General Information on Data Protection
When you visit our website, we handle your personal data carefully. ‘Personal data’ refers to any information that can identify you. Below, you’ll find a straightforward summary of how we handle this data and your related rights, as outlined under the EU’s General Data Protection Regulation (GDPR) and other relevant laws.
Our Commitment to Data Minimization:
Collection and Use of Data: We only gather and use your personal data for specific, necessary purposes, like responding to your inquiries or processing bookings.
Your Data Protection Rights:
We’re committed to protecting your personal data and ensuring transparent data processing.
As outlined in Articles 13 and 14 of the GDPR, we aim to provide you with all the necessary information to understand and exercise your data protection rights.
Our company, as defined by the GDPR, the Federal Data Protection Act (BDSG), and other data protection laws, is responsible for the data processing activities on our website.
For more details about our organization, please refer to our website’s imprint.
This data protection guide is organized into the following sections:
Information about the responsible persons
Data processing on our website
Data processing in the context of our business and statutory performance
Data subject rights
Responsible for data collection:
ArbeitsLabs GmbH
Burgemeisterstr. 32
12103 Berlin
Germany
Tel.: 00
Email: [email protected]
Website: http://startupberlin.co
Our Website
To ensure the security of our website, we use a valid and modern Secure Sockets Layer (SSL) certificate. This means that any personal data you enter on our site is encrypted, making it secure against interception by third parties. You can recognize a secure connection by the lock symbol in your browser. By clicking on this symbol, you can view our digital proof of identity. Rest assured, the encryption technology we use is state-of-the-art and effectively protects your data during transmission.
Protection of Minors
Our website is primarily intended for adult users. Individuals under the age of 18 should not provide us with personal data without the consent of their parents or legal guardians. We take the protection of minors very seriously and comply with applicable legal requirements in this regard.
Hosting
Our website is hosted with the help of external service providers. These hosting services are essential for providing our online platform and include infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance. We and our hosting provider process various types of data, including inventory, contact, content, contract, usage, meta, and communication data of our customers, interested parties, and visitors. This processing is based on our legitimate interests in efficiently and securely offering our online services, in accordance with Art. 6 para. 1 lit. f GDPR. Additionally, we have a data processing agreement with our hosting provider, as required by Art. 28 GDPR, to ensure the protection and confidentiality of your data.
Provision of the Website and Log Files
When you visit our website for information purposes (i.e., without actively transmitting data to us), entering personal data is not necessary. However, every time you access our site, certain information is automatically collected to ensure the website’s functionality and security. This includes:
This information is technically necessary for us to display the website to you and is collected in accordance with our legitimate interests as a website operator under Art. 6 para. 1 lit. f. GDPR. This includes ensuring the technical presentation, stability, and security of the website.
The storage of your IP address during your visit is essential for delivering the website to your device. It is stored only for the duration of your session. The collection of data in log files ensures our website’s functionality, optimization, and the security of our IT systems, such as detecting potential attacks. We do not use this data for marketing purposes.
This data is deleted once it is no longer needed for the purpose for which it was collected. For the data collected to provide the website, deletion occurs at the end of your session. Data stored in log files is deleted after no more than 7 days. However, longer storage may occur if there are indications of an unlawful attack on our systems.
Our website uses cookies to enhance your experience. Cookies are small text files stored on your computer by your web browser. They’re harmless – they can’t run programs or spread viruses. They help make our website more user-friendly and efficient. We use cookies based on our legitimate interest (Art. 6 para. 1 lit. f. GDPR) to create a website that’s easy to navigate and continuously improved.
Types of Cookies Used:
Managing Cookies:
You can customize your browser settings to block certain types of cookies. Be aware that this might limit your ability to use all features of our website.
To browse our site without cookies, adjust your browser settings accordingly. Check your browser’s help function for instructions on disabling cookies. Please note that this could affect the website’s functionality and user experience.
To manage your online ad cookie preferences, visit Your Online Choices (Europe) or About Ads (USA).
Including specific details about how you use Slack in your organization provides clarity to users about the purpose and scope of data processing. It’s beneficial to add these details to ensure transparency, especially under GDPR guidelines. Here’s how you can incorporate this information into the paragraph:
Slack for Community Engagement and Information Sharing
We utilize Slack, provided by Slack Technologies, Inc., located at 500 Howard Street, San Francisco, CA 94105, USA, as our interactive chat space. Our Slack platform serves as a vibrant community hub where people can join to chat, share listings such as job opportunities, accommodations, events, and engage in discussions to ask and answer questions.
In this collaborative environment, Slack processes personal data to facilitate communication and information sharing among members. Acting as a data processor on our behalf, Slack operates under a data processing agreement in compliance with Art. 28 GDPR. Despite stringent data protection measures, it’s important to be aware that data transfers to countries like the USA, where Slack stores data, are subject to standard contractual clauses as per Art. 46 sentence 2 lit. c GDPR. The USA, as per current ECJ standards, does not offer an equivalent level of data protection to that of the EU. Consequently, there is a possibility of US authorities accessing your data without the opportunity for legal recourse.
When you use our Slack platform, you may share data such as your name, email, messages, and other information relevant to the listings and discussions. This data is essential for fostering a dynamic and resourceful community. We ensure that your data within Slack is handled with confidentiality and is not shared with third parties without your explicit consent.
We retain the data on Slack as long as it is relevant for community engagement and project management, or until you request its deletion. This retention is also subject to legal requirements. For more information about Slack’s data handling practices, please visit their Privacy Policy at: https://slack.com/trust/privacy/privacy-policy.
WordPress for Hosting and Content Management
We use WordPress, a popular content management system provided by Automattic Inc., located at 60 29th Street #343, San Francisco, CA 94110, USA, for hosting our blog, company listings, job postings, event listings, and other user-submitted content. WordPress serves as a versatile platform enabling us to publish diverse content and provide valuable resources to our community.
In managing and displaying this content, WordPress processes personal data necessary for content publication and website functionality. As a data processor, WordPress adheres to a data processing agreement in line with Art. 28 GDPR. However, we emphasize that data may be stored on servers in the USA, where data protection laws differ from those in the EU. This means there could be scenarios where your data is accessible to US authorities under their legal framework, which might not provide the same level of protection as in the EU.
The types of data processed through our WordPress site include names, email addresses, and any other information you may provide in listings, job postings, or event details. This information is crucial for enabling user interaction, information sharing, and community engagement on our platform. We are committed to maintaining the confidentiality of your data and do not share it with third parties without your explicit consent.
We retain your data on WordPress for as long as it serves its intended purpose or until you request its removal, always considering legal retention obligations. For detailed insights into WordPress’s data protection practices, please refer to Automattic’s Privacy Policy at https://automattic.com/privacy/.
Zapier for Workflow Automation and Integration
We utilize Zapier, a tool provided by Zapier Inc., headquartered at 548 Market St #62411, San Francisco, California 94104-5401, USA, to automate workflows and integrate various web applications. Zapier acts as a bridge, enabling seamless data transfer and process automation across different online services we use.
In this capacity, Zapier processes personal data as required for automating and connecting different applications. As a data processor operating under a data processing agreement, Zapier complies with Art. 28 GDPR. Although Zapier implements robust data protection measures, it’s important to be aware that data handled by Zapier may be stored or processed in the USA, where data protection laws may not offer the same level of protection as in the EU. This means there could be circumstances under which your data is accessible to US authorities under their legal system.
The types of data processed through Zapier depend on the specific applications being integrated and the workflows being automated. This could include names, email addresses, and other relevant information necessary for the smooth functioning of the automated processes. We are committed to ensuring the confidentiality of your data and do not disclose it to third parties without your explicit consent.
Data retention via Zapier is limited to the period necessary for the intended automation and integration purposes, or until you request its deletion, adhering to legal retention requirements. For more comprehensive information about Zapier’s data protection practices, please visit their Privacy Policy at https://zapier.com/privacy/.
Google Analytics for Web Analytics Service
Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use this service to understand how our website is used, which helps us optimize and improve our marketing efforts. This processing of user data aligns with our legitimate interests as per Art. 6 para. 1 lit. f GDPR. If you give us consent, which is valid for 24 months, we’ll process your data in accordance with Art. 6 para. 1 lit. a GDPR. You can always withdraw your consent through your browser’s cookie settings.
Google Analytics works by using cookies, small text files stored on your computer, to track how you interact with our website. While Google Ireland Limited provides this service within the European Economic Area (EEA) and Switzerland, the information might be transferred to and stored by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, based on your consent as per Art. 49 para. 1 lit. a GDPR. It’s important to note that the European Court of Justice views the USA as having different data protection standards than the EU. This means there’s a possibility that US authorities could access your data for monitoring purposes without the same legal protections you’d have in the EU.
The data collected by Google Analytics is kept for 24 months unless you delete the cookies or change your settings sooner. Google uses this data to help us analyze visitor behavior, compile reports on website activities, and provide other services related to website usage.
Data Protection and Data Security in Google Analytics
For data transfers to Google LLC in the USA, we use the EU standard contractual clauses as a safeguard. These clauses are in line with Art. 46 GDPR and ensure an adequate level of data protection as recognized by the EU. Google also continues to adhere to the standards of the EU Privacy Shield, although it has been invalidated by the European Court of Justice (ECJ).
IP anonymisation
For IP anonymisation on our website, we have enabled a specific function. It shortens your IP address within EU member states or other EEA states before being transmitted to the USA. This shortening happens right in the EU or EEA, except in rare cases where the full IP address might be sent to a Google server in the USA and then shortened. Google uses this anonymized IP information on our behalf to analyze your usage of our website, compile activity reports for us, and provide other related services. Rest assured, your IP address is not merged with other Google data. We specifically use the “_gat._anonymizeIp” addition to ensure that IP addresses are shortened by Google, enhancing your privacy.
Browser add-on
You have control over how your data is collected by Google Analytics. If you prefer not to have your website activity monitored, you can install a browser add-on to disable Google Analytics. This add-on prevents data collection during your visits to our site. While you can also refuse the use of cookies through your browser settings, please note that doing so may affect the full functionality of our website.
https://tools.google.com/dlpage/gaoptout.
Objection to Data Collection by Google Analytics
If you prefer that your website activity isn’t tracked by Google Analytics, you have options. You can download a browser add-on to prevent Google Analytics from collecting data about your website visits. The add-on, which you can install from this link: https://tools.google.com/dlpage/gaoptout. , sets an opt-out cookie on your device. This cookie stops Google Analytics’ JavaScript (like gtag.js, ga.js, analytics.js, and dc.js) from sharing your activity data with their service.
Also, you can adjust your browser settings to refuse cookies. While this gives you more control over your data, it might affect your ability to fully use our website’s features.
For a deeper understanding of how Google Analytics manages user data, you can read more in their privacy policy here: https://support.google.com/analytics/answer/6004245
Google reCAPTCHA
On our website, we use Google reCAPTCHA, a service by Google LLC, to distinguish between human users and automated bots. This helps us prevent automated spam and ensures secure interaction on our site.
We use Invisible reCAPTCHA V3, which operates in the background without requiring any direct action from you. It analyzes various elements like cursor movements and your IP address to determine if you’re a human or a bot. This analysis includes information such as:
The primary goal of reCAPTCHA is to verify whether interactions on our site, like in a contact form, are made by humans or automated programs. This analysis starts as soon as you enter our website and considers various data points. Google may set cookies as part of this process, and the data collected is sent to Google.
These analyses are unobtrusive, but it’s important for you to know that they occur. We process this data based on Art. 6 para. 1 lit. f GDPR, aiming to protect our website from automated abuse and spam. Using Google reCAPTCHA is a technical necessity for our website’s security as per Art. 32 GDPR, and there’s no equivalent alternative from EU service providers. If you’ve consented, you can withdraw this consent at any time.
Google Ireland Limited, based in Dublin, Ireland, is the responsible data controller for services in the EEA and Switzerland since 22.01.2019. While data is usually stored on servers in the EEA, there might be instances where data is transferred to Google LLC in the USA. We use standard contractual clauses for such transfers to ensure a level of data protection adequate by EU standards. However, please be aware that the USA is considered by the ECJ to have a different level of data protection, and there’s a risk of your data being processed by US authorities without legal remedies.
If you prefer not to have data about your website visit collected by Google, you can manage cookie settings in your browser to delete or block them.
For more details, please refer to Google’s privacy policy and reCAPTCHA information on the following links: https://www.google.com/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
YouTube Video Service
On our website, we use the video service of YouTube LLC, a subsidiary of Google LLC since 2006, based in San Bruno, California, USA. This allows us to post our own videos and make them publicly available. When we mention ‘affiliated’ companies of YouTube, we’re referring to the companies within the Alphabet Inc. group as defined by section 15 of the German Stock Corporation Act.
We embed YouTube videos directly on our site as part of our commitment to public relations and expression of freedom, under Art. 6 para. 1 lit. f GDPR. If you give your consent, this processing aligns with Art. 6 para. 1 lit. a GDPR, and you can withdraw this consent anytime in the future.
Since 22.01.2019, the service within the EEA and Switzerland has been provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as the responsible ‘Data Controller’. Google Ireland Limited usually manages this service under a commissioned processing agreement per Art. 28 GDPR. However, for service provision, some data might be transferred to Google LLC in the USA. To ensure an adequate level of data protection for this transfer, we use the EU standard contractual clauses. Additionally, under Art. 49 para. 1 lit. c GDPR, this data transfer is necessary to fulfill a contract with Google, allowing us to provide information interactively via video. If the service is activated with your consent (Art. 6 para. 1 lit. a GDPR), any data transfer to Google LLC in the USA and other countries relies on the given consent, in line with Art. 49 para. 1 lit. a GDPR. Please be aware that the USA is considered by the ECJ to have a lower level of data protection compared to the EU, meaning there’s a risk of your data being processed by US authorities without adequate legal remedies.
If you don’t permit cookies, you’ll be redirected to YouTube directly. While we’re not responsible for content on external websites, be mindful that YouTube, as per its own data usage guidelines, stores and uses user data (like personal information and IP address) for business purposes. YouTube uses Google LLC’s DoubleClick function for advertising in its video service.
You can prevent these cookies through your browser settings. If you use YouTube’s extended data protection mode, Google won’t set cookies.
For more details on their privacy practices, you can visit Google/YouTube’s privacy policy at: https://policies.google.com/privacy
Social Media Plugins
Our websites incorporate plugins from popular social media services as part of our public relations strategy, aligned with our legitimate interests under Art. 6 para. 1 lit. f GDPR. These services include:
By default, these plugins can collect data, including your IP address, and send it to their respective servers for storage and processing. To enhance user control and privacy, we’ve implemented a two-click solution. The plugins are initially inactive; only after you click on the respective social media icon, you’ll be directed to that platform. These providers also use cookies to track your usage patterns, even if you’re not a member of their networks.
If you’re logged into these networks while visiting our site, your data and website visit information could be linked to your social network profile. We don’t have control over the exact data these providers collect. For details on how they process your data and to learn about your privacy rights and settings, please refer to their privacy policies:
Typeform for Online Forms and Surveys
We use Typeform, an online form service provided by TYPEFORM SL, located in Barcelona, Spain, for our signup forms, surveys and contact forms. This service enables you to sign up to our community chat, and overall to participate in our community.
When you use Typeform, your personal data is processed by them on our behalf, in line with a data processing agreement as per Art. 28 GDPR. Be aware that Typeform also processes data in countries outside the EU, like the USA. Data transfers to these countries are based on EU standard contractual clauses under Art. 46 para 2 lit. c GDPR, aiming to ensure a sufficient level of data protection. However, it’s important to note that, according to the ECJ, the USA does not currently meet EU data protection standards. U.S. laws might require U.S. service providers to disclose personal data to security authorities without an option for you to challenge this. We have no control over such processing activities by U.S. authorities.
Providing personal data in contact or survey forms is not a legal or contractual requirement. However, without it, we might not be able to process your inquiries or contact you, send you relevant information or welcome you to our invite only services. You can also reach us via email at [email protected]. The data processed includes basic information, contact details, contract data, and payment information, used only for handling your inquiries or contracts.
Typeform also uses cookies to collect information about your device and usage data, like the date and time you used the contact form. This data is essential for displaying and functioning of the form and is processed based on Typeform’s legitimate interest (Art. 6 para. 1 lit. f GDPR) and for contract execution (Art. 6 para. 1 lit. b GDPR). More information about how Typeform uses this data can be found here.
https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data
For options to object or opt-out of data processing by Typeform, please refer to this link:
https://admin.typeform.com/to/dwk6gt.
The processing of personal data via the online form is based on Art. 6 para. 1 lit. b GDPR for contract initiation or conclusion. If processing is necessary to respond to or contact you, it’s in line with our legitimate interests under Art. 6 para. 1 lit. f GDPR to ensure effective communication. The data will be deleted when it’s no longer needed for these purposes.
Registration, implementation and administration of events
We utilize Eventbrite, a platform provided by Eventbrite Inc., for booking our events. When you choose to book an event on our website, clicking the designated button or link will take you to Eventbrite’s website for the booking process. Through Eventbrite, we collect essential personal data such as your name, email address, billing address, payment details, date of birth, and information about the events you book and attend. This data collection helps us manage event registrations and communicate effectively with attendees.
To understand how Eventbrite, acting as our processor, handles and safeguards your personal data, you can review their Data Processing Addendum at Eventbrite Data Processing Addendum: https://www.eventbrite.de/support/articles/de/Troubleshooting/datenverarbeitungsnachtrag-fuer-veranstalter
Further details on their personal data processing practices can be found in their Privacy Policy at Eventbrite Privacy Policy: https://www.eventbrite.de/support/articles/de/Troubleshooting/datenschutzrichtlinie-von-eventbrite
As the organizer, we receive your data from Eventbrite to authenticate your attendance and provide relevant information for the event. This data processing is grounded in the contractual relationship you enter with us, as outlined in Art. 6 para. 1 lit. b GDPR.
Eventbrite’s main office is located at 155 5th Street, Floor 7, San Francisco, CA 94103, USA, with its European representation by Eventbrite NL BV in Amsterdam, The Netherlands. Be aware that data transfers to the USA adhere to standard data protection clauses per Art. 46 sentence 2 lit. c GDPR. This ensures an adequate level of data protection in these transfers. For comprehensive information on Eventbrite’s data protection measures, please visit their detailed policy at Eventbrite Data Protection: https://www.eventbrite.de/support/articles/de/Troubleshooting/datenschutzrichtlinie-von-eventbrite.
Contact form
When you reach out to us using our contact forms, we store the information you provide, including your contact details, to process your inquiry and for any follow-up questions. This data storage is based on our legitimate interest in effectively responding to your requests, in line with Art. 6 para. 1 lit. f GDPR. Providing your personal data in the mandatory fields is essential for us to respond to your inquiry. There are also options to voluntarily provide additional information, which we process according to Art. 6 para. 1 lit. a GDPR.
If your inquiry relates to starting, concluding, or fulfilling a contract or membership, we process your data under Art. 6 para. 1 lit. b GDPR. For this, a clear description of your request is necessary. Rest assured, your data is handled confidentially and won’t be shared with third parties without your consent. The data you provide in the contact form is also linked with other communication data we may have. We utilize Typeform tool for managing our signup and contact forms, adhering to a data processing agreement in accordance with Art. 28 GDPR.
Your data from the contact form is retained until you ask us to delete it, withdraw your consent for storage, or the need for storing the data ceases (like after your request has been fully processed). However, this does not affect any mandatory legal retention periods that we are obliged to follow.
Contact by email
We can be contacted via the email addresses provided. In this case, the personal data of the sender, i.e. the user, transmitted with the inquiry will be stored. In this context, we would like to point out that transmission as an unencrypted email poses certain security risks, as it cannot be ruled out that the data may be read or accessed by unauthorised persons. The processing of this data, which is transmitted in the course of sending a request, is carried out on the legal basis of Art. 6 para. 1 lit. f. GDPR of our legitimate interests to answer your request satisfactorily. If the request is aimed at the fulfilment of an existing contract or the conclusion of a new contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR for the initiation and fulfilment of a contract. The processing of this personal data serves us solely to process the contact. Your data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by email, this is the case when the respective request is answered and the conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified and no contract has been concluded. Inquiries regarding the contractual relationship are stored for the duration of the existing contractual relationship or membership.
All personal data stored in the course of contacting us will be deleted in this case, provided that there are no legal retention periods to the contrary.
Internal Access:
Within our organization, access to your data is limited to departments and individuals who require it to fulfill our contractual and legal obligations.
External Service Providers:
For maintenance and support, we share your data with our IT and software service providers. These external service providers process your data on our behalf, following a data processing agreement as outlined in Art. 28 GDPR.
Transfers to Third Countries:
Data processing outside the EU or EEA occurs only under certain conditions. This includes fulfilling our contractual obligations, based on your consent, due to legal obligations, or if it aligns with our legitimate interests. Any such data processing is subject to the specific conditions set forth in Art. 44 et seq. GDPR. We ensure that data processing in third countries, such as through EU adequacy decisions or standard contractual clauses, meets the necessary data protection standards.
Data Transfer to the USA:
We use services from companies based in the USA, integrated into our website. If these services are used, your personal data may be transferred to their US servers. It is important to note that, according to the European Court of Justice, the USA does not currently meet the EU’s standards for data protection. US laws may require service providers to disclose your personal data to security authorities without a chance for you to contest it. Consequently, there is a possibility that US authorities might process, evaluate, and store your data for surveillance purposes. We do not have control over these processing activities by US authorities.
Contractual services with business partners
In our interactions with contractual partners, clients, suppliers, service providers, and customers, we process data in line with Art. 6 para. 1 lit. b. GDPR. This processing is essential for providing our contractual or pre-contractual services. The data includes essential information like names and addresses (master data), contact details such as email addresses and phone numbers, contractual data (services used, contract contents, communication), and payment information like bank details and payment history. We handle special categories of personal data only if they’re part of a commissioned or contractual processing.
The necessity for data processing stems from the requirements of the contractual services. We clarify the need to disclose data, unless it is already clear to our contractual partners. We only share data with external entities if it is pertinent to the contract. When processing data for an order, we follow our clients’ instructions and legal requirements.
Online Services and IP Storage:
For users of our online services, we may store IP addresses and the timing of user actions. This storage is driven by our legitimate interests in protecting users from misuse and unauthorized use. Generally, we don’t share this data with third parties unless it’s required for pursuing our claims as per Art. 6 para. 1 lit. f. GDPR or if there’s a legal obligation under Art. 6 para. 1 lit. c. GDPR.
Data Deletion and Retention:
Data is deleted when it’s no longer needed for fulfilling contractual or legal responsibilities, including warranty and similar obligations. Beyond this, we adhere to statutory retention obligations.
Photographs at company events
During our company events, we take photographs for internal documentation and public relations, following our legitimate interests under Art. 6 para. 1 lit. f GDPR. These photos may be used internally, shared with employees, or published on our website and social media platforms, including Facebook, Instagram, Twitter, and LinkedIn.
The primary data we process in this context are photographs of event participants. The basis for capturing and publishing these images is either our legitimate interest as per Art. 6 para. 1 lit. f GDPR or, when applicable, the explicit consent of the individuals (Art. 6 para. 1 lit. a GDPR).
In cases where an external photographer is engaged, the photos they provide are used strictly in accordance with data minimization principles. The images are shared within StartupBerlin.co for creating publications and with employees. They are also shared with external entities like our social media platforms and IT service providers, all within the bounds of our contractual and legal obligations.
We store photos used for public relations indefinitely unless an individual in the photo objects. It’s important to be aware that once online, photos can be accessed by others, and control over their subsequent use is limited. If you object to the use of a particular photo, we will accommodate your request in future publications, but it may not be possible to remove the photo from already printed materials.
For comprehensive details on how these photos are handled, please refer to the privacy policies of the respective platforms and services.
Data Processing at Trade Fairs and Handling of Business Cards
When you share your contact details with us at trade fairs, such as by giving us your business card, we store this information in our CRM system. We use your data to contact you as you have requested, to initiate or maintain a business relationship, and to send you informational material, following the guidelines of Art. 6 para. 1 lit a, b, and f GDPR. Your data is retained only until your request has been fulfilled or the purpose of processing no longer applies, and it will be deleted unless legal retention obligations require otherwise.
Direct Advertising
Upon receiving your email and postal address during contract negotiations or completion, we may use this data to inform you about our similar products and service offers via email and post. This is in line with our legitimate interest in direct marketing, as per Art. 6 para. 1 lit. f GDPR. If you prefer not to receive such advertising information, you have the right to object to the use of your contact data for these purposes at any time in the future. This objection will not incur any costs beyond the basic rates for transmission. To opt-out, you can send your objection by mail or email to our contact address (please provide the specific contact details here).
ArbeitsLabs GmbH
Burgemeisterstr. 32
12103 Berlin
Germany
Tel:
Email: [email protected]
Within Our Organisation:
Access to your personal data within our organisation is limited to those entities that require it to fulfill our contractual and legal obligations.
External Service Providers:
We share your data with external service partners, such as IT and software service providers for maintenance and support, as part of delivering our services. The processing of your data by these service providers is conducted under a data processing agreement in accordance with Art. 28 GDPR.
Collaboration with Other Partners and Third Parties:
To provide our services or when legally required, we collaborate with various partners and third parties. These may include:
Craft businesses, architectural offices, and other service companies for specific projects.
We prioritize processing your data within the EU. However, if we engage service providers outside the EU, we ensure an adequate level of data protection before transferring your personal data. This includes establishing a data protection level equivalent to EU standards, either through EU standard contractual clauses or an EU adequacy decision.
Origin of Personal Data
In our business operations, we process personal data that we receive during our business relationship with you. For providing our services and executing contracts, we sometimes use data obtained from other companies within our group or from third parties like credit agencies, but only when it’s legally permissible or with your consent. We also process data from publicly accessible sources, such as trade registers and the media, when it’s lawful and relevant to our services.
Categories of Personal Data
The types of personal data we handle include:
We process and store your personal data as long as it’s necessary for our ongoing business relationship, including for contract initiation and execution. We also retain data for as long as required to meet warranty and guarantee obligations. Moreover, we’re legally bound to store certain data, as dictated by the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). These laws mandate storage periods of up to six years under commercial law (Section 257 HGB) and up to ten years under tax law (Section 147 AO). Once the purpose of data storage no longer applies and legal retention periods do not mandate further storage, we delete the personal data.
As a data subject under the GDPR, you have certain rights regarding your personal data that we process.
Information, Blocking, Deletion, and Correction:
You’re entitled to free information about your stored data, its origin, recipients, and the purpose of its processing, along with the right to correct, block, or delete this data, if legally permissible.
Restriction of Processing:
You can request the restriction of processing of your personal data. For instance, if you dispute the accuracy of your stored data, we will need time to verify it. During this period, you can request a restriction on processing. If your data has been processed unlawfully, you can choose to restrict processing rather than having it deleted. Similarly, if you need your data for legal claims after we no longer need it, you can request restriction instead of deletion. In cases where an objection under Art. 21 para. 1 GDPR is made, and it’s unclear whose interests prevail, you have the right to request a restriction of processing until it’s determined.
Data Portability:
You have the right to receive your data, which we process based on your consent or a contract, in a standard, machine-readable format, and to have it transferred to another controller, if technically feasible.
For any concerns or requests regarding your data, you can contact us using the information provided in our imprint.
Revocation of Consent to Data Processing
Your consent is essential for certain data processing activities. If you’ve given us consent for data processing, you have the right to revoke it at any time. To do so, a simple email to us will suffice. Please note that revoking consent does not affect the legality of any data processing that occurred before the revocation.
Right to Object to Data Processing (Art. 21 GDPR)
If we process your data based on Art. 6 para. 1 e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your specific situation. This includes any profiling based on these provisions. The legal basis for our data processing can be found detailed in this privacy policy. Upon your objection, we will stop processing the personal data in question unless we can provide compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims (under Art. 21 para. 1 GDPR).
Specifically, if your data is being processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which also applies to profiling to the extent that it is associated with such direct marketing. Following your objection, we will cease to use your personal data for direct marketing purposes (under Art. 21 para. 2 GDPR).
Right of Complaint to a Supervisory Authority
If you believe that the processing of your personal data violates GDPR regulations, you have the right to lodge a complaint with a supervisory authority. This can be done in the Member State where you live, work, or where the alleged violation occurred. This right to complain is in addition to any other administrative or judicial remedies you may have.
Rights Regarding Data Processing Based on Legitimate Interest
Under Art. 21 para. 2 GDPR, you can object at any time, for reasons related to your specific situation, to our processing of your personal data when it’s based on Art. 6 para. 1 e GDPR (data processing in the public interest) or Art. 6 para. 1 f GDPR (data processing based on a legitimate interest). This includes any profiling derived from these provisions. If you object, we will cease processing your personal data unless we have compelling legitimate reasons for the processing that outweigh your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
Rights in Case of Direct Advertising
If we process your personal data for direct marketing purposes, you have the right under Art. 21 para. 2 GDPR to object at any time to the processing of your personal data for such marketing, including profiling to the extent it is related to such direct marketing.
Upon your objection to processing for direct marketing purposes, we will no longer use your personal data for these activities. You can make this objection informally, and it is best directed to our designated contact point:
ArbeitsLabs GmbH
Burgemeisterstr. 32
12103 Berlin
Germany
Tel:
Email: [email protected]
Legal and Contractual Requirements for Providing Personal Data
We want to inform you that in certain cases, providing personal data is a legal requirement, such as for tax purposes, or it might arise from contractual obligations, like needing information about a contractual partner. When entering into a contract with us, it’s necessary for you to provide personal data. Without this data, we may have to decline the establishment of the contract, or it might hinder our ability to fulfill an existing contract, potentially leading to its termination. Additionally, if there is a legal requirement for you to provide personal data, you are obliged to do so.
Should you have any questions about the necessity of providing personal data for contractual or legal purposes, you are welcome to consult our data protection officer. The officer can clarify, on a case-by-case basis, whether providing personal data is legally or contractually required, if there is an obligation to provide the data, and the implications of not providing it.
Automated decision-making, performance of profiling
In the context of establishing and conducting business relationships, we do not rely on automated decision-making processes as defined in Art. 22 GDPR. Our decisions are made with human judgment and consideration, ensuring a personal and fair approach to all our business dealings.
Objection to Advertising Emails
We strictly object to the use of contact details, published as part of our imprint obligations, for sending unsolicited advertising and informational materials. Should you receive such unwanted advertising, like spam emails, despite this prohibition, we reserve the right to take legal action. Our commitment is to maintain a respectful and spam-free communication environment.
Updates to the Data Protection Declaration
Our data protection declaration may undergo modifications to reflect changes in internet technology or our services. Any significant updates will be promptly announced on this page. We encourage you to visit this page regularly to stay informed about our current data usage practices and policies.
(Current status: October 2022)
Add a startup, accelerator or investor.
Sign up for our monthly members generated upates.
Curated directory of technology focused companies, events and resources from the Berlin startup scene. Addition to the 8500+ members Slack chat group. Join now by invite request.
