We manage our website content in accordance with the principles set out below:
We undertake to comply with the legal rules on data protection and always endeavor to observe the principles of data avoidance and data minimisation.
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union as well as other data protection regulations is:
Startup Events GmbH
Rumford Road 15
You can reach the controller’s Data Protection Officer as follows:
SiDIT GmbH, Langgasse 20, 97261 Güntersleben, firstname.lastname@example.org
We process your personal data such as your surname and first name, your e-mail address and IP address, etc. only if there is a legal basis for doing so. The following provisions are specifically relevant here under the General Data Protection Regulation:
The transfer of personal data is also processing within the meaning of the previous sec. 3. However, at this point we would like to inform you again separately about the subject of data transfer to third parties. The protection of your personal data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.
Transfer of data to third parties will thus only take place if there is a legal basis for the processing. For example, we disclose personal data to persons or companies who act for us as processors in accordance with Art. 28 GDPR. A processor is anyone who processes personal data on our behalf - i.e. in particular in the context of a relationship in which we are authorised to issue instructions and exercise control.
In accordance with the requirements of the GDPR, we conclude a contract with each of our processors in order to impose a duty on them to comply with data protection rules and thus ensure comprehensive protection of your data.
Your personal data will be erased by us if they is no longer necessary for the purposes for which they were collected or otherwise processed, if processing is not necessary to safeguard the right to freedom of expression and information, in order to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser’s address bar.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
When cookies are used, a distinction is made between technically necessary cookies and "other" cookies. Technically necessary cookies are those that are absolutely necessary to provide an information-based service that you have expressly requested.
In order to make the use of our web content more enjoyable for you, we use so-called session cookies (e.g. language and font selection, shopping cart, etc.) These session cookies fall under the category of technically necessary cookies and are automatically deleted after you leave our site. The legal basis for the cookies is found in Art. 6 (1) (1) (f) GDPR, and arises out of our legitimate interest in error-free operation of our website and our interest in optimising the way we provide our services to you.
Other cookies include cookies for statistical, analysis, marketing and retargeting purposes.
We use these cookies either for a legitimate interest according to Art. 6 (1) (1) (f) GDPR in improving and optimising our content for you or based on your consent according to Art. 6 (1) (1) (a) GDPR.
We inform you that your withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until you notify us that you are withdrawing consent.
When you access our website, the browser used on your end device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is erased automatically:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which access taks place (referrer URL)
- the browser used and, if applicable, the operating system of your computer as well as the name of your access provider
The foregoing data will be processed by us for the following purposes:
- Ensuring a smooth connection with our website
- Ensuring that you are able to use our website comfortably
- Evaluating system security and stability
- Error analysis
- Other administrative purposes
Data permitting conclusions to be drawn about your identity, such as the IP address, will be erased after 7 days at the latest. If we store the data beyond this period, they will be pseudonymised so that they can no longer be associated with you.
The legal basis for this data processing is Art. 6 (1) (1) (f) GDPR. Our legitimate interest follows from the purposes of data collection listed above. In no case will we use the collected data for the purpose of drawing conclusions about your identity.
In connection with the formation of a contract, only the personal data that are absolutely necessary for performance of the contract will be processed, in accordance with Art. 6 (1) (1) (b) GDPR. Additional personal data will be processed on the basis of our legitimate interest to the extent you provide further information in this regard, Art. 6 (1) (1) (f) GDPR.
If you wish to pay for the ticket on account, the payment will be processed directly by us. In this case, we will process the data you provide for the payment process in order to perform our contractual obligations, so that the data processing is based on Art. 6 (1) (1) (b) GDPR.
Otherwise, payment processing is carried out via Xing Events GmbH and its service providers. For this purpose, you will be redirected by us to the website of Xing Events GmbH during the order process. Xing Events is a service of the New Work SE group of companies, registered at Dammtorstr 30, 20354 Hamburg. You can find out more about data protection by Xing Events at the following link: https://privacy.xing.com/de/datenschutzerklaerung
The further payment process is finalised via these platforms and no further data processing is carried out by us. You will receive an event code after a successful application with us. You can use this to buy a ticket on the Xing Events page.
To participate in the virtual event, it is necessary to create a login profile. Required fields for the profile are first name, last name, company and job title, all of the other fields being optional. We need this data to ensure that you, as a ticket purchaser, can interact with other participants at the event under your name, that you are authorised to participate in the event and that participants can find one another, exchange information and network at the event on the basis of this information. We thus carry out the processing in order to provide the contractual services as well as to safeguard our legitimate interests, Art. 6 (1) (1) (b) and (f) GDPR.
The name tag we issue for the event also contains a scannable code. This enables our sponsors and operators of stands and stages to access part of the information you provided when booking your ticket by scanning the code. After the event, the data scanned at the stand will be provided to the respective sponsors and operators so that they can contact interested parties after the event. The data provided in such cases usually consist of the full name of the interested party, company name, e-mail, country and time of the scan.
The processing of this data is necessary to protect our legitimate interests or those of a third party and in this respect outweighs the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, Art. 6 (1) (1)(f) GDPR.
Our legitimate interest in this case is to give our sponsors and the operators of stands the opportunity to track with whom they were in contact at the event and with whom a business relationship has been initiated following the event (so-called "lead tracking"). This is also in your interest, as you can be contacted by companies after the event, which reinforces the networking character of the event. Our interest in offering sponsors, operators and you an optimal environment for networking outweighs your interest in not disclosing your data.
The processing is also carried out in accordance with Art. 6 (1) (1) (b) GDPR as part of performing the contract you conclude with us. The event is primarily an event for networking and mutual dialogue. The processing of information provided by you is therefore necessary in order to achieve this precise purpose and thus also to achieve the objectives of the contract concluded with us.
If you do not agree to such processing, you also have the right to object so that your data will not be forwarded to the respective sponsor or operator after the event.
e) Participation in "Table Captain" events
So-called "Table Captain" events are also offered for networking purposes.
The Table Captain is a well-known expert from the startup ecosystem and is the "host" of a table that can usually seat up to eight participants. Attendees can reserve a seat at a table they are particularly interested in.
To enable participants to network with one another, we ensure that you can see not only the table captain, but also the other people who will be at the table.
This process means that we will share your name and the company name you provide.
This data processing is necessary to protect our legitimate interests or those of a third party and in this respect outweighs the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, Art. 6 (1) (1) (f) GDPR.
Our interest here, once again, is to offer the participants the best possible networking event for startups. For optimal networking among the participants, it is necessary for participants to know who the other people sitting at the table are. Our interest in a successful networking event is also in the interest of the data subjects in terms of the GDPR, who also have an interest in networking as comprehensively and efficiently as possible. As a result, our interest outweighs the interest of participants who do not want to disclose their personal data.
The table reservation itself is made via the platform of a third-party provider, which is also informed about the occupation of the table in question. The transfer of data to this third-party provider is also based on the above legitimate interest, as without these reservations it is not possible to ensure that participants will be assigned a seat at the table for which they have registered, Art. 6 (1) (1) (f) GDPR.
Bits & Pretzels is a networking event. The purpose is to get to know other people, investors and other network partners. This is only possible by making your name and contact details available to other participants. This is done in various ways, including via our website, our app and as part of the virtual event.
The processing of this data is necessary to protect the legitimate interests of us or a third party and in this respect outweighs the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, Art. 6 (1) (1) (f) GDPR.
Our legitimate interest in this case is to give you the opportunity to get in touch with others. This is also in your interest, as you can be contacted by companies in this way, which reinforces the networking character of the event. Our interest in offering sponsors, operators and you an optimal environment for networking outweighs your interest in not disclosing your data.
The processing is also carried out in accordance with Art. 6 (1) (1) (b) GDPR to faciliate the performance of the contract concluded with us. The event is primarily an event for networking and mutual dialogue. The processing of information provided by you is therefore necessary in order to achieve this precise purpose and thus also to achieve the objectives of the contract concluded with us.
Newsletter content and registration data
We will only send you a newsletter if you order it from us and have given your consent in accordance with Art. 6 (1) (1) (a) GDPR. The contents of the newsletter will be specifically described when you register for the newsletter. To register for the newsletter, it is sufficient for you to provide your e-mail address. If you provide further voluntary information, such as your name and/or gender, this will be used exclusively for personalising the newsletter addressed to you.
Double-Opt-in and logging
For security reasons, we use the so-called double opt-in procedure when users register for our newsletter so that no-one can register with another person’s email address. Therefore, after registering for our newsletter, you will first receive an e-mail asking you to confirm your registration. Your registration only becomes effective upon our receipt of your confirmation.
Furthermore, your registration for the newsletter is logged. This includes storing the time of your registration and confirmation, your specified data and your IP address. If you make changes to your data, those changes will also be logged.
If you no longer wish to receive our newsletter, you can withdraw your consent at any time, with future effect. To do this, you can click on the unsubscribe link at the end of each newsletter or send an e-mail to us at the following e-mail address: email@example.com
Withdrawal of your consent does not affect the lawfulness of the processing carried out based on your consent until your withdrawal.
As part of our Bits&Pretzels, we are organising a pitch competition for startups from all over the world, the Golden Pretzel Pitch Award. Interested startups can apply by completing the application form provided on our website. The personal data entered there will be reviewed by a jury as part of the application process. The Startups selected by the jury will be announced in advance as part of the Bits&Pretzels agenda and will first pitch to the jury as part of Bits&Preztels (semi-finals).
Startups selected as semi finalists for the Golden Pretzel Pitch Award will be requested to provide information on their company in order to improve the categorization of startups for the event. Non-personal data, such as the industry or funding stage might be forwarded to our Matchmaking services (“The Matchmakers”) who help to connect attendees with pitching startups and vice versa.
Based on these pitches, the jury will select the finalists, who will then pitch to all of the visitors to Bits&Pretzels.
The processing of personal data is carried out for the selection of the Golden Preztel Pitch Award winner and the winner’s appearance at Bits& Pretzels, Art. 6 (1) (1) (b) GDPR.
In this context, at the same time as applying for the Golden Pretzel Pitch Award, startups can also apply for the Digital Top 50 Awards (DT50 Awards), a business and technology competition for startups from all over Europe (www.dt50.org). As part of the application process, applicants can choose whether to apply for just one or both awards.
With regard to the Golden Pretzel Pitch Award 2022 and the DT50 Awards 2022, we cooperate with McKinsey & Company, Inc., Kennedydamm 24, 49476 Düsseldorf, Germany (in short "McKinsey") as joint controllers under Art. 26 GDPR. We have concluded a contract to this end.
We maintain a joint database for the applications for both awards so that both parties can access the applications in each case. For both parties, the legal basis for the processing of these data from the applicants derives in each case from Art. 6 (1) (1) (b) GDPR, for the performance of a contract.
The personal data of the employees of an applicant are processed by both parties, in each case for legitimate interests in the context of the application procedure, Art. 6 (1) (1) (f) GDPR.
We will immediately erase the data of applicants who have only registered for the Golden Pretzel Pitch Award 2022 via our website from the joint database with McKinsey, so that no further processing by McKinsey will take place.
Startups applying for the startup exhibition will be requested to provide information on their company in order to improve the selection and categorization of startups for the event. Non-personal data, such as the industry or funding stage might be forwarded to our Matchmaking services who help to connect attendees with exhibiting startups and vice versa.
On our website, we offer you the opportunity to apply as a volunteer for the "Bits & Pretzels" founders' festival via an application form. For more information on the processing of your data in the course of the application process, please refer to our data protection notice for applicants.
We have created the application form with the help of the service provider "Jotform" (Jotform Inc. 111 Pine St. #1815, San Francisco, CA 94111). We use such an application form in order to request as much data relevant to the application as possible in a uniform manner. This ensures that applicants have provided all of the necessary information and simplifies processing for us.
The use of such a form is therefore based on our legitimate interest, Art. 6 (1) (1) (f) GDPR.
We have concluded the standard contract terms and secured the additional warranties with Jotform so that the processing of your personal data is data protection compliant.
We use the analysis and tracking tools listed below on our website. The purpose of these tools is to ensure ongoing optimisation of our website and to design it according to your needs.
We use these tools based on your consent pursuant to Art. 6 (1) (1) (a) GDPR. You can withdraw your consent at any time by changing the cookie settings. The processing remains lawful until you have withdrawn it.
The purposes of data processing and data categories in each case may be found in the corresponding tools. We would like to point out that we have no control over whether and to what extent service providers carry out further data processing.
We use Google Analytics on our website, a web analytics service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google").
are usually transferred to a Google server in the USA and stored there.
However, as we have activated IP anonymisation on our website, your IP address will be truncated beforehand by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
We use the remarketing feature of Google Analytics to target advertising campaigns - including Google AdWords campaigns - to visitors to our website.
Based on your previous visits to our website, you will be presented with relevant advertisements when you visit other websites in the Google Display Network.
The DoubleClick cookie enables Google, us and other third parties to display targeted advertisements that match interests identified based on your previous visits to our website and/or other websites. These advertisements may be displayed on websites operated by Google and/or other operators of the Google advertising network. We also use the Google Analytics advertising features to analyse the effectiveness of our own advertising campaigns.
If, in your Google account, you have agreed that your web and app browsing history may be linked to your Google account by Google and information from your Google account may be used to personalise ads, Google will use data from you together with Google Analytics data to create target group lists for cross-device remarketing. To do this, Google Analytics first collects Google-authenticated IDs for you as a user on our website that are linked to your Google Account. Google Analytics then temporarily links these IDs with Google Analytics data to optimise our target groups.
We use Google Ads, an online advertising program from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), on our website. Conversion tracking is also used in this process. With this tool, Google Ads sets a cookie on your device when you come to our website via a Google ad.
The cookie is no longer valid after 30 days. It does not result in any personal traceability. If you visit our website as a user and the cookie is still working, both we and Google will be able to see that you clicked on the ad and were redirected to our page. In the process, a different cookie will be assigned to each Google Ads customer. Cookies are thus not traceable via the websites of the Ads customers.
With the data collected through conversion cookies, conversion statistics are created for Ads customers. As Google Ads customers, we are provided with the total number of users who responded to our ad and were then redirected to a web page that was tagged with a conversion tracking tag. This allows us to see the success of individual advertising efforts. We do not receive any information during this process with which we could identify you in person as a user.
With the use of Google Ads, your browser automatically establishes a direct connection with the Google server and can, if you have a Google account and are logged in to it, associate the visit with your account. If you do not have a Google account, Google will assign you its own identifier. We have no control over what other data Google collects and stores.
We use the "conversion pixel" or visitor action pixel of Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). By calling up this pixel from your browser, Facebook can subsequently see whether a Facebook advertisement was successful, e.g. led to an online purchase.
We only receive statistical data from Facebook for this purpose, without any reference to a specific person. This allows us to measure the effectiveness of Facebook ads for statistical and market research purposes. In particular, if you are logged into Facebook, we refer you to their privacy information https://www.facebook.com/about/privacy/
You have the option to change your settings on Facebook at https://www.facebook.com/settings?tab=ads
We use the LinkedIn conversion tracking feature on our website. This gives us the opportunity to target you with advertisements following a visit to our website. In addition, LinkedIn provides reporting that shows how successful our advertisements are and how users generally interact with our site. If you have logged in via LinkedIn before visiting our site, this will be recognised as part of the conversion tracking, and you will be connected to your LinkedIn account as a visitor to our site.
In addition, you have the option to unsubscribe from interest-based advertising via LinkedIn. You may do so via the following link:
Our website uses the Hotjar analysis software from the company Hotjar Ltd (Hotjar Ltd, Level 2, St Julians Business Centre,3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). This software allows us to analyse the usage patterns of visitors to our website by measuring and analysing clicks, mouse movements and similar behaviour on our website. The purpose of this software is to identify opportunities to improve our website.
In addition, you can prevent or re-enable tracking by following the instructions at https://www.hotjar.com/opt-out
We are constantly improving and developing our website in order to offer our users the best possible customer experience. However, not all malfunctions, e.g. due to programming errors, can be reliably prevented from the outset. Therefore, we use Sentry, an error tracking tool from Functional Software Inc, 132 Hawthorne St, San Francisco, CA 94107, USA (hereinafter "Sentry"). In order to improve the accessibility and technical stability of our website by monitoring system stability and detecting code errors, we may automatically send the following information to Sentry in the event of a software error: Device information (operating system, browser version, browser type), the IP address of the device, e-mail, name, date and time of the error.
In the event that personal data are processed via Sentry, you can object to this at any time by simply informing us that you no longer wish us to undertake such processing in the future. To do so, please write to us at firstname.lastname@example.org.
Our website uses the YouTube plugin, which is operated by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
If you activate the YouTube plugin during your visit, a connection to the YouTube servers is established and the YouTube server is informed which of our pages you have visited. This allows YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your member account before visiting our website.
The legal basis for this is the consent you have given under Art. 6 (1) (1) (a) GDPR. You can withdraw your consent at any time by changing the cookie settings when visiting our website.
You have the following rights:
Pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us. This right of access includes information about
Pursuant to Art. 16 GDPR, you have the right to have incorrect or incomplete stored personal data corrected by us without delay.
In accordance with Art. 17 GDPR, you have the right to demand that we erase your personal data immediately, insofar as further processing is not necessary for one of the following reasons:
Pursuant to Art. 18 GDPR, you may request restriction of the processing of your personal data for one of the following reasons:
If you have requested rectification or erasure of your personal data or restriction of processing pursuant to Art. 16, Art. 17 (1) and Art. 18 GDPR, we will notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You may request that we inform you of these recipients.
You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format.
You also have the right to request that these data be transferred to a third party, provided that the processing was carried out with the aid of automated procedures and is based on consent pursuant to Art. 6 (1) (1) (a) or Art. 9 (2) (a) or on a contract pursuant to Art. 6 (1) (1) (b) GDPR.
Pursuant to Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal. In the future, we will no longer be able to continue the data processing that was based on the consent once you have withdrawn it.
In accordance with Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without the need for you to specify the particular situation. If you wish to make use of your right to withdraw consent or to object, it is sufficient to send an e-mail to email@example.com.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
However, these decisions must not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and legitimate interests.
Regarding the cases referred to in i) and iii) above, we will take reasonable steps to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person from our side, to express your point of view and to contest the decision.
Version of: 04.10.2021