For Startups
ExhibitionPitch & Awards
Program
SpeakersTable Captains
Matchmaking
More
Guest CountryPartnersJobsFAQ
Tickets
Tickets
PRIVACY-POLICY - Table of Contents

‍

Privacy-Policy

Privacy-Policy Bits & Pretzels HealthTech

PRIVACY-POLICY

‍

‍

The text that follows here applies to our entire privacy policy: If a term referring to groups of persons is used in the masculine form only, this does not imply any gender-specific meaning, but is intended solely to make the text easier to read. 

We manage our website content in accordance with the principles set out below:

We undertake to comply with the legal rules on data protection and always endeavor to observe the principles of data avoidance and data minimisation.

‍

1. Name and address of the Controller and of the Data Protection Officer

a) The Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union as well as other data protection regulations is:

Startup Events GmbH

Rumford Road 15

80469 Munich

Germany

E-mail: hello@bitsandpretzels.com

Website: https://bitsandpretzels.com

b) The Data Protection Officer

You can reach the controller’s Data Protection Officer as follows:

SiDIT GmbH, Langgasse 20, 97261 Güntersleben, info@sidit.de 

‍

2. Explanation of terms

We have designed our Privacy Policy in line with the principles of clarity and transparency. However, if there are any ambiguities regarding the use of various terms, please refer to the relevant definitions here .

‍

3. Legal basis for the processing of personal data

We process your personal data such as your surname and first name, your e-mail address and IP address, etc. only if there is a legal basis for doing so. The following provisions are specifically relevant here under the General Data Protection Regulation:

  • Art. 6 (1) (1) (a) GDPR: The data subject has given his/her consent to the processing of personal data relating to him/her for one or more specific purposes.
  • Art. 6 (1) (1) (b) GDPR: Data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Art. 6 (1) (1) (c) GDPR: Data processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Art. 6 (1) (1) (d) GDPR: Data processing is necessary to protect the vital interests of the data subject or another natural person.
  • Article 6 (1) (e) GDPR: Data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Article 6 (1) (f) GDPR: Data processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring protection of personal data, in particular where the data subject is a child. 

However, at the relevant points in this Privacy Policy, we will always point out once again the legal basis on which your personal data are processed.

‍

4. Transfer of personal data

The transfer of personal data is also processing within the meaning of the previous sec. 3. However, at this point we would like to inform you again separately about the subject of data transfer to third parties. The protection of your personal data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties. 

Transfer of data to third parties will thus only take place if there is a legal basis for the processing. For example, we disclose personal data to persons or companies who act for us as processors in accordance with Art. 28 GDPR. A processor is anyone who processes personal data on our behalf - i.e. in particular in the context of a relationship in which we are authorised to issue instructions and exercise control. 

In accordance with the requirements of the GDPR, we conclude a contract with each of our processors in order to impose a duty on them to comply with data protection rules and thus ensure comprehensive protection of your data.

‍

5. Storage period and erasure

Your personal data will be erased by us if they is no longer necessary for the purposes for which they were collected or otherwise processed, if processing is not necessary to safeguard the right to freedom of expression and information, in order to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

‍

6. SSL encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser’s address bar.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

7. Cookies

We use cookies on our website. Cookies are small data packets that your browser automatically creates and that are stored on your end device when you visit our website. These cookies store information relating to the end device being used. 

When cookies are used, a distinction is made between technically necessary cookies and "other" cookies. Technically necessary cookies are those that are absolutely necessary to provide an information-based service that you have expressly requested.

a) Session cookies

In order to make the use of our web content more enjoyable for you, we use so-called session cookies (e.g. language and font selection, shopping cart, etc.) These session cookies fall under the category of technically necessary cookies and are automatically deleted after you leave our site. The legal basis for the cookies is found in Art. 6 (1) (1) (f) GDPR, and arises out of our legitimate interest in error-free operation of our website and our interest in optimising the way we provide our services to you. 

b) Other cookies

Other cookies include cookies for statistical, analysis, marketing and retargeting purposes. 

We use these cookies either for a legitimate interest according to Art. 6 (1) (1) (f) GDPR in improving and optimising our content for you or based on your consent according to Art. 6 (1) (1) (a) GDPR. 

In the case of the use of cookies for a legitimate interest, you can of course object to their further use at any time, with future effect.

You can withdraw your consent to the use of cookies at any time. 

We inform you that your withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until you notify us that you are withdrawing consent.

To do this, you can either edit your cookie settings on our website, deactivate the use of cookies in your browser settings (although this may also restrict the functionality of the website), or set an opt-out for the corresponding service in individual cases. 

You can also object to the use of cookies for marketing purposes via the EU site http://www.youronlinechoices.com/ or generally at http://optout.aboutads.info.

We will alert you within this Privacy Policy as to the legal basis on which these data are processed for the individual services in question.

‍

Changing cookie settings 

8. Collection and storage of personal data as well as their type and purpose of use

a) When visiting the website 

When you access our website, the browser used on your end device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is erased automatically: 

- IP address of the requesting computer 

- Date and time of access 

- Name and URL of the retrieved file 

- Website from which access taks place (referrer URL)

- the browser used and, if applicable, the operating system of your computer as well as the name of your access provider

The foregoing data will be processed by us for the following purposes: 

- Ensuring a smooth connection with our website

- Ensuring that you are able to use our website comfortably 

- Evaluating system security and stability 

- Error analysis

- Other administrative purposes 

Data permitting conclusions to be drawn about your identity, such as the IP address, will be erased after 7 days at the latest. If we store the data beyond this period, they will be pseudonymised so that they can no longer be associated with you. 

The legal basis for this data processing is Art. 6 (1) (1) (f) GDPR. Our legitimate interest follows from the purposes of data collection listed above. In no case will we use the collected data for the purpose of drawing conclusions about your identity. 

b) Ordering a ticket

In connection with the formation of a contract, only the personal data that are absolutely necessary for performance of the contract will be processed, in accordance with Art. 6 (1) (1) (b) GDPR. Additional personal data will be processed on the basis of our legitimate interest to the extent you provide further information in this regard, Art. 6 (1) (1) (f) GDPR.

Payment Process:

If you wish to pay for the ticket on account, the payment will be processed directly by us. In this case, we will process the data you provide for the payment process in order to perform our contractual obligations, so that the data processing is based on Art. 6 (1) (1) (b) GDPR.

Otherwise, payment processing is carried out via Xing Events GmbH and its service providers. For this purpose, you will be redirected by us to the website of Xing Events GmbH during the order process. Xing Events is a service of the New Work SE group of companies, registered at Dammtorstr 30, 20354 Hamburg. You can find out more about data protection by Xing Events at the following link: https://privacy.xing.com/de/datenschutzerklaerung

The further payment process is finalised via these platforms and no further data processing is carried out by us. You will receive an event code after a successful application with us. You can use this to buy a ticket on the Xing Events page.

c) Participation in the virtual event

To participate in the virtual event, it is necessary to create a login profile. Required fields for the profile are first name, last name, company and job title, all of the other fields being optional. We need this data to ensure that you, as a ticket purchaser, can interact with other participants at the event under your name, that you are authorised to participate in the event and that participants can find one another, exchange information and network at the event on the basis of this information. We thus carry out the processing in order to provide the contractual services as well as to safeguard our legitimate interests, Art. 6 (1) (1) (b) and (f) GDPR. 

d) Scanning of the name tag in connection with participation in the event

The name tag we issue for the event also contains a scannable code. This enables our sponsors and operators of stands and stages to access part of the information you provided when booking your ticket by scanning the code. After the event, the data scanned at the stand will be provided to the respective sponsors and operators so that they can contact interested parties after the event. The data provided in such cases usually consist of the full name of the interested party, company name, e-mail, country and time of the scan.

The processing of this data is necessary to protect our legitimate interests or those of a third party and in this respect outweighs the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, Art. 6 (1) (1)(f) GDPR.

Our legitimate interest in this case is to give our sponsors and the operators of stands the opportunity to track with whom they were in contact at the event and with whom a business relationship has been initiated following the event (so-called "lead tracking"). This is also in your interest, as you can be contacted by companies after the event, which reinforces the networking character of the event. Our interest in offering sponsors, operators and you an optimal environment for networking outweighs your interest in not disclosing your data.

The processing is also carried out in accordance with Art. 6 (1) (1) (b) GDPR as part of performing the contract you conclude with us. The event is primarily an event for networking and mutual dialogue. The processing of information provided by you is therefore necessary in order to achieve this precise purpose and thus also to achieve the objectives of the contract concluded with us.

If you do not agree to such processing, you also have the right to object so that your data will not be forwarded to the respective sponsor or operator after the event.


e) Participation in "Table Captain" events

So-called "Table Captain" events are also offered for networking purposes. 

The Table Captain is a well-known expert from the startup ecosystem and is the "host" of a table that can usually seat up to eight participants. Attendees can reserve a seat at a table they are particularly interested in.

To enable participants to network with one another, we ensure that you can see not only the table captain, but also the other people who will be at the table.

This process means that we will share your name and the company name you provide.

This data processing is necessary to protect our legitimate interests or those of a third party and in this respect outweighs the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, Art. 6 (1) (1) (f) GDPR.

Our interest here, once again, is to offer the participants the best possible networking event for startups. For optimal networking among the participants, it is necessary for participants to know who the other people sitting at the table are. Our interest in a successful networking event is also in the interest of the data subjects in terms of the GDPR, who also have an interest in networking as comprehensively and efficiently as possible. As a result, our interest outweighs the interest of participants who do not want to disclose their personal data.

The table reservation itself is made via the platform of a third-party provider, which is also informed about the occupation of the table in question. The transfer of data to this third-party provider is also based on the above legitimate interest, as without these reservations it is not possible to ensure that participants will be assigned a seat at the table for which they have registered, Art. 6 (1) (1) (f) GDPR.

f) Disclosure of your name 

Bits & Pretzels is a networking event. The purpose is to get to know other people, investors and other network partners. This is only possible by making your name and contact details available to other participants. This is done in various ways, including via our website, our app and as part of the virtual event.

The processing of this data is necessary to protect the legitimate interests of us or a third party and in this respect outweighs the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, Art. 6 (1) (1) (f) GDPR.

Our legitimate interest in this case is to give you the opportunity to get in touch with others. This is also in your interest, as you can be contacted by companies in this way, which reinforces the networking character of the event. Our interest in offering sponsors, operators and you an optimal environment for networking outweighs your interest in not disclosing your data.

The processing is also carried out in accordance with Art. 6 (1) (1) (b) GDPR to faciliate the performance of the contract concluded with us. The event is primarily an event for networking and mutual dialogue. The processing of information provided by you is therefore necessary in order to achieve this precise purpose and thus also to achieve the objectives of the contract concluded with us.

g) Newsletter

Newsletter content and registration data

We will only send you a newsletter if you order it from us and have given your consent in accordance with Art. 6 (1) (1) (a) GDPR. The contents of the newsletter will be specifically described when you register for the newsletter. To register for the newsletter, it is sufficient for you to provide your e-mail address. If you provide further voluntary information, such as your name and/or gender, this will be used exclusively for personalising the newsletter addressed to you.

Double-Opt-in and logging

For security reasons, we use the so-called double opt-in procedure when users register for our newsletter so that no-one can register with another person’s email address. Therefore, after registering for our newsletter, you will first receive an e-mail asking you to confirm your registration. Your registration only becomes effective upon our receipt of your confirmation.

Furthermore, your registration for the newsletter is logged. This includes storing the time of your registration and confirmation, your specified data and your IP address. If you make changes to your data, those changes will also be logged. 

Withdrawal

If you no longer wish to receive our newsletter, you can withdraw your consent at any time, with future effect. To do this, you can click on the unsubscribe link at the end of each newsletter or send an e-mail to us at the following e-mail address: hello@bitsanspretzels.com 

Withdrawal of your consent does not affect the lawfulness of the processing carried out based on your consent until your withdrawal.

h) Golden Pretzel Pitch Award

As part of our Bits&Pretzels, we are organising a pitch competition for startups from all over the world, the Golden Pretzel Pitch Award. Interested startups can apply by completing the application form provided on our website. The personal data entered there will be reviewed by a jury as part of the application process. The Startups selected by the jury will be announced in advance as part of the Bits&Pretzels agenda and will first pitch to the jury as part of Bits&Preztels (semi-finals).
Startups selected as semi finalists for the Golden Pretzel Pitch Award will be requested to provide information on their company in order to improve the categorization of startups for the event. Non-personal data, such as the industry or funding stage might be forwarded to our Matchmaking services (“The Matchmakers”) who help to connect attendees with pitching startups and vice versa.

Based on these pitches, the jury will select the finalists, who will then pitch to all of the visitors to Bits&Pretzels.

The processing of personal data is carried out for the selection of the Golden Preztel Pitch Award winner and the winner’s appearance at Bits& Pretzels, Art. 6 (1) (1) (b) GDPR.

In this context, at the same time as applying for the Golden Pretzel Pitch Award, startups can also apply for the Digital Top 50 Awards (DT50 Awards), a business and technology competition for startups from all over Europe (www.dt50.org). As part of the application process, applicants can choose whether to apply for just one or both awards.

With regard to the Golden Pretzel Pitch Award 2022 and the DT50 Awards 2022, we cooperate with McKinsey & Company, Inc., Kennedydamm 24, 49476 Düsseldorf, Germany (in short "McKinsey") as joint controllers under Art. 26 GDPR. We have concluded a contract to this end.

We maintain a joint database for the applications for both awards so that both parties can access the applications in each case. For both parties, the legal basis for the processing of these data from the applicants derives in each case from Art. 6 (1) (1) (b) GDPR, for the performance of a contract.  
The personal data of the employees of an applicant are processed by both parties, in each case for legitimate interests in the context of the application procedure, Art. 6 (1) (1) (f) GDPR. 

We will immediately erase the data of applicants who have only registered for the Golden Pretzel Pitch Award 2022 via our website from the joint database with McKinsey, so that no further processing by McKinsey will take place.

Applicants can assert rights to which they are entitled under Articles 15-22 GDPR in connection with their application vis-a-vis both us and/or McKinsey. Those rights are explained in more detail under the section of this Privacy Policy entitled "Rights of the data subject". Each party is responsible for responding to the claims asserted in connection with the application process. Each party will forward claims asserted by applicants to the other party without delay, where such asserted claims also concern the other party.

i) Startup Exhibition

Startups applying for the startup exhibition will be requested to provide information on their company in order to improve the selection and categorization of startups for the event. Non-personal data, such as the industry or funding stage might be forwarded to our Matchmaking services who help to connect attendees with exhibiting startups and vice versa. 

j) Jotform

On our website, we offer you the opportunity to apply as a volunteer for the "Bits & Pretzels" founders' festival via an application form. For more information on the processing of your data in the course of the application process, please refer to our data protection notice for applicants.

We have created the application form with the help of the service provider "Jotform" (Jotform Inc. 111 Pine St. #1815, San Francisco, CA 94111). We use such an application form in order to request as much data relevant to the application as possible in a uniform manner. This ensures that applicants have provided all of the necessary information and simplifies processing for us. 

The use of such a form is therefore based on our legitimate interest, Art. 6 (1) (1) (f) GDPR.

We have concluded the standard contract terms and secured the additional warranties with Jotform so that the processing of your personal data is data protection compliant.

You can find Jotform's privacy policy here.

‍

9. Analysis and tracking tools

We use the analysis and tracking tools listed below on our website. The purpose of these tools is to ensure ongoing optimisation of our website and to design it according to your needs.

We use these tools based on your consent pursuant to Art. 6 (1) (1) (a) GDPR. You can withdraw your consent at any time by changing the cookie settings. The processing remains lawful until you have withdrawn it. 

The purposes of data processing and data categories in each case may be found in the corresponding tools. We would like to point out that we have no control over whether and to what extent service providers carry out further data processing.

a) Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google"). 

Google Analytics uses cookies in this context (see section 7). The information generated by the cookie about your use of this website, such as

  • name and version of the browser used
  • operating system of your computer
  • website from which access takes place (referrer URL)
  • IP address of the requesting computer
  • time of the server request

are usually transferred to a Google server in the USA and stored there.

However, as we have activated IP anonymisation on our website, your IP address will be truncated beforehand by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Please click here for an overview of Google's privacy policy.

b) Google Remarketing

We use the remarketing feature of Google Analytics to target advertising campaigns - including Google AdWords campaigns - to visitors to our website.

Based on your previous visits to our website, you will be presented with relevant advertisements when you visit other websites in the Google Display Network.

The DoubleClick cookie enables Google, us and other third parties to display targeted advertisements that match interests identified based on your previous visits to our website and/or other websites. These advertisements may be displayed on websites operated by Google and/or other operators of the Google advertising network. We also use the Google Analytics advertising features to analyse the effectiveness of our own advertising campaigns.

If, in your Google account, you have agreed that your web and app browsing history may be linked to your Google account by Google and information from your Google account may be used to personalise ads, Google will use data from you together with Google Analytics data to create target group lists for cross-device remarketing. To do this, Google Analytics first collects Google-authenticated IDs for you as a user on our website that are linked to your Google Account. Google Analytics then temporarily links these IDs with Google Analytics data to optimise our target groups.

Please click here for an overview of Google's privacy policy. 

c) Google AdWords

We use Google Ads, an online advertising program from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), on our website. Conversion tracking is also used in this process. With this tool, Google Ads sets a cookie on your device when you come to our website via a Google ad.

The cookie is no longer valid after 30 days. It does not result in any personal traceability. If you visit our website as a user and the cookie is still working, both we and Google will be able to see that you clicked on the ad and were redirected to our page. In the process, a different cookie will be assigned to each Google Ads customer. Cookies are thus not traceable via the websites of the Ads customers.

With the data collected through conversion cookies, conversion statistics are created for Ads customers. As Google Ads customers, we are provided with the total number of users who responded to our ad and were then redirected to a web page that was tagged with a conversion tracking tag. This allows us to see the success of individual advertising efforts. We do not receive any information during this process with which we could identify you in person as a user.

With the use of Google Ads, your browser automatically establishes a direct connection with the Google server and can, if you have a Google account and are logged in to it, associate the visit with your account. If you do not have a Google account, Google will assign you its own identifier. We have no control over what other data Google collects and stores. 

You can find out more about Google's privacy policy at 

d) Facebook Conversion Pixel

We use the "conversion pixel" or visitor action pixel of Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). By calling up this pixel from your browser, Facebook can subsequently see whether a Facebook advertisement was successful, e.g. led to an online purchase.

We only receive statistical data from Facebook for this purpose, without any reference to a specific person. This allows us to measure the effectiveness of Facebook ads for statistical and market research purposes. In particular, if you are logged into Facebook, we refer you to their privacy information https://www.facebook.com/about/privacy/

You have the option to change your settings on Facebook at https://www.facebook.com/settings?tab=ads

e) LinkedIn Conversion Tracking

We use the LinkedIn conversion tracking feature on our website. This gives us the opportunity to target you with advertisements following a visit to our website. In addition, LinkedIn provides reporting that shows how successful our advertisements are and how users generally interact with our site. If you have logged in via LinkedIn before visiting our site, this will be recognised as part of the conversion tracking, and you will be connected to your LinkedIn account as a visitor to our site.

For more information, please see LinkedIn's privacy policy: 

In addition, you have the option to unsubscribe from interest-based advertising via LinkedIn. You may do so via the following link: 

https://www.linkedin.com/psettings/enhanced-advertising

f) Hotjar

Our website uses the Hotjar analysis software from the company Hotjar Ltd (Hotjar Ltd, Level 2, St Julians Business Centre,3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). This software allows us to analyse the usage patterns of visitors to our website by measuring and analysing clicks, mouse movements and similar behaviour on our website. The purpose of this software is to identify opportunities to improve our website.

Hotjar uses cookies that are stored on your end device and that permit your use of the website to be analysed. In order to ensure that you are not personally identifiable, IP addresses are only stored and processed anonymously. In addition, information about the operating system, browser, incoming and outgoing links, geographical origin as well as resolution and type of device are evaluated for statistical purposes. This information is not personal and will not be passed on to third parties by us or by Hotjar.

You may prevent the use of cookies by selecting the appropriate settings in your browser. However, we would like to point out that in this case you may not be able to use the entire functionality of this website to its full extent.

In addition, you can prevent or re-enable tracking by following the instructions at https://www.hotjar.com/opt-out

‍g) Sentry

We are constantly improving and developing our website in order to offer our users the best possible customer experience. However, not all malfunctions, e.g. due to programming errors, can be reliably prevented from the outset. Therefore, we use Sentry, an error tracking tool from Functional Software Inc, 132 Hawthorne St, San Francisco, CA 94107, USA (hereinafter "Sentry"). In order to improve the accessibility and technical stability of our website by monitoring system stability and detecting code errors, we may automatically send the following information to Sentry in the event of a software error: Device information (operating system, browser version, browser type), the IP address of the device, e-mail, name, date and time of the error.

The legal basis for the data processing referred to here is Art. 6 (1) (1) (f) GDPR. No explicit analysis for advertising purposes takes place as part of this procedure. The information is collected anonymously, not used for personal purposes and subsequently erased. This analysis helps us to continuously improve our website and to fix hidden code errors. Such processing is in our legitimate interest, as the data are used solely to identify and analyse errors. For more information about Sentry's data processing and how it works, please see Sentry's privacy policy: https://sentry.io/privacy/.

In the event that personal data are processed via Sentry, you can object to this at any time by simply informing us that you no longer wish us to undertake such processing in the future. To do so, please write to us at hello@bitsandpretzels.com.


10. Video integration

YouTube

Our website uses the YouTube plugin, which is operated by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

If you activate the YouTube plugin during your visit, a connection to the YouTube servers is established and the YouTube server is informed which of our pages you have visited. This allows YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your member account before visiting our website.

For more information on the handling of user data, please refer to YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

The legal basis for this is the consent you have given under Art. 6 (1) (1) (a) GDPR. You can withdraw your consent at any time by changing the cookie settings when visiting our website.

11. Rights of the data subject

You have the following rights:

  1. Right of access

Pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us. This right of access includes information about

  • the purposes of processing
  • the categories of personal data
  • the recipients or categories of recipient to whom your data have been or will be disclosed
  • the planned storage period or at least the criteria for determining the storage period
  • the existence of a right to rectification, right to erasure, right to restriction of processing, or right to object
  • the existence of a right to lodge a complaint with a supervisory authority
  • the origin of your personal data, insofar as it was not collected by us
  • the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details of this
  1. Right to rectification

Pursuant to Art. 16 GDPR, you have the right to have incorrect or incomplete stored personal data corrected by us without delay.

  1. Right to erasure

In accordance with Art. 17 GDPR, you have the right to demand that we erase your personal data immediately, insofar as further processing is not necessary for one of the following reasons:

  • The personal data are still required for the purposes for which they were collected or otherwise processed
  • For exercising the right of freedom of expression and information
  • For compliance with a legal obligation requiring processing under the law of the European Union or the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • For reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR
  • For archiving purposes in the public interest or for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) of the GDPR, where the right referred to in para. a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing
  • For the assertion, exercise or defence of legal claims
  1. Right to restriction of processing

Pursuant to Art. 18 GDPR, you may request restriction of the processing of your personal data for one of the following reasons:

  • You dispute the accuracy of your personal data. 
  • The processing is unlawful and you object to the erasure of your personal data.
  • We no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
  • You object to the processing pursuant to Art. 21 (1) GDPR.
  1. Right of information

If you have requested rectification or erasure of your personal data or restriction of processing pursuant to Art. 16, Art. 17 (1) and Art. 18 GDPR, we will notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You may request that we inform you of these recipients. 

  1. Right to data portability

You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format.

You also have the right to request that these data be transferred to a third party, provided that the processing was carried out with the aid of automated procedures and is based on consent pursuant to Art. 6 (1) (1) (a) or Art. 9 (2) (a) or on a contract pursuant to Art. 6 (1) (1) (b) GDPR.

  1. Right to withdraw consent

Pursuant to Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal. In the future, we will no longer be able to continue the data processing that was based on the consent once you have withdrawn it.

  1. Right to lodge a complaint

In accordance with Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

  1. Right to object

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without the need for you to specify the particular situation. If you wish to make use of your right to withdraw consent or to object, it is sufficient to send an e-mail to hello@bitsandpretzels.com. 

  1. Automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary to conclude or perform a contract between you and us
  2. is permitted by legislation of the European Union or the Member States to which we are subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests
  3. is based on your express consent

However, these decisions must not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and legitimate interests.

Regarding the cases referred to in i) and iii) above, we will take reasonable steps to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person from our side, to express your point of view and to contest the decision.

‍

12. Amendment of the Privacy Policy

If we amend our Privacy Policy, this will be indicated on the website.

Version of: 04.10.2021 

 


‍

General data protection instructions by Article 13 for Bits&Pretzels HealthTech Conference

‍

‍

The following applies to our entire data protection declaration: If a term that refers to groups of people is only used in the masculine form, this has no gender-specific meaning, but is only intended to make it easier to read.

We conduct our Bits & Pretzels HealthTech Conference according to the principles set out below:

We undertake to comply with the legal provisions on data protection and strive to always take into account the principles of data avoidance and data minimization.

 

1)    Name and address of the person responsible and the data protection office

a)     The responsible person

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:

 

Startup Events GmbH

Rumfordstrasse 15

80469 Munich

Germany

Email: privacy@bitsandpretzels.com

Website: https://bitsandpretzels.com

 

b)    The data protection officer

You can reach the data protection officer of the person responsible as follows:

SiDIT GmbH, Langgasse 20, 97261 Güntersleben, info@sidit.de 

 

2)    Explanations of terms

We have designed our data protection declaration according to the principles of clarity and transparency. However, should there be any ambiguity regarding the use of different terms, the corresponding definitions can be viewed here [https://gdpr-info.eu/art-4-gdpr/].

 

3)    Legal basis for the processing of personal data

We only process your data such as your surname and first name, your e-mail address and IP address, etc. if there is a legal basis for this. According to the General Data Protection Regulation, the following regulations, in particular, come into consideration here:

  • Art. 6 para. 1 sentence 1 lit. a GDPR: The data subject has given their consent to the processing of their data for one or more specific purposes.
  • Art. 6 para. 1 sentence 1 lit. b GDPR: The processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that are taken at the request of the data subject.
  • Art. 6 para. 1 sentence 1 lit. c GDPR: The processing is necessary to fulfill a legal obligation to which the person responsible is subject
  • Art. 6 para. 1 sentence 1 lit. d GDPR: Processing is necessary to protect the vital interests of the data subject or another natural person
  • Art. 6 para. 1 sentence 1 lit. e GDPR: the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible
  • Art. 6 para. 1 sentence 1 lit. f GDPR: the processing is necessary to protect the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular, if the data subject is a child act

However, at the relevant points in this data protection declaration, we will always point out the legal basis on which the processing of your data takes place.

 

4)    Collection and storage of personal data and their type and purpose of use

a)    ordering a ticket

As part of the establishment of the contractual relationship, according to Art. 6 Para. 1 S. 1 lit. b GDPR only processes the personal data that is necessary for the execution of the contract (such as company name, title, first name, last name of the named contact person, position, address, if different: billing address, a valid e-mail address, telephone number). Any personal data going beyond this will be processed based on legitimate interest, insofar as you provide further information here, Art. 6 Para. 1 S. 1 lit. f) GDPR.

Checkout:

If you want to pay for the ticket on account, the payment will be processed directly by us. The data you provide for the payment process will be processed by us to fulfill our contractual obligations so that data processing is based on Art. 6 Para. 1 S. 1 lit. b DSGVO is based.

Otherwise, payment is processed by Xing Events GmbH and its service providers. You will be forwarded to the Xing Events GmbH website as part of the ordering process. Xing Events is a service provided by companies registered with New Work SE, Dammtorstr 30, 20354 Hamburg. You can find out more about data protection by Xing Events from the following link: https://privacy.xing.com/en

The further payment process is finalized via these platforms and we do not process any further data. After a successful application, you will receive an event code from us. You can use this to buy a ticket on the Xing Events website.

 

b)    Participation in virtual events

To participate in the virtual event, it is necessary to create a login profile. Mandatory information for the profile is first and last name, company name, and position, all other fields are optional. As part of this participation in virtual events, your data (first name, last name, job title, company name, country, e-mail address ) can be viewed by the other participants. When you participate in virtual master classes, your data will be transmitted to the lecturers. We need this data to ensure that you, as a ticket buyer, interact with other participants at the event under your name, have the right to participate in the event, and that participants can find, exchange, and network at the event based on this information. The processing is therefore carried out to provide the contractual services and for legitimate interest, Art 6 Para. 1 S. 1 lit. b) and f) GDPR.

on a HelloSpaces platform via Zoom (Zoom Video Communications, Inc.), which is based in San Jose (Ca) in the USA. HelloSpaces GmbH is a subsidiary of efec AG based in D-35578 Wetzlar.

more about data protection by Zoom ( Zoom Video Communications, Inc.) from the following link https://explore.zoom.us/de/privacy/ more about data protection by efec AG from the following link https://efec.de/datenschutzerklaerung/

  

c)     Scanning the name badge as part of the event participation

The name badge we issue for the event also contains a scannable code. This enables our sponsors and operators of stands and stages to access some of the information you provided when booking the ticket by scanning the code. After the event, the data scanned at the stand will be made available to the respective sponsors and operators to enable contact with the respective interested parties after the event. The data provided here is usually the full name of the interested party, company name, job title, e-mail, country, and time of the scan.

The processing of this data is necessary to protect the legitimate interests of us or a third party and outweighs the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, Art. 6 Para. 1 S. 1 lit. f GDPR.

In this case, our legitimate interest is to give our sponsors and stand operators the opportunity to track who they had contact with at the event and with whom a business relationship developed after the event (so-called “lead tracking ”). This is also in your interest, as this way you can be contacted by companies after the event, which strengthens the networking character of the event. Our interest in offering sponsors, operators, and you an optimal environment for networking outweighs your interest in not disclosing your data.

The processing also takes place following Art. 6 Para. 1 S. 1 lit. b GDPR to fulfill the contract concluded with us. The event is primarily an event for networking and mutual exchange. The processing of the information provided by you is, therefore, necessary to fulfill precisely this purpose and thus also the contract concluded with us.

If you do not agree to such processing, you also have the right to object so that your data will not be forwarded to the respective sponsor or operator after the event.

 

d)    Participation in the "Table Captain" event

As part of events, so-called "table captain" events are also offered for networking purposes.

The table captain is a well-known expert from the startup ecosystem and "hosts" a table that can usually seat up to eight participants.

Participants can reserve a seat at a table that particularly interests them.

To enable participants to network with each other, it is not only possible to see the respective table captain, but also the other people who will be at the respective table.

Your name and the company name you have provided will be shared.

The processing of this data is necessary to protect the legitimate interests of us or a third party and outweighs the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, Art. 6 Para. 1 S. 1 lit. f) GDPR.

Our interest here is again to offer the participants the best possible networking event for startups. For optimal networking among the participants, they must know the other people sitting at the table. Our interest in a successful networking event is also in the interest of those affected by the meaning of the GDPR, who also have an interest in networking as comprehensively and efficiently as possible. As a result, our interest outweighs the interest of participants who do not want to disclose their data.

The table reservation itself is made via the HelloSpaces platform ( Hello Spaces GmbH is a subsidiary of efec AG based in D-35578 Wetzlar. You can find out more about data protection by efec AG from the following link https://efec.de/datenschutzerklaerung/ ) who will also be informed of the occupancy of the respective table. The data is also passed on to HelloSpaces for the above legitimate interest, since without these reservations it is not possible to ensure that participants also get the seat at the table for which they have registered, Art. 6 Para. 1 S. 1 lit. f) GDPR.

 

e)    the message of your name

Bits & Pretzels is a networking event. The purpose is to get to know other people, investors, and other network partners. This is only possible if your name and contact details are also made available to other participants. This is done in a variety of ways, including through our website, our app, and as part of the virtual event.

The processing of this data is necessary to protect the legitimate interests of us or a third party and outweighs the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, Art. 6 Para. 1 S. 1 lit. f GDPR.

Our legitimate interest, in this case, is to allow you to get in touch with others. This is also in your interest, as you can be contacted by companies in this way, which strengthens the networking character of the event. Our interest in offering sponsors, operators, and you an optimal environment for networking outweighs your interest in not disclosing your data.

The processing also takes place following Art. 6 Para. 1 S. 1 lit. b GDPR to fulfill the contract concluded with us. The event is primarily an event for networking and mutual exchange. The processing of the information provided by you is, therefore, necessary to fulfill precisely this purpose and thus also the contract concluded with us.

 

5)    Further data processing

We process your contact data to fulfill contractual obligations and/or to carry out pre-contractual measures (Art. 6 Para. 1 S. 1 lit. b) GDPR) which are based on your ticket order, i.e. in particular

  • to fulfill the contract;
  • to correspond with you;
  • for invoicing;
  • to process warranty claims;
  • to process any existing liability claims and to assert any claims against you.

If you have given us your consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned (Art. 6 Para. 1 S. 1 lit. a) DSGVO). This concerns in particular:

  • the collection and storage of other personal data
  • Promotional speeches by telephone or e-mail
  • customer account
  • Newsletter dispatch

We can also use your data based on a balance of interests to protect our legitimate interests (Article 6 ( 1 ) sentence 1 lit. f GDPR) or that of third parties. This is done, for example, for the following purposes:

  • Keeping an order history for our future services
  • For customer advice and support and sales
  • general business management and further development of services and products
  • Advertising, market, and opinion research 

Since we are subject to various legal obligations, such as statutory commercial storage and documentation obligations (from HGB, StGB, or AO), we can also use your data based on legal requirements (Art. 6 Para. 1 S. 1 lit. c) DSGVO).

 

6)    Disclosure of Personal Data 

The transfer of personal data is also a process within the meaning of the previous paragraph 5. However, at this point, we would like to inform you separately about the topic of transfer to third parties. The protection of your data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.

 Your data is usually transmitted to third parties for the following purposes.

  • Processors with whom we have agreed following Art. 28 GDPR
  • Shipping (e.g. shipping service provider)
  • Payment (e.g. payment service provider)
  • Accounting (e.g. tax consultant)
  • Litigation (e.g. attorney)
  • Communication platform (e.g. email, WhatsApp, other messenger services)
  • Possibly authorities

 It will therefore only be passed on to third parties if there is a legal basis for processing. For example, we pass on personal data to persons or companies who work for us as processors following Art. 28 GDPR. A processor is anyone who processes personal data on our behalf - i.e. in particular in an instruction and control relationship with us

 Following the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus provide your data with comprehensive protection.

  

7)    Duration of Storage and Deletion

 Your data will be deleted by us if they are no longer necessary for the purposes for which they were collected or otherwise processed, the processing is not necessary to exercise the right to freedom of expression and information, to fulfill legal obligation reasons of public interest or to assert, exercise or defend legal claims.

 

‍8)    data subject rights

 You have the right:

 • According to Art. 7 Para. 3 GDPR, to revoke your consent given to us at any time. As a result, we can no longer process the data based on this consent

was based, may no longer be continued for the future;

 • to request information about your data processed by us following Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details;

• Following Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;

 • according to Art. 17 GDPR, to demand the deletion of your data stored by us, insofar as these are no longer necessary for the purposes for which they were collected or otherwise processed, the processing is not to exercise the right to freedom of expression and Information required to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims

 • following Art. 18 GDPR, to demand the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need them to assert, exercise or defend legal claims or you have objected to the processing following Art. 21 GDPR;

 • following Art. 20 GDPR, to receive the data that you have provided to us in a structured, common, and machine-readable format or to request transmission to another person responsible and

 • to complain to a supervisory authority following Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work.

 

9)    Right to object

 If your data is based on legitimate interests following Art. 6 Para. 1 S. 1 lit. f DSGVO is processed, you have the right to object to the processing of your data following Art. 21 DSGVO, provided that there are reasons for this that arise from your particular situation. If you would like to make use of your right of objection, an e-mail to privacy@bitsandpretzels.com is sufficient 

 

Status: 06/21/2022

‍

General data protection instructions by Article 13 for Bits&Pretzels HealthTech Conference

‍

‍

The following applies to our entire data protection declaration: If a term that refers to groups of people is only used in the masculine form, this has no gender-specific meaning, but is only intended to make it easier to read.

We conduct our Bits & Pretzels HealthTech Conference according to the principles set out below:

We undertake to comply with the legal provisions on data protection and strive to always take into account the principles of data avoidance and data minimization.

 

1)    Name and address of the person responsible and the data protection office

a)     The responsible person

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:

 

Startup Events GmbH

Rumfordstrasse 15

80469 Munich

Germany

Email: privacy@bitsandpretzels.com

Website: https://bitsandpretzels.com

 

b)    The data protection officer

You can reach the data protection officer of the person responsible as follows:

SiDIT GmbH, Langgasse 20, 97261 Güntersleben, info@sidit.de 

 

2)    Explanations of terms

We have designed our data protection declaration according to the principles of clarity and transparency. However, should there be any ambiguity regarding the use of different terms, the corresponding definitions can be viewed here [https://gdpr-info.eu/art-4-gdpr/].

 

3)    Legal basis for the processing of personal data

We only process your data such as your surname and first name, your e-mail address and IP address, etc. if there is a legal basis for this. According to the General Data Protection Regulation, the following regulations, in particular, come into consideration here:

  • Art. 6 para. 1 sentence 1 lit. a GDPR: The data subject has given their consent to the processing of their data for one or more specific purposes.
  • Art. 6 para. 1 sentence 1 lit. b GDPR: The processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that are taken at the request of the data subject.
  • Art. 6 para. 1 sentence 1 lit. c GDPR: The processing is necessary to fulfill a legal obligation to which the person responsible is subject
  • Art. 6 para. 1 sentence 1 lit. d GDPR: Processing is necessary to protect the vital interests of the data subject or another natural person
  • Art. 6 para. 1 sentence 1 lit. e GDPR: the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible
  • Art. 6 para. 1 sentence 1 lit. f GDPR: the processing is necessary to protect the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular, if the data subject is a child act

However, at the relevant points in this data protection declaration, we will always point out the legal basis on which the processing of your data takes place.

 

4)    Collection and storage of personal data and their type and purpose of use

a)    ordering a ticket

As part of the establishment of the contractual relationship, according to Art. 6 Para. 1 S. 1 lit. b GDPR only processes the personal data that is necessary for the execution of the contract (such as company name, title, first name, last name of the named contact person, position, address, if different: billing address, a valid e-mail address, telephone number). Any personal data going beyond this will be processed based on legitimate interest, insofar as you provide further information here, Art. 6 Para. 1 S. 1 lit. f) GDPR.

Checkout:

If you want to pay for the ticket on account, the payment will be processed directly by us. The data you provide for the payment process will be processed by us to fulfill our contractual obligations so that data processing is based on Art. 6 Para. 1 S. 1 lit. b DSGVO is based.

Otherwise, payment is processed by Xing Events GmbH and its service providers. You will be forwarded to the Xing Events GmbH website as part of the ordering process. Xing Events is a service provided by companies registered with New Work SE, Dammtorstr 30, 20354 Hamburg. You can find out more about data protection by Xing Events from the following link: https://privacy.xing.com/en

The further payment process is finalized via these platforms and we do not process any further data. After a successful application, you will receive an event code from us. You can use this to buy a ticket on the Xing Events website.

 

b)    Participation in virtual events

To participate in the virtual event, it is necessary to create a login profile. Mandatory information for the profile is first and last name, company name, and position, all other fields are optional. As part of this participation in virtual events, your data (first name, last name, job title, company name, country, e-mail address ) can be viewed by the other participants. When you participate in virtual master classes, your data will be transmitted to the lecturers. We need this data to ensure that you, as a ticket buyer, interact with other participants at the event under your name, have the right to participate in the event, and that participants can find, exchange, and network at the event based on this information. The processing is therefore carried out to provide the contractual services and for legitimate interest, Art 6 Para. 1 S. 1 lit. b) and f) GDPR.

on a HelloSpaces platform via Zoom (Zoom Video Communications, Inc.), which is based in San Jose (Ca) in the USA. HelloSpaces GmbH is a subsidiary of efec AG based in D-35578 Wetzlar.

more about data protection by Zoom ( Zoom Video Communications, Inc.) from the following link https://explore.zoom.us/de/privacy/ more about data protection by efec AG from the following link https://efec.de/datenschutzerklaerung/

  

c)     Scanning the name badge as part of the event participation

The name badge we issue for the event also contains a scannable code. This enables our sponsors and operators of stands and stages to access some of the information you provided when booking the ticket by scanning the code. After the event, the data scanned at the stand will be made available to the respective sponsors and operators to enable contact with the respective interested parties after the event. The data provided here is usually the full name of the interested party, company name, job title, e-mail, country, and time of the scan.

The processing of this data is necessary to protect the legitimate interests of us or a third party and outweighs the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, Art. 6 Para. 1 S. 1 lit. f GDPR.

In this case, our legitimate interest is to give our sponsors and stand operators the opportunity to track who they had contact with at the event and with whom a business relationship developed after the event (so-called “lead tracking ”). This is also in your interest, as this way you can be contacted by companies after the event, which strengthens the networking character of the event. Our interest in offering sponsors, operators, and you an optimal environment for networking outweighs your interest in not disclosing your data.

The processing also takes place following Art. 6 Para. 1 S. 1 lit. b GDPR to fulfill the contract concluded with us. The event is primarily an event for networking and mutual exchange. The processing of the information provided by you is, therefore, necessary to fulfill precisely this purpose and thus also the contract concluded with us.

If you do not agree to such processing, you also have the right to object so that your data will not be forwarded to the respective sponsor or operator after the event.

 

d)    Participation in the "Table Captain" event

As part of events, so-called "table captain" events are also offered for networking purposes.

The table captain is a well-known expert from the startup ecosystem and "hosts" a table that can usually seat up to eight participants.

Participants can reserve a seat at a table that particularly interests them.

To enable participants to network with each other, it is not only possible to see the respective table captain, but also the other people who will be at the respective table.

Your name and the company name you have provided will be shared.

The processing of this data is necessary to protect the legitimate interests of us or a third party and outweighs the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, Art. 6 Para. 1 S. 1 lit. f) GDPR.

Our interest here is again to offer the participants the best possible networking event for startups. For optimal networking among the participants, they must know the other people sitting at the table. Our interest in a successful networking event is also in the interest of those affected by the meaning of the GDPR, who also have an interest in networking as comprehensively and efficiently as possible. As a result, our interest outweighs the interest of participants who do not want to disclose their data.

The table reservation itself is made via the HelloSpaces platform ( Hello Spaces GmbH is a subsidiary of efec AG based in D-35578 Wetzlar. You can find out more about data protection by efec AG from the following link https://efec.de/datenschutzerklaerung/ ) who will also be informed of the occupancy of the respective table. The data is also passed on to HelloSpaces for the above legitimate interest, since without these reservations it is not possible to ensure that participants also get the seat at the table for which they have registered, Art. 6 Para. 1 S. 1 lit. f) GDPR.

 

e)    the message of your name

Bits & Pretzels is a networking event. The purpose is to get to know other people, investors, and other network partners. This is only possible if your name and contact details are also made available to other participants. This is done in a variety of ways, including through our website, our app, and as part of the virtual event.

The processing of this data is necessary to protect the legitimate interests of us or a third party and outweighs the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, Art. 6 Para. 1 S. 1 lit. f GDPR.

Our legitimate interest, in this case, is to allow you to get in touch with others. This is also in your interest, as you can be contacted by companies in this way, which strengthens the networking character of the event. Our interest in offering sponsors, operators, and you an optimal environment for networking outweighs your interest in not disclosing your data.

The processing also takes place following Art. 6 Para. 1 S. 1 lit. b GDPR to fulfill the contract concluded with us. The event is primarily an event for networking and mutual exchange. The processing of the information provided by you is, therefore, necessary to fulfill precisely this purpose and thus also the contract concluded with us.

 

5)    Further data processing

We process your contact data to fulfill contractual obligations and/or to carry out pre-contractual measures (Art. 6 Para. 1 S. 1 lit. b) GDPR) which are based on your ticket order, i.e. in particular

  • to fulfill the contract;
  • to correspond with you;
  • for invoicing;
  • to process warranty claims;
  • to process any existing liability claims and to assert any claims against you.

If you have given us your consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned (Art. 6 Para. 1 S. 1 lit. a) DSGVO). This concerns in particular:

  • the collection and storage of other personal data
  • Promotional speeches by telephone or e-mail
  • customer account
  • Newsletter dispatch

We can also use your data based on a balance of interests to protect our legitimate interests (Article 6 ( 1 ) sentence 1 lit. f GDPR) or that of third parties. This is done, for example, for the following purposes:

  • Keeping an order history for our future services
  • For customer advice and support and sales
  • general business management and further development of services and products
  • Advertising, market, and opinion research 

Since we are subject to various legal obligations, such as statutory commercial storage and documentation obligations (from HGB, StGB, or AO), we can also use your data based on legal requirements (Art. 6 Para. 1 S. 1 lit. c) DSGVO).

 

6)    Disclosure of Personal Data 

The transfer of personal data is also a process within the meaning of the previous paragraph 5. However, at this point, we would like to inform you separately about the topic of transfer to third parties. The protection of your data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.

 Your data is usually transmitted to third parties for the following purposes.

  • Processors with whom we have agreed following Art. 28 GDPR
  • Shipping (e.g. shipping service provider)
  • Payment (e.g. payment service provider)
  • Accounting (e.g. tax consultant)
  • Litigation (e.g. attorney)
  • Communication platform (e.g. email, WhatsApp, other messenger services)
  • Possibly authorities

 It will therefore only be passed on to third parties if there is a legal basis for processing. For example, we pass on personal data to persons or companies who work for us as processors following Art. 28 GDPR. A processor is anyone who processes personal data on our behalf - i.e. in particular in an instruction and control relationship with us

 Following the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus provide your data with comprehensive protection.

  

7)    Duration of Storage and Deletion

 Your data will be deleted by us if they are no longer necessary for the purposes for which they were collected or otherwise processed, the processing is not necessary to exercise the right to freedom of expression and information, to fulfill legal obligation reasons of public interest or to assert, exercise or defend legal claims.

 

‍8)    data subject rights

 You have the right:

 • According to Art. 7 Para. 3 GDPR, to revoke your consent given to us at any time. As a result, we can no longer process the data based on this consent

was based, may no longer be continued for the future;

 • to request information about your data processed by us following Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details;

• Following Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;

 • according to Art. 17 GDPR, to demand the deletion of your data stored by us, insofar as these are no longer necessary for the purposes for which they were collected or otherwise processed, the processing is not to exercise the right to freedom of expression and Information required to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims

 • following Art. 18 GDPR, to demand the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need them to assert, exercise or defend legal claims or you have objected to the processing following Art. 21 GDPR;

 • following Art. 20 GDPR, to receive the data that you have provided to us in a structured, common, and machine-readable format or to request transmission to another person responsible and

 • to complain to a supervisory authority following Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work.

 

9)    Right to object

 If your data is based on legitimate interests following Art. 6 Para. 1 S. 1 lit. f DSGVO is processed, you have the right to object to the processing of your data following Art. 21 DSGVO, provided that there are reasons for this that arise from your particular situation. If you would like to make use of your right of objection, an e-mail to privacy@bitsandpretzels.com is sufficient 

 

Status: 06/21/2022

‍

General data protection instructions by Article 13 for Bits&Pretzels HealthTech Conference

‍

‍

The following applies to our entire data protection declaration: If a term that refers to groups of people is only used in the masculine form, this has no gender-specific meaning, but is only intended to make it easier to read.

We conduct our Bits & Pretzels HealthTech Conference according to the principles set out below:

We undertake to comply with the legal provisions on data protection and strive to always take into account the principles of data avoidance and data minimization.

 

1)    Name and address of the person responsible and the data protection office

a)     The responsible person

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:

 

Startup Events GmbH

Rumfordstrasse 15

80469 Munich

Germany

Email: privacy@bitsandpretzels.com

Website: https://bitsandpretzels.com

 

b)    The data protection officer

You can reach the data protection officer of the person responsible as follows:

SiDIT GmbH, Langgasse 20, 97261 Güntersleben, info@sidit.de 

 

2)    Explanations of terms

We have designed our data protection declaration according to the principles of clarity and transparency. However, should there be any ambiguity regarding the use of different terms, the corresponding definitions can be viewed here [https://gdpr-info.eu/art-4-gdpr/].

 

3)    Legal basis for the processing of personal data

We only process your data such as your surname and first name, your e-mail address and IP address, etc. if there is a legal basis for this. According to the General Data Protection Regulation, the following regulations, in particular, come into consideration here:

  • Art. 6 para. 1 sentence 1 lit. a GDPR: The data subject has given their consent to the processing of their data for one or more specific purposes.
  • Art. 6 para. 1 sentence 1 lit. b GDPR: The processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that are taken at the request of the data subject.
  • Art. 6 para. 1 sentence 1 lit. c GDPR: The processing is necessary to fulfill a legal obligation to which the person responsible is subject
  • Art. 6 para. 1 sentence 1 lit. d GDPR: Processing is necessary to protect the vital interests of the data subject or another natural person
  • Art. 6 para. 1 sentence 1 lit. e GDPR: the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible
  • Art. 6 para. 1 sentence 1 lit. f GDPR: the processing is necessary to protect the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular, if the data subject is a child act

However, at the relevant points in this data protection declaration, we will always point out the legal basis on which the processing of your data takes place.

 

4)    Collection and storage of personal data and their type and purpose of use

a)    ordering a ticket

As part of the establishment of the contractual relationship, according to Art. 6 Para. 1 S. 1 lit. b GDPR only processes the personal data that is necessary for the execution of the contract (such as company name, title, first name, last name of the named contact person, position, address, if different: billing address, a valid e-mail address, telephone number). Any personal data going beyond this will be processed based on legitimate interest, insofar as you provide further information here, Art. 6 Para. 1 S. 1 lit. f) GDPR.

Checkout:

If you want to pay for the ticket on account, the payment will be processed directly by us. The data you provide for the payment process will be processed by us to fulfill our contractual obligations so that data processing is based on Art. 6 Para. 1 S. 1 lit. b DSGVO is based.

Otherwise, payment is processed by Xing Events GmbH and its service providers. You will be forwarded to the Xing Events GmbH website as part of the ordering process. Xing Events is a service provided by companies registered with New Work SE, Dammtorstr 30, 20354 Hamburg. You can find out more about data protection by Xing Events from the following link: https://privacy.xing.com/en

The further payment process is finalized via these platforms and we do not process any further data. After a successful application, you will receive an event code from us. You can use this to buy a ticket on the Xing Events website.

 

b)    Participation in virtual events

To participate in the virtual event, it is necessary to create a login profile. Mandatory information for the profile is first and last name, company name, and position, all other fields are optional. As part of this participation in virtual events, your data (first name, last name, job title, company name, country, e-mail address ) can be viewed by the other participants. When you participate in virtual master classes, your data will be transmitted to the lecturers. We need this data to ensure that you, as a ticket buyer, interact with other participants at the event under your name, have the right to participate in the event, and that participants can find, exchange, and network at the event based on this information. The processing is therefore carried out to provide the contractual services and for legitimate interest, Art 6 Para. 1 S. 1 lit. b) and f) GDPR.

on a HelloSpaces platform via Zoom (Zoom Video Communications, Inc.), which is based in San Jose (Ca) in the USA. HelloSpaces GmbH is a subsidiary of efec AG based in D-35578 Wetzlar.

more about data protection by Zoom ( Zoom Video Communications, Inc.) from the following link https://explore.zoom.us/de/privacy/ more about data protection by efec AG from the following link https://efec.de/datenschutzerklaerung/

  

c)     Scanning the name badge as part of the event participation

The name badge we issue for the event also contains a scannable code. This enables our sponsors and operators of stands and stages to access some of the information you provided when booking the ticket by scanning the code. After the event, the data scanned at the stand will be made available to the respective sponsors and operators to enable contact with the respective interested parties after the event. The data provided here is usually the full name of the interested party, company name, job title, e-mail, country, and time of the scan.

The processing of this data is necessary to protect the legitimate interests of us or a third party and outweighs the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, Art. 6 Para. 1 S. 1 lit. f GDPR.

In this case, our legitimate interest is to give our sponsors and stand operators the opportunity to track who they had contact with at the event and with whom a business relationship developed after the event (so-called “lead tracking ”). This is also in your interest, as this way you can be contacted by companies after the event, which strengthens the networking character of the event. Our interest in offering sponsors, operators, and you an optimal environment for networking outweighs your interest in not disclosing your data.

The processing also takes place following Art. 6 Para. 1 S. 1 lit. b GDPR to fulfill the contract concluded with us. The event is primarily an event for networking and mutual exchange. The processing of the information provided by you is, therefore, necessary to fulfill precisely this purpose and thus also the contract concluded with us.

If you do not agree to such processing, you also have the right to object so that your data will not be forwarded to the respective sponsor or operator after the event.

 

d)    Participation in the "Table Captain" event

As part of events, so-called "table captain" events are also offered for networking purposes.

The table captain is a well-known expert from the startup ecosystem and "hosts" a table that can usually seat up to eight participants.

Participants can reserve a seat at a table that particularly interests them.

To enable participants to network with each other, it is not only possible to see the respective table captain, but also the other people who will be at the respective table.

Your name and the company name you have provided will be shared.

The processing of this data is necessary to protect the legitimate interests of us or a third party and outweighs the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, Art. 6 Para. 1 S. 1 lit. f) GDPR.

Our interest here is again to offer the participants the best possible networking event for startups. For optimal networking among the participants, they must know the other people sitting at the table. Our interest in a successful networking event is also in the interest of those affected by the meaning of the GDPR, who also have an interest in networking as comprehensively and efficiently as possible. As a result, our interest outweighs the interest of participants who do not want to disclose their data.

The table reservation itself is made via the HelloSpaces platform ( Hello Spaces GmbH is a subsidiary of efec AG based in D-35578 Wetzlar. You can find out more about data protection by efec AG from the following link https://efec.de/datenschutzerklaerung/ ) who will also be informed of the occupancy of the respective table. The data is also passed on to HelloSpaces for the above legitimate interest, since without these reservations it is not possible to ensure that participants also get the seat at the table for which they have registered, Art. 6 Para. 1 S. 1 lit. f) GDPR.

 

e)    the message of your name

Bits & Pretzels is a networking event. The purpose is to get to know other people, investors, and other network partners. This is only possible if your name and contact details are also made available to other participants. This is done in a variety of ways, including through our website, our app, and as part of the virtual event.

The processing of this data is necessary to protect the legitimate interests of us or a third party and outweighs the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, Art. 6 Para. 1 S. 1 lit. f GDPR.

Our legitimate interest, in this case, is to allow you to get in touch with others. This is also in your interest, as you can be contacted by companies in this way, which strengthens the networking character of the event. Our interest in offering sponsors, operators, and you an optimal environment for networking outweighs your interest in not disclosing your data.

The processing also takes place following Art. 6 Para. 1 S. 1 lit. b GDPR to fulfill the contract concluded with us. The event is primarily an event for networking and mutual exchange. The processing of the information provided by you is, therefore, necessary to fulfill precisely this purpose and thus also the contract concluded with us.

 

5)    Further data processing

We process your contact data to fulfill contractual obligations and/or to carry out pre-contractual measures (Art. 6 Para. 1 S. 1 lit. b) GDPR) which are based on your ticket order, i.e. in particular

  • to fulfill the contract;
  • to correspond with you;
  • for invoicing;
  • to process warranty claims;
  • to process any existing liability claims and to assert any claims against you.

If you have given us your consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned (Art. 6 Para. 1 S. 1 lit. a) DSGVO). This concerns in particular:

  • the collection and storage of other personal data
  • Promotional speeches by telephone or e-mail
  • customer account
  • Newsletter dispatch

We can also use your data based on a balance of interests to protect our legitimate interests (Article 6 ( 1 ) sentence 1 lit. f GDPR) or that of third parties. This is done, for example, for the following purposes:

  • Keeping an order history for our future services
  • For customer advice and support and sales
  • general business management and further development of services and products
  • Advertising, market, and opinion research 

Since we are subject to various legal obligations, such as statutory commercial storage and documentation obligations (from HGB, StGB, or AO), we can also use your data based on legal requirements (Art. 6 Para. 1 S. 1 lit. c) DSGVO).

 

6)    Disclosure of Personal Data 

The transfer of personal data is also a process within the meaning of the previous paragraph 5. However, at this point, we would like to inform you separately about the topic of transfer to third parties. The protection of your data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.

 Your data is usually transmitted to third parties for the following purposes.

  • Processors with whom we have agreed following Art. 28 GDPR
  • Shipping (e.g. shipping service provider)
  • Payment (e.g. payment service provider)
  • Accounting (e.g. tax consultant)
  • Litigation (e.g. attorney)
  • Communication platform (e.g. email, WhatsApp, other messenger services)
  • Possibly authorities

 It will therefore only be passed on to third parties if there is a legal basis for processing. For example, we pass on personal data to persons or companies who work for us as processors following Art. 28 GDPR. A processor is anyone who processes personal data on our behalf - i.e. in particular in an instruction and control relationship with us

 Following the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus provide your data with comprehensive protection.

  

7)    Duration of Storage and Deletion

 Your data will be deleted by us if they are no longer necessary for the purposes for which they were collected or otherwise processed, the processing is not necessary to exercise the right to freedom of expression and information, to fulfill legal obligation reasons of public interest or to assert, exercise or defend legal claims.

 

‍8)    data subject rights

 You have the right:

 • According to Art. 7 Para. 3 GDPR, to revoke your consent given to us at any time. As a result, we can no longer process the data based on this consent

was based, may no longer be continued for the future;

 • to request information about your data processed by us following Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details;

• Following Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;

 • according to Art. 17 GDPR, to demand the deletion of your data stored by us, insofar as these are no longer necessary for the purposes for which they were collected or otherwise processed, the processing is not to exercise the right to freedom of expression and Information required to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims

 • following Art. 18 GDPR, to demand the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need them to assert, exercise or defend legal claims or you have objected to the processing following Art. 21 GDPR;

 • following Art. 20 GDPR, to receive the data that you have provided to us in a structured, common, and machine-readable format or to request transmission to another person responsible and

 • to complain to a supervisory authority following Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work.

 

9)    Right to object

 If your data is based on legitimate interests following Art. 6 Para. 1 S. 1 lit. f DSGVO is processed, you have the right to object to the processing of your data following Art. 21 DSGVO, provided that there are reasons for this that arise from your particular situation. If you would like to make use of your right of objection, an e-mail to privacy@bitsandpretzels.com is sufficient 

 

Status: 06/21/2022

‍

#bits23

Events

  • Founders Festival (24–26 September, 2023)
  • HealthTech Conference (20–21 June, 2023)

More

  • Imprint
  • Terms of Service
  • Privacy Policy
  • Journalist
    Accreditation form
  • Design-Partner

Contact

Startup Events GmbH
Rumfordstraße 15
80469 Munich
Germany

hello@bitsandpretzels.com