Data Privacy

Privacy Policy

Thank you for visiting our website. Below, we inform you in detail about the nature, scope and purpose of the personal data we collect, use and process and inform you of the rights to which you are entitled as a data subject.

We reserve the right to change the privacy policy at any time with effect for the future. When you visit our website again, the updated and published privacy policy will apply in this respect. The current version of the privacy policy can be accessed, saved and printed out on our website at any time.

Regarding the terms used (e.g., personal data, controller), we refer to the definitions of the General Data Protection Regulation (GDPR).

1. NAME AND ADDRESS OF THE CONTROLLER

The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

WSS Redpoint Rechtsanwaltsges. mbH

Managing Director: Peter Siedlatzek

Spichernstrasse 73

50672 Cologne

info@wss-redpoint.com

2. GENERAL INFORMATION ON DATA PROCESSING

Scope of processing

We collect and use personal data only insofar as this is necessary for the provision of our website, our content and services, you have given your consent, or the processing of the data is permitted by a statutory regulation.

Legal basis for the processing of personal data

If we obtain your consent for the processing of personal data, Art. 6 para. 1 p. 1 lit. a GDPR serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract, Art. 6 para 1 p. 1 lit. b GDPR serves as the legal basis. This also applies to the processing of personal data that is necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para 1 p. 1 lit. c GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and your interests, basic rights and fundamental freedoms do not override the former interest, Art. 6 para 1 p. 1 lit. f GDPR serves as the legal basis for the processing.

Legitimate interests in processing

If the processing of your personal data is based on Art. 6 para 1 p. 1 lit. f GDPR, our legitimate interest, unless otherwise stated, is the performance of our business activities. Otherwise, we have indicated our purposes and interests in each case as part of the above list of processing.

Data deletion and duration of storage

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies, or you revoke your consent. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. If the purpose of storage ceases to apply, if you revoke your consent or if a duration of storage prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions, unless there is a necessity for further storage of the data for the conclusion or performance of a contract.

Recipients of the collected data / data transfer

Recipients of the data collected via our website are primarily us as the controller. In addition, processors (web hosters, IT service providers, etc.) have access to the data collected via our website. However, compliance with legal regulations is ensured in this respect by processing contracts that we conclude with our processors based in the EU. Data transfer to so-called third countries outside the EU only takes place if and to the extent that this has been pointed out below.

Data transfer and processing in third countries

We only transfer data to a third country, i.e., a country outside the European Union (EU) and the European Economic Area (EEA), or have data processed via the use of third-party services in a third country, if this is a third country with a recognized level of data protection, we have concluded a so-called standard contractual clause or certifications or binding internal data protection regulations are available.

Necessity to disclose personal data

You can visit our website without personal data being collected.

Existence of automated individual decision making

We do not carry out automated individual decision-making or profiling within the meaning of Art. 22 GDPR.

Data security

We secure our website and other systems through comprehensive technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. These measures are subject to constant review and improvement to ensure state-of-the-art technology.

3. DATA PROCESSING WHEN USING OUR WEBSITE

Hosting

We host our website on servers operated by STRATO AG, Pascalstraße 10, 10587 Berlin, Germany (“Hoster”).

Through our Hoster, we provide a technical infrastructure to offer our products and services to customers, prospective customers and business partners.

When you use our website, your (anonymized) IP and the duration of your visit to our website are transmitted to our Hoster.

Our Hoster also automatically stores access data in so-called server log files every time you call up our website. This includes:

  • Date and time of the retrieval
  • Amount of data transferred and, if applicable, the name of the requested file
  • Browser used and its version
  • Operating system used
  • IP address
  • Requested URL including subpages
  • Referrer URL
  • Requesting provider

The temporary storage of the IP address by the system is necessary to enable delivery of the website to your terminal device. For this purpose, your IP address must remain stored for the duration of the session.

The legal basis for the temporary storage of your data and the log files is our legitimate interest Art. 6 para. 1 p. 1 lit. f GDPR.

The data is evaluated exclusively to ensure the permanent and trouble-free operation of our website and the security of our information technology systems.

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of our website. Therefore, there is no possibility to object.

Further information on data protection can be found in the data protection provisions of STRATO AG at https://www.strato.de/datenschutz/.

Use of cookies

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called “cookies” on our website.

Below you will find more information of our cookie consent management system by Cookiebot:

You therefore have control over the use of cookies. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general or set it so that the setting of cookies is prevented and thus permanently object to the setting of cookies. In addition, you can delete cookies that have already been set at any time via your browser. A comprehensive objection to online marketing cookies can also be declared via http://www.youronlinechoices.com/, among other places. This also applies to all third-party cookies listed below.

To analyse your surfing behaviour (so-called tracking), the third-party services integrated by us also use cookies (so-called third-party cookies). Please refer to the websites of the respective providers for information on the respective mode of operation and data processing. The third-party services we use can be found in this privacy policy.

Social media

In addition to this website, we also maintain presences in various social networks. If you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that, in addition to the storage of the data specifically entered by you in this social network, further information will also be processed by the provider of the social network. For example, your data will usually be processed for market research and advertising purposes, including to create corresponding usage profiles and to display personalised advertising to you. For this purpose, the provider of the social network usually stores cookies on your terminal device in which your usage behaviour and interests are saved. In addition, the provider of the social network may process the most important data of the computer system from which you visit it – for example, your IP address, the processor type and browser version used, including plugins.

If you are logged in with your personal user account of the respective network while visiting such a network, this network can assign the visit to your account. If you do not wish such an assignment, you must log out of your account and delete the cookies before visiting our social media presence.

The legal basis for the processing of personal data is Art. 6 para. 1 p. 1 lit. f GDPR. If you have given your consent to the processing to the respective provider of the social network, the legal basis for the processing of your personal data is Art. 6 para. 1 p. 1 lit. a GDPR.

We maintain presences in the respective social networks in order to be able to communicate with you there and to inform you about our services. This is also our legitimate interest in processing your personal data according to Art. 6 para. 1 p. 1 lit. f GDPR.

Further information on the purpose and scope of the data collection as well as on the further processing and use of your data and the possibility of opting out can be found in the data protection provisions of the respective network:

Facebook

Facebook is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We have concluded a joint controller agreement with Meta in accordance with Art. 26 GDPR, which you can view here https://www.facebook.com/legal/controller_addendum. This agreement also states which security measures Meta must observe. Meta has also agreed to fulfil the data subject rights (i.e., you can, for example, send information or deletion requests directly to Meta).

We are jointly responsible with Meta for the collection or receipt of so-called event data that Meta collects by means of social plugins or embedded content. Meta, on the other hand, is solely responsible for processing the data.

Privacy policy: https://www.facebook.com/about/privacy/

Opt-out: https://www.facebook.com/settings?tab=ads

Instagram

Instagram is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

We have concluded a joint controller agreement with Meta in accordance with Art. 26 GDPR, which you can view here https://www.facebook.com/legal/controller_addendum. This agreement also states which security measures Meta must observe. Meta has also agreed to comply with the data subject rights (i.e., you can, for example, send information or deletion requests directly to Meta).

We are jointly responsible with Meta for the collection or receipt of so-called event data that Meta collects by means of social plugins or embedded content. Meta, on the other hand, is solely responsible for processing the data.

Privacy policy and opt-out: http://instagram.com/about/legal/privacy/

Opt-out: https://www.facebook.com/settings?tab=ads

LinkedIn

LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Privacy policy: https://www.linkedin.com/legal/privacy-policy

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Twitter

Twitter is operated by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Privacy policy: https://twitter.com/de/privacy

Opt-Out: https://twitter.com/personalization

Xing

Xing is operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Privacy policy and opt-out: https://privacy.xing.com/de/datenschutzerklaerung

Newsletter

You can register to receive our newsletter. To send our newsletter, we use the newsletter delivery service e3 Software, LLC, 1166 East Warner Road, Suite 101, Gilbert, AZ 85296 USA (“Direct Mail”).

Our newsletter is published regularly and contains information on legal topics that are particularly relevant for start-ups as well as general trends in the start-up scene. It also provides information about our workshops and dates of pitch events (this may include, in particular, references to blog posts, lectures or workshops, our services or online presences).

To register, you must provide us with your email address. You can voluntarily provide us with additional information, such as your name. The registration takes place in a so-called double opt-in procedure. After registering on our website, you will receive a confirmation email from us in which you have to confirm the registration again. This entire process is documented and stored. This includes the storage of the registration and confirmation time as well as your IP address. The collection of this data is necessary so that we can trace the processes in the event of misuse of the email address and therefore serves our legal protection. By subscribing to our newsletter, you agree to receive it.

The legal basis for the processing of your data after you have subscribed to the newsletter is Art. 6 para. 1 lit. a GDPR if you have given your consent.

Your data will be stored on Direct Mail’s servers. Direct Mail uses this information to send the newsletter.

You can revoke your consent to the storage and use of your personal data to receive the newsletter at any time with effect for the future. For the purpose of revoking your consent, you can use the link provided for this purpose in the newsletter.

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Your email address will therefore be stored if the subscription to the newsletter is active. We also store your email address in connection with your registration date and your consent as proof of subscription to the newsletter for up to three years. The processing of this data is limited to the purpose of a possible defence against claims against us. If you have objected to the processing of your data within the scope of the newsletter, we will store your email address in a blacklist to prove the objection.

For further information on data protection, please refer to Direct Mail’s https://de.directmailmac.com/privacy:

Email

Due to legal requirements, we provide an email address on our website that enables you to contact us quickly and electronically and to communicate with us directly. If you contact us by email, the personal data you send us will be stored automatically.

However, we use the personal data you provide exclusively for processing your specific enquiry. The data provided will always be treated confidentially.

The legal basis for processing the data transmitted while sending an email is Art. 6 para. 1 p. 1 lit. f GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

You have the option of applying to us by post or email.

We can only carry out the application process if you provide us with the necessary applicant data. The necessary applicant data is either marked or results from the respective job description. The necessary applicant data basically includes personal details, postal and contact addresses as well as the documents belonging to the application, such as cover letter, curriculum vitae and certificates. You can also voluntarily provide us with additional information.

By submitting your application to us, you consent to the processing of your data for the purposes of the application process.

The legal basis for the processing of personal data is the fulfilment of our (pre-)contractual obligations in the context of the application procedure within the meaning of Art. 6 para. 1 p. 1 lit. b. GDPR. Furthermore, the legal basis is our legitimate interest Art. 6 para. 1 lit. f. GDPR if the data processing becomes necessary for us, e.g., within the scope of legal procedures. If you voluntarily provide us with special categories of personal data within the meaning of Art. 9 para 1 GDPR (e.g., health data, severely disabled status or ethnic origin) as part of the application process, the legal basis for processing is Art. 9 para 2 lit. b GDPR. If we request special categories of personal data from you within the meaning of Art. 9 para 1 GDPR as part of the application process (e.g., health data), the legal basis for processing is Art. 9 para 2 lit. a GDPR.

If you send us applications by email, we would like to expressly point out that emails are generally not sent in encrypted form and ask you to encrypt your emails yourself. We also recommend that you send your application by post.

In the event of a successful application, the data you provide as part of the application process may be processed by us for the purposes of the employment relationship.

If your application is unsuccessful, your data will be deleted after six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Your data will also be deleted if you withdraw your application. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

4. DATA SUBJECT RIGHTS

If your personal data are processed, you are entitled to the following rights in particular as a data subject within the meaning of the GDPR:

Right of access (Art. 15 GDPR).

You have the right to request confirmation as to whether we are processing data relating to you. You also have the right to obtain from us, at any time and free of charge, information about the personal data stored about you and a copy of this data in accordance with the legal requirements.

Right to rectification (Art. 16 GDPR)

You have the right to demand the immediate correction and/or completion of any inaccurate or incomplete personal data relating to you. We shall carry out the rectification without delay.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request us to restrict processing if one of the legal requirements is met.

Right to erasure/ Right to be forgotten (Art. 17 GDPR)

You have the right to request that we erase personal data relating to you without undue delay if one of the legal grounds applies and to the extent that the processing is not necessary.

Right to information

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients.

Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements. You also have the right to transfer this data to another controller without hindrance from us in accordance with the legal requirements. Furthermore, you have the right, in accordance with the law, to have the personal data transferred directly from us to another controller, insofar as this is technically feasible and insofar as this does not affect the rights and freedoms of other persons.

Right to object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para 1 p. 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

We will no longer process the personal data in the event of objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You can contact us at any time to exercise your right to object.

Right to revoke consent

You have the right to revoke your consent to the processing of personal data at any time. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Date: January 2022

Get in touch