 155 5th Street, Floor 7, San Francisco, CA 94103, USA.

Eventbrite has a representative for the purpose of European data protection legislation. This is Eventbrite NL BV, based in Silodam 402, 1013AW, Amsterdam, The Netherlands.

When you register for an event, you will be redirected to the Eventbrite website.

Eventbrite collects personal data. When you provide such data voluntarily while registering for one of our events, Eventbrite transfers it to us as the event organizer. To register for an event at Eventbrite, you must submit the following data to Eventbrite Inc.:

  • Last name, first name
  • Email
  • Payment information
  • Place
  • Ticket type
  • Event ID
  • IP address
  • Features of the accessing device and/or browser

Eventbrite Inc. participates in the EU-US Data Protection Shield Framework Program of the US Department of Commerce and the European Commission regarding the collection, use and retention of personal data from the Member States of the European Economic Area.

Here you will find information about which data Eventbrite Inc. collects, processes and uses within the framework of the EU-US Data Protection Shield Framework Program and the purposes for which this is done: https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eu-us-privacy-shield-notice?lg=en_GB.

You can also find further information on how Eventbrite complies with European data protection regulations via the following link: https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/data-processing-addendum-for-organizers?lg=en_GB

For more information about how Eventbrite Inc. uses personal information, please refer to the Eventbrite privacy policy at https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB

As the event organizer, we receive access from Eventbrite to the above-mentioned data of participants registered for an event. We use the data for the purpose of preparing and following up the events in question. In addition, registered participants receive an email before and after the booked event, with information about the event and our contact details.

The data is processed on the basis of Art. 6 Para. 1 (b) GDPR (processing for the fulfilment of a contract).

Users will receive information via email after the event and will be contacted by us for the purpose of informing them of similar events in the future. This processing is justified by Art. 6 Para. 1 (b) GDPR. You can object at any time to the use of this data for advertising purposes in the future, by revoking your consent in your profile on the www.eventbrite.de platform where you registered for the event. If you have booked events with us outside of Eventbrite, please send your revocation tokontakt@innowerft.com. In addition, we are required by law to store data such as invoices, contracts and other accounting-related information for the statutory period. Processing required for this purpose is carried out on the basis of Art. 6 Para. 1 (c) GDPR in conjunction with Sec. 147 AO (German Fiscal Code) and 257 HGB (German Commercial Code).

Privacy policy for the use of MailChamp

Our newsletters are sent out using ‘MailChimp’, a newsletter delivery platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter recipients, as well as their other data described in the context of this policy, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and evaluate the newsletters on our behalf. Furthermore, by its own account MailChimp may use this data to optimize or improve its own services, e.g. for technical optimization of the dispatch and presentation of the newsletters or for economic purposes, to determine which countries recipients come from. However, MailChamp does not use our newsletter recipients’ data to make contact themselves, and does not pass it to third parties.

You can find MailChimp’s privacy policy here: https://mailchimp.com/legal/privacy

Statistical survey and analysis:

The newsletters contain a ‘web beacon’, in other words a pixel-sized file, which is called up by the MailChimp server when the newsletter is opened. In the context of this call, technical information is collected, for example information about the browser and your system, as well as your IP address and the time of the call. This information is used to make technical improvements to services based on technical data or target groups and their read behaviour based on location (which can be determined using the IP address) or access times.

Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked on. Although for technical reasons this information can be assigned to the individual recipients of the newsletter, it is neither our intention nor that of MailChimp to observe individual users. The main purpose of the evaluations is to recognize the reading habits of our users and to adapt our content to them, or to send different content according to their interests.

Google Analytics

We use the web analytics service Google Analytics on our website. The provider is Google Inc. (Hereinafter ‘Google’), 1600 Amphitheater Parkway, Mountain View, CA 94043 USA.

Google Analytics is a web analytics service that collects and evaluates data about the behaviour of site visitors. Google Analytics uses cookies that transmit data to Google for analysis purposes when you visit our website.

As part of this process, the following data is usually transmitted and stored to Google servers:

  • Referrer URL
  • Which page of the website is accessed
  • How often and for what length of time a page is viewed
  • IP address
  • Access time
  • Access location
  • Frequency of visits to our website.

We have activated the ‘_gat._anonymizeIp’ function for this service. That means that Google shortens and anonymizes the IP address of your internet connection if you are accessing our website from within a member state of the European Union or from other member states of the European Economic Area. In exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there.

Processing purpose: The purpose of the Google Analytics tool is to analyse the flow of visitors on our website. Google uses the data obtained to evaluate the use of the website and provides us with online reports that show the activities on our website. The use of Google Analytics allows us to optimize the website and perform a cost-benefit analysis for our internet advertising.

Legal basis: We only use cookies with your consent. In order to obtain your consent, we have added a cookie layer to our website. By clicking on the button located there, you agree to the setting of cookies. The use of Google Analytics is therefore founded on the legal basis of Art. 6 Para. 1 (a) GDPR.

Storage duration: Google stores the data obtained by Google Analytics for a maximum of 14 months.

Third country transfer: The data is usually transferred to Google’s servers in the United States and stored there.

Transmission to third parties: It is possible that Google transmits the data obtained in the process to third parties.

Furthermore, you can object to the collection of the data generated by Google Analytics that relates to the use of this website. You can also object to and prevent the processing of this data by Google in general. To do this, you need to download and install a browser add-on here: https://tools.google.com/dlpage/gaoptout link. This browser add-on informs Google Analytics via JavaScript that no data or information on website visits may be transmitted to Google Analytics. If you install the browser add-on, Google considers it to be an objection. If you delete, format, or reinstall the IT system at a later time, you will need to reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by you or any other person within your sphere of influence, you can reinstall or reactivate the browser add-on. We also offer you the option of disabling the collection of website usage data for this website by clicking on the following link:

Disable Google Analytics

For additional information and Google’s current privacy policy, see https://policies.google.com/privacy and http://www.google.com/analytics/terms/gb.html. Google Analytics is explained in more detail here: https://www.google.com/analytics/

Other data processing via the website

Google Maps

On our website we use the map service Google Maps to display interactive maps and generate directions.
The provider of Google Maps is Google Inc. (Hereinafter ‘Google’), 1600 Amphitheater Parkway, Mountain View, CA 94043 , USA.

When you access our website, your browser establishes a direct connection to a Google server. Google then transfers the map content integrated into our website to your browser. When it does that, and when you use the route planning function, Google processes at least the following data:

  • IP address
  • Referrer URL
  • Date and time of call
  • Location data
  • The addresses you enter when planning your route.

Google processes your data on its own responsibility. We are therefore not responsible for the data processing in connection with this service. Nevertheless, pursuant to Art. 13 GDPR, we would like to give you as much information as possible about data collection in connection with this service.

Processing purpose: The above data is used to display geographical information on our website.

Legal basis: The legal basis for the use of Google Maps is in line with Art. 6 Para. 1(f) GDPR. We have a legitimate interest in making it easier for our customers to find us.

Storage duration: Since we have no influence on the further processing and use of the data by Google, we cannot make any statement about how long Google stores the data.

Data transfer: Your data is sent to Google’s servers in the United States. It cannot be ruled out that Google may transmit the data to third parties.

More information: The following link will take you to Google’s privacy policy:
https://policies.google.com/privacy?hl=gb#infochoices

Google Web Fonts

External fonts – Google Fonts – are used on this website. Google Fonts is a Google Inc. (“Google”) service. These web fonts are integrated via a server call, usually a Google server in the USA. This transfers information to the server about which of our pages you have visited. Google also stores the IP address of the browser on the user’s device.
The use of Google Fonts allows a better visual representation of our website, and this therefore constitutes a legitimate interest in the sense of Art. 6 Para. 1 Point 1(f) GDPR.
For more information, see Google’s privacy policy, available here:
https://www.google.com/policies/privacy/

YouTube

We have integrated the plugin for the video portal YouTube on our website. The provider is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066 USA (hereinafter “YouTube”).

When you access our website, your browser establishes a direct connection to a YouTube server in the USA. YouTube then transfers the video content integrated into our website to your browser.
When it does that, YouTube processes at least the following data:

  • Your IP address
  • Referrer URL

YouTube processes your data on its own responsibility. We are therefore not responsible for the data processing in connection with this service. Nevertheless, pursuant to Art. 13 GDPR, we would like to give you as much information as possible about data collection in connection with this service.

Processing purpose: The above-mentioned data is used to display videos from the YouTube platform on our website.

Legal basis: The legal basis for the use of YouTube plugins is in line with Art. 6 Para. 1(f) GDPR. We have a legitimate interest in making our website more attractive.

Storage duration: Since we have no influence on the further processing and use of the data by YouTube, we cannot make any statement about how long YouTube stores the data.

 

Data transfer: Your data is sent to YouTube’s servers in the United States. It is not ruled out that YouTube may transmit the data to third parties.

More information: The following link will take you to YouTube’s privacy policy: https://policies.google.com/privacy?hl=gb&gl=gb

Social media links

We have not included social media plugins on our website. Instead, to protect your data, we only link to the websites of the following companies:

  • Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
  • Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
  • XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
  • Twitter International Company, One Cumberland place, Fenian Street, Dublin 2, D02 AX07 Ireland

If you follow a link, you will be redirected to the website of the respective company. Any processing of your personal data thereby falls outside our area of responsibility. Nevertheless, we would like to fulfil our obligation to provide information, as stated in Art. 13 GDPR, as far as we can.

Processing purpose: We use the links to make our website attractive. Furthermore, the links are set in order to promote the communicative character of the internet and thus freedom of expression.

Legal basis: The legal basis for setting links is in line with Art. 6 Para. 1(f) GDPR. We have a legitimate interest in making our website more attractive.

Storage duration: Since we have no influence on the further processing and use of the data by the companies listed above, we cannot make any statement about how long those companies store the data if you follow one of the links.

Data transfer: If you follow a link, depending on the company, your data will be sent to servers in third countries such as the USA. It is not ruled out that the companies may transmit the data to third parties.

More information: On the websites of the above-mentioned companies you will find further information about their respective data protection regulations.

Information on the rights of affected parties

Because your personal data is being processed, you are a data subject in the sense of the GDPR, and we are required to grant you the following rights, where we are referred to as ‘the data controller’.

  • Right of access, Art. 15 GDPR

You have the right to request information from the data controller about whether your personal data is being processed. If it is, you have a right to receive the information listed in Art. 15 GDPR.

  • Right to rectification of personal data, Art. 16 GDPR

Pursuant to Art. 16 GDPR you have the right have the right to obtain from the data controller without undue delay the rectification of inaccurate personal data relating to you, assuming that the personal data in question is incorrect or incomplete.

  • Right to erasure (‘right to be forgotten’), Art. 17 GDPR

Pursuant to Art. 17 GDPR you have the right to require the data controller to delete personal data relating to you.

  • Right to restrict processing, Art. 18 GDPR

As a data subject, under the conditions of Art. 18 GDPR you have the right to require the data controller to restrict the processing of data.

  • Notification obligation, Art. 19 GDPR

Pursuant to Art. 19 GDPR you have the right to be informed of the recipients to whom personal data concerning you has been disclosed and whom the data controller has informed of your assertion of the right to correct, delete or restrict your data.

  • Right to data portability, Art. 20 GDPR

Under the conditions of Art. 20 you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. You have the right, under the conditions of Art. 20, to transfer this data to another data controller without hindrance by the data controller to whom the personal data has been made available. You have the right to have the personal data transmitted directly from one data controller to another, where technically feasible.

  • Right to object to processing, Art. 21 GDPR

Pursuant to Art. 21 GDPR you have the right to object at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1). This also applies to profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

  • The right not to be subject to an automated decision, including profiling, Art. 22 GDPR

Pursuant to Art. 22 GDPR, as a data subject you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

  • Right to withdraw consent given under data protection law, Art. 7 GDPR

Pursuant to Art. 7 GDPR you have the right to withdraw your consent to the processing of personal data concerning you at any time.

  • Right to lodge a complaint with a data protection supervisory authority, Art. 77 GDPR

Pursuant to Art. 77 GDPR, without prejudice to any other remedy you have the right to lodge a complaint with a regulatory authority if you believe that our processing of your personal data violates the GDPR.

Supervisory authority responsible:

The State Commissioner for Data Protection and Freedom of Information
Lautenschlagerstraße 20
70173 Stuttgart

Postal address:
Postbox 10 29 32
70025 Stuttgart

Tel: 0711/615541-0
Fax: 0711/615541-15
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de/