Privacy policy


PRIVACY POLICY


1    SCOPE OF APPLICATION AND RESPONSIBILITY

This data protection information only applies to the processing of personal data when you visit and use our website seedhouse.de (“online offering”). The data protection information does not apply to websites or apps of other providers to which we refer as part of our online offering. Please contact the respective provider to find out how they handle your data if you are redirected from our online offering to other websites or apps. 

 

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable person (“data subject”). This includes, for example, personal details such as name, address, email address and telephone number, but also further information such as messages you send us or your user behavior in relation to our online offering. The explanation for all other terms can be found in the definitions of Art. 4 GDPR. 

 

It is generally possible to use our website without providing personal data.

 

The controller within the meaning of Art. 4 No. 7 GDPR is: 

Seedhouse Accelerator GmbH 
An der Katharinenkirche 3

49074 Osnabrück

Responsible for content according to § 18 Abs. 2 MStV: Florian Stöhr (address see above)

 

With this data protection notice, we would like to inform you about our processing operations and at the same time comply with the legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).

 

2    WHAT PERSONAL DATA DO WE COLLECT?

When you use our online services, we collect various categories of personal data for different purposes. We would like to present these data processing procedures as clearly as possible for you below.

 

2.1    Visiting our website (log files)

When you visit our website, we automatically record every access in a log file that your browser transmits to us. The following data is stored by us (“log files”)

- Date, time, place and country of access to our website (or the server request)
- Operating system, browser type, browser version and anonymized IP address of the end device
- Internet service provider, 
- Website that was previously visited (referrer URL),
- Amount of data transferred. 

 

The processing of this information is technically necessary to display the website properly and to ensure stability and security. The information is processed exclusively for the aforementioned purposes. No further analysis of the user data takes place. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. 

 

This data is processed by the host of our website Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (“Host”). The Host acts as a processor and we have concluded a corresponding contract for commissioned data processing with it.

Die Verarbeitung dieser Daten erfolgt durch den Host unserer Website: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen  („Host“). Der Host agiert als Auftragsverarbeiter und wir haben einen entsprechenden Vertrag zur Auftragsdatenverarbeitung mit ihm geschlossen.

 

2.2    (Visiting our website) Cookies

When you visit and use our website, we may use cookies. Cookies are small text files that are sent from our web server to the browser of your end device and stored on it. Cookies help in many ways to make your visit to our website easier, more pleasant and more secure. This website uses the following types of cookies:

 

Necessary cookies: Necessary cookies are cookies that are required for the use of our website and its basic functions. Without these cookies, the website does not work or does not work properly; these cookies can therefore not be deselected. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR. These cookies are generally deleted at the end of the website visit, at the latest when the browser is closed.

 

Optional cookies: Optional cookies are cookies that make it possible, for example, to analyze data traffic, usage behavior and the technical functionality of the website in order to optimize the quality and user-friendliness of the website (performance cookies), that store personal settings so that they do not have to be entered again on the next visit (functional cookies) or that combine certain information on usage behavior on our site with such information from other providers in order to be able to make personalized advertising offers (marketing cookies). 

 

Any use of optional cookies constitutes data processing that is only permitted with your express and active consent via our cookie banner and can be managed and revoked at any time via this banner. The legal basis is then Art. 6 para. 1 sentence 1 lit. a GDPR. 

 

The use of optional cookies and other analysis and marketing technologies is further explained in the following sections.

 

2.3    Google Maps 

We use Google Maps, an online map service provided by Google Inc, Mountain View, USA, in the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). 

 

The purpose of our use of this tool is to show you our company location on a map. 

 

If you access a website on our website that contains Google Maps and you have consented to the use of optional cookies, your browser will establish a connection with Google's servers to integrate the map content. Information about your use of this website, including your IP address and addresses entered as part of the route planner function, will be transmitted to Google. 

 

Google acts as a processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are partly transferred to Google servers in the USA and processed there. Google has certified itself as a secure data recipient that complies with the data protection principles of the Data Privacy Framework. When data is transferred to the USA by Google, a data protection standard is therefore maintained that corresponds to that of the GDPR. We have also agreed so-called standard contractual clauses with Google, the purpose of which is to maintain an appropriate level of data protection in the third country. 

 

The legal basis for the collection and further processing of the information is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can withdraw your consent at any time (see section 5). 

 

Google provides information on data processing when using Google Maps at this link.

 

2.4    Contact via contact form, e-mail or telephone | HubSpot | Microsoft Office 365

If you would like information about us and our services or would like to contact us for any other reason, you can contact us at any time using our contact form, by e-mail or by telephone. We will then process the information you provide in order to process your request and communicate with you. 

 

The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR or, if we already have a contractual relationship with you or the contact serves to initiate such a contractual relationship, Art. 6 para. 1 sentence 1 lit. b GDPR. You can object to the further processing of your data at any time if you no longer wish this (see section 6), without this affecting the permissibility of the processing up to the point of revocation. 

 

The data that we collect in connection with your contact request will be deleted as soon as your request has been fully and finally processed and no further communication with you is necessary or desired by you.

 

We use HubSpot to manage the data that you provide to us when you contact us. The provider is Hubspot Inc. 25 First Street, Cambridge, MA 02141 USA (hereinafter “HubSpot”). 

 

Among other things, HubSpot enables us to manage existing and potential customers and customer contacts.  

 

HubSpot acts as a processor and we have concluded a corresponding contract with HubSpot. Some of the data collected by HubSpot is transferred to HubSpot servers in the USA. HubSpot has certified itself as a secure data recipient that complies with the data protection principles of the Data Privacy Framework. When HubSpot transfers data to the USA, a data protection standard is therefore maintained that corresponds to that of the GDPR. We have also agreed so-called standard contractual clauses with HubSpot, the purpose of which is to maintain an adequate level of data protection in the third country. 

 

You can find details on how HubSpot handles data here.

 

We also use Outlook, an application that is part of Microsoft Office 365, to contact you. Microsoft Office 365 is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”).

 

We use Microsoft Office 365 to send and receive emails. For this purpose, the contact data that we enter in HubSpot is imported into Microsoft Office 365.

 

Microsoft acts as a processor and we have concluded a corresponding contract with Microsoft. As a Microsoft Office 365 corporate customer based in Germany, data entered by us is automatically stored in Germany. Should data nevertheless be transferred to Microsoft servers in the USA. Microsoft has certified itself as a secure data recipient that complies with the data protection principles of the Data Privacy Framework. When data is transferred to the USA by Microsoft, a data protection standard is therefore maintained that corresponds to that of the GDPR. 

 

Details on how Microsoft handles data from corporate customers like us can be found here. You can find Microsoft's privacy policy here.

 

2.5    Newsletter

On our website, we offer you the opportunity to subscribe to our newsletter using a registration form. To receive the newsletter, we need your e-mail address. The data you provide for this purpose will only be processed for sending our newsletter. 

 

We use a double opt-in procedure to subscribe to our newsletter. This means that after using the registration form, you must once again expressly consent to receiving the newsletter. For this purpose, you will receive an e-mail with a separate activation link after registration. This confirmation is necessary to prevent misuse. If the activation link is not confirmed within 30 days, all data and information previously collected for the newsletter will be deleted.

 

The newsletter is sent and your data is processed for this purpose on the basis of your voluntary consent. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time (see section 5). We store the data collected for the newsletter for the duration of your registration. 

 

You can unsubscribe from the newsletter free of charge at any time with effect for the future and withdraw your consent. Your revocation will result in the deletion of the data collected by us for the purpose of sending the newsletter.

 

We also use the services of Hubspot for our newsletter service. You can find more information about this provider in section 2.4. 

 

2.6    Usercentrics Cookiebot

So that you can decide for yourself what information you want to send us, we use the cookiebot service from Usercentrics A/S, Havnegade 39
1058 Copenhagen, Denmark (“Usercentrics”). 

 

The purpose of using this service is to enable you to choose which cookies or other data transfers you wish to accept. 

 

The legal basis for the processing of your data is Art. 6 para. 1 lit. c GDPR, as we are obliged to design and operate our website in compliance with data protection regulations

 

Usercentrics collects data on our website such as your IP address, date and time of consent, browser information and the URL from which the consent was sent. The functionality of the website cannot be guaranteed without this processing. 

 

Usercentrics acts as a processor and we have concluded a corresponding contract with Usercentrics. The processing of data by Usercentrics takes place in the European Union. 

 

Further information on data processing by Usercentrics can be found here, Usercentrics' privacy policy can be found here

 

3    SHARING YOUR DATA

We will only pass on your data to third parties if we are authorized to do so on the basis of your consent or if we are authorized or obliged to do so under applicable law. The same applies if we receive your data from third parties, i.e. neither from you nor from companies commissioned by us. 

 

In addition to the third parties expressly named in this data protection notice, external service providers for the operation of our website may also receive access to your data within the framework of order processing contracts, government agencies and authorities, insofar as this is necessary to fulfill a legal obligation, or persons employed to carry out our business operations (such as auditors, legal advisors, insurance companies, banks, supervisory authorities). Insofar as external service providers come into contact with your personal data, we take legal, technical and organizational measures to ensure that they comply with the provisions of data protection laws and - insofar as they act as processors - only process your data on our behalf and in accordance with our instructions.

 

Some third-party data processing companies may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively on the basis of your consent, to fulfill contractual and business obligations and to maintain your business relationship with us (legal basis is Art. 6 para. 1 lit. a, lit. b or lit. f in each case in conjunction with Art. 44 ff. GDPR). We will inform you about the respective details of the transfer at the relevant points. The European Commission certifies that some third countries have a data protection standard comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here.


Among other things, the European Commission certifies that the data protection standard provided for in the Data Privacy Framework is comparable to the EEA standard by means of an adequacy decision. When data is transferred to the USA by a company certified under the Data Privacy Framework, a data protection standard is therefore maintained that corresponds to that of the GDPR.

 

4    STORAGE PERIOD AND DELETION OF DATA 

Unless expressly or otherwise stated above, the data collected by us will be deleted as soon as it is no longer required for the purpose for which it was collected. 

 

Contact form data and other data that you transmit to us in the context of other contact will be deleted as soon as the purpose of the processing no longer applies, i.e., for example, your request has been fully and finally processed and resolved and no further communication with you is required or desired by you. 

 

5    YOUR RIGHTS AS A DATA SUBJECT

Right to information: You have the right to request access to your personal data stored by us at any time free of charge under the conditions of Art. 15 GDPR if we process this data. This gives you the opportunity to check which personal data we process about you and that we use it in accordance with applicable data protection regulations.

 

Right to rectification: You have the right to have incorrect or incomplete personal data corrected and to be informed about the correction under the conditions of Art. 16 GDPR. In this case, we will inform the recipients of the data concerned about the adjustments made, unless this is impossible for us or involves disproportionate effort.

Right to erasure: You have the right to have your personal data erased under the conditions of Art. 17 GDPR. In individual cases, the right to erasure may be restricted or excluded in accordance with Art. 17 (3) GDPR or Art. 35 GDPR.

 

Right to restriction of processing: Under the conditions of Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.

 

Right to data portability:Under the conditions of Art. 20 GDPR, you have the right to receive the personal data that you have provided to us free of charge in a readable format. However, the restrictions of Art. 20 (3) and (4) GDPR and Section 28 BDSG must be taken into account.

 

Right of revocation: You have the right to revoke any declaration of consent granted under data protection law at any time.The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

6    OPPOSITION 

You can object to the processing of personal data concerning you by us at any time for reasons arising from your particular situation, insofar as we use this data to safeguard legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). In the event of a justified objection, we must refrain from any further processing of your data, unless it is necessary for compelling reasons worthy of protection that outweigh your interests, rights and freedoms, or for the assertion, exercise or defense of legal claims.

 

If your personal data is processed by us for direct marketing purposes, you have the right to object to the processing of your data for such marketing purposes at any time without restriction. In this 
In this case, it is not necessary to specify a particular situation. In the event of your objection, processing for direct marketing purposes will cease immediately.

 

To object, you can use the above-mentioned contact options in any form. 

 

7    RIGHT TO COMPLAIN

If you are of the opinion that the processing of personal data concerning you by us violates data protection regulations, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, in accordance with Article 77 GDPR. 
In Lower Saxony, the competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information of Lower Saxony, which can be reached using the contact details below:

 

In Lower Saxony, the competent supervisory authority is the State Commissioner for Data Protection of Lower Saxony, which can be reached at the following contact details:

 

The State Commissioner for Data Protection of Lower Saxony
Prinzenstrasse 5
30159 Hanover

 

E-mail: poststelle@lfd.niedersachsen.de 
Phone: 0511/120-4500 

 

8    DATA SECURITY 

For security reasons and to protect the transmission of confidential content, your data is transmitted in encrypted form. We use technical and organizational measures, in particular TSL (Transport Layer Security) encryption technology, to protect our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons. 

 

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the likelihood and severity of the violation of the rights and freedoms of natural persons.