Data protection

We undertake to comply with the legal provisions on data protection and strive to always take into account the principles of data avoidance and data minimization.

1.     Name and address of the person responsible and the data protection officer

a)    The responsible person

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:

Startup Events GmbH

Rumfordstr . 15

80469 Munich

Email: privacy@bitsandpretzels.com 

b)    The data protection officer

The data protection officer of the person responsible is:

SiDIT GmbH, Langgasse 20, 97261 Güntersleben, info@sidit.de 

2.     Explanations of terms

We have designed our data protection declaration according to the principles of clarity and transparency. However, should there be any ambiguity regarding the use of different terms, the corresponding definitions can be viewed here [https://dsgvo-gesetz.de/art-4-dsgvo/].

3.     Legal basis for the processing of personal data

a)    Processing of personal data according to the GDPR

We only process your personal data such as your surname and first name, your e-mail address and IP address, etc. if there is a legal basis for this. According to the General Data Protection Regulation, the following regulations in particular come into consideration here:

·       Art. 6 para. 1 sentence 1 lit. a GDPR: The data subject has given their consent to the processing of their personal data for one or more specific purposes.

·       Art. 6 para. 1 sentence 1 lit. b GDPR: The processing is necessary for the performance of a contract to which the data subject is party, or for the implementation of pre-contractual measures that are taken at the request of the data subject.

·       Art. 6 para. 1 sentence 1 lit. c GDPR: The processing is necessary to fulfill a legal obligation to which the person responsible is subject

·       Art. 6 para. 1 sentence 1 lit. d GDPR: Processing is necessary to protect the vital interests of the data subject or another natural person

·       Art. 6 para. 1 sentence 1 lit. e GDPR: the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible

·       Art. 6 para. 1 sentence 1 lit. f GDPR: processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail, especially if the data subject is a child acts

However, at the relevant points in this data protection declaration, we will always point out the legal basis on which the processing of your personal data takes place.

b)    Processing of information according to § 25 Abs.1 TTDSG

We also process information in accordance with Section 25 (1) TTDSG by storing information on your terminal device or accessing information that is already stored on your terminal device. This can be both personal information and non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses and IMEI numbers. Terminal equipment is any device connected directly or indirectly to the interface of a public telecommunications network for sending, processing or receiving messages, Section 2 Paragraph 2 No. 6 TTDSG.

We usually process this information on the basis of your consent, Section 25 (1) TTDSG.

As far as an exception according to § 25 Abs.2 Nr. 1 und Nr.2 TTDSG is given, we do not need our consent. One such exception is where we are accessing or storing the information solely to transmit a message over a public telecommunications network or where it is strictly necessary for us to provide a telemedia service that you have specifically requested. You can revoke your consent at any time.

We inform you that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the point of revocation

4.     Passing on of the personal Data

The transfer of personal data is also processing within the meaning of the previous paragraph 3. However, we would like to inform you again separately about the topic of transfer to third parties. The protection of your personal data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.

It will therefore only be passed on to third parties if there is a legal basis for processing. For example, we pass on personal data to persons or companies who work for us as processors in accordance with Art. 28 GDPR. Processor is anyone who processes personal data on our behalf - i.e. in particular in an instruction and control relationship with us

In accordance with the requirements of the GDPR, we conclude a contract with each of our processors in order to oblige them to comply with data protection regulations and thus to provide your data with comprehensive protection.

5.     Storage and Deletion

Your personal data will be deleted by us if they are no longer necessary for the purposes for which they were collected or otherwise processed, the processing is not necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation reasons of public interest or to assert, exercise or defend legal claims.

6.     SSL encryption

Our app uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the app operator.

If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.

7.     Collection and storage of personal data and their type and purpose of use 

a) Downloading the App

When downloading the mobile app, the required information is transferred to the App Store or Play Store, i.e. in particular user name, email address and customer number of your account, time of download, payment information and the individual device code. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.

b) Use of the App

When using the mobile app, we collect the personal data described below to enable convenient use of the functions. If you want to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security:

·       IP address

·       Date and time of the request

·       Time zone difference to Greenwich Mean Time (GMT)

·       Content of the request (specific page)

·       Access Status /HTTP Status Code

·       operating system and its surface

·       Browser software language and version.

·       Name of the mobile device, e-mail address

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

c)     Registration

As part of the registration, we collect and process your first and last name as well as your e-mail address, company and job title and a password of your choice. In addition, you can also enter your LinkedIn profile URL in a next step.

provision of our services in accordance with Article 6 Paragraph 1 Sentence 1 lit. b) and f) GDPR.

This data is stored in our backend.

d)    Use of the chat function

You have the option of allowing the "Chat" function in the app. By activating the chat function during registration, you have the option of starting a chat with other users and exchanging ideas within this framework. Other users also have the option of contacting you via the chat function if you have activated the "Chat" function.

When using the chat function, the following inventory data is processed:

·   First and Last Name

When exchanging messages, only the following information is passed on to the respectively addressed user or user group:

·   First and Last Name

·   content of the message

·   Date and time of the message

The legal basis for processing this data is Art. 6 Para. 1 S. 1 lit. b) and f) GDPR to provide our services and for our legitimate interest.

e)    favorite function

In the app, you have the option of adding a user as a favorite and being added as a favorite yourself . The favorite user is not informed about this.

This favorites function is used to conveniently find other users. The data processing is therefore based on our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR on it.

f)      contact scanning

As part of the app, you have the option of scanning the QR code of another user and thus saving their contact in the app. You can also make your QR code available to another user to scan. For this it is necessary that you allow the app access to your camera. This function is used to network users with each other.

The legal basis for processing this data is Art. 6 Para. 1 S. 1 lit. b) and f) GDPR to provide our services and for our legitimate interest.

g)    meeting requests

meeting requests " function during registration , you have the option in the app to contact other users and send a meeting request with the date and time. Other users also have the option of sending you such meeting requests if you have allowed this function.

As part of the meeting request , your first and last name, the date and time of the meeting and your message will be transmitted.

The legal basis for processing this data is Art. 6 Para. 1 S. 1 lit. b) and f) GDPR to provide our services and for our legitimate interest.

h)    push notifications

Under the menu item "More - Settings" you can confirm whether you would like to receive news via push notifications, even if you are not actively using our app or the device is idle.

You can switch this function on or off at any time later on the mobile device under "More - Settings". The push notifications are delivered using servers provided by the manufacturers of the operating systems. The mobile devices must therefore be registered with these servers, which requires the transmission of a UUID (iOS) or the device ID (Android) assigned to the device.

The legal basis here results from Art. 6 Para. 1 S. 1 lit. b) GDPR to provide our services based on the request you made, as well as our legitimate interest, Art. 6 Para. 1 S. 1 lit. f) GDPR.

i)      Help

We provide you with a support email address in our app that you can contact at any time if you have a question about the app.

If you send us inquiries about this, your details from the e-mail, including the contact details you provided there, will be processed in accordance with Article 6 Paragraph 1 p . 1 lit. b and f GDPR to carry out pre-contractual measures that take place at your request or to exercise our legitimate interest, namely to carry out our business activities .

The inquiries and the associated data will be deleted no later than 3 months after receipt, provided they are not required for a further contractual relationship.

j)      Newsletter

Content of the newsletter and registration data

We will only send you a newsletter if you order it from us and give your consent in accordance with Art. 6 para. p . 1 lit. a DSGVO have granted. The contents of the newsletter are specifically described when registering for the newsletter. To register for the newsletter, it is sufficient to provide your e-mail address. If you provide further voluntary information such as your name and/or your gender, this will only be used to personalize the newsletter addressed to you.

Double opt- in and logging

opt -in procedure to register for our newsletter so that nobody can register with someone else's e-mail address . Therefore, after registering for our newsletter, you will first receive an e-mail asking you to confirm your registration. This only becomes effective once the registration has been confirmed.

Furthermore, your registration for the newsletter will be logged. The logging includes the storage of the registration and confirmation time, your specified data and your IP address. If you make changes to your data, these changes will also be logged.

revocation

If you no longer wish to receive our newsletter, you can revoke your consent at any time for the future. You can do this by clicking on the unsubscribe link at the end of each newsletter or by sending us an email to the following email address: privacy@bitsandpretzels.com 

The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

8.     rights of the data subject

You have the following rights:

a)    Information

In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. This right to information includes information about

·       the processing purposes

·       the categories of personal data

·       the recipients or categories of recipients to whom your data has been or will be disclosed

·       the planned storage period or at least the criteria for determining the storage period

·       the existence of a right to rectification, erasure, restriction of processing or objection

·       the existence of a right of appeal to a supervisory authority

·       the origin of your personal data, if they were not collected from us

·       the existence of automated decision-making including profiling and, where appropriate, meaningful information on its details

b)    correction

According to Art. 16 GDPR, you have the right to immediate correction of incorrect or incomplete personal data stored by us.

c)     deletion

According to Art. 17 GDPR, you have the right to request the immediate deletion of your personal data from us, provided that further processing is not necessary for one of the following reasons:

·       the personal data are still necessary for the purposes for which they were collected or otherwise processed

·       to exercise the right to freedom of expression and information

·       to fulfill a legal obligation that requires processing under European Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller

·       for reasons of public interest in the field of public health pursuant to Art. 9 Para. 2 lit. h and i as well as Art. 9 Para. 3 GDPR

·       for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the law mentioned under section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing

·       to assert, exercise or defend legal claims

d)    restriction of processing

In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data for one of the following reasons:

·       You contest the accuracy of your personal data.

·       The processing is unlawful and you oppose the erasure of the personal data.

·       We no longer need the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims.

·       You object to the processing in accordance with Art. 21 (1) GDPR.

e)    briefing

If you want the correction or deletion of your personal data or a restriction of processing according to Art. 16 , Art. 17 Para. 1 and Art. 18 GDPR, we will inform all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can request that we inform you of these recipients.

f)      transmission

You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format.

You also have the right to request the transmission of this data to a third party, provided that the processing was carried out using automated procedures and is based on consent in accordance with Art. 6 Para . 1 S. 1 lit. a or Art. 9 Para . 2 lit. a or on a contract pursuant to Art. 6 Para. 1 p . 1 lit. b DSGVO is based.

g)    revocation

In accordance with Art. 7 Para. 3 GDPR, you have the right to revoke the consent you have given us at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. In the future, we may no longer continue the data processing that was based on your revoked consent.

h)    Complaint

According to Art. 77 GDPR, you have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the GDPR.

i)      contradiction

If your personal data is based on legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO are processed, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying the particular situation. If you would like to make use of your right of revocation or objection, an e-mail to privacy@bitsandpretzels.com is sufficient 

j)      Automated individual decision-making including profiling

to be subject to a decision based solely on automated processing, including profiling , which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

                i.         is necessary for entering into, or the performance of, a contract between you and us

              ii.         is permitted on the basis of legal regulations of the European Union or the member states to which we are subject and these legal regulations contain appropriate measures to protect your rights and freedoms as well as your legitimate interests

             iii.         takes place with your express consent

Para . 1 DSGVO, unless Art. 9 Para. 2 lit. a or g DSGVO applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in i) and iii), we take appropriate measures to protect your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision heard.

9.     Change to the privacy policy

If we change the data protection declaration, this will be indicated in the app.

Status: 06/15/2023

‍