Privacy Policy
This privacy policy explains what personal data is processed for what purposes by 22 Ventures GmbH, Kreillerstraße 2120, 81825 Munich ("we" or "22Ventures") as the controller in connection with this website.
I. Nature, purpose and legal basis of the data processing operations
We process the personal data described in more detail below in accordance with the provisions of the DS-GVO, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 (1) p. 1 lit. f DS-GVO, the aforementioned purposes also represent our legitimate interests.During the informational use of the websites, the following categories of personal data are collected, stored and processed by us:
1. "Log data":
When you visit our websites, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
- of the page from which the page was requested (so-called referrer URL),
- the name and URL of the requested page,
- the date and time of the call,
- der Beschreibung des Typs, Sprache und Version des verwendeten Webbrowsers,
- the description of the type, language and version of the web browser used,
- the amount of data transferred,
- the operating system,
- the message whether the call was successful (access status/http status code),
- the GMT time zone difference.
The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 para. 1 p. 1 lit. a or lit. f DS-GVO).
2. "Contact Form Data":
When contact forms are used, the data transmitted through them are processed (e.g. gender, surname and first name, address, company, e-mail address and the time of transmission).
The processing of contact form data is carried out for the purpose of processing your inquiries (legal basis is Art. 6 para. 1 p. 1 lit. b or lit. f DS-GVO).
II. Duration of data processing
Unless a specific data retention period is specified in this privacy policy, we will only process your data for as long as is necessary for the respective purposes; the legal bases specified in the context of the processing purposes apply accordingly or statutory retention obligations exist. After the respective processing purpose ceases to apply and retention obligations end, your data will be routinely deleted.
Third parties engaged by us will store your data on their systems for as long as is necessary in connection with the provision of services for us in accordance with the respective order.
III. Transfer of personal data to third parties; basis for justification
We use external service providers (e.g. for IT, logistics, telecommunications, sales and marketing) to process our business transactions. These service providers are only active according to our instructions and are contractually obligated to comply with the data protection regulations according to Art. 28 DS-GVO.
If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing order processing relationships.
The following categories of recipients, which are usually processors (see A.(7)), may receive access to your personal data:
- Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. b or lit. f DS-GVO, insofar as it does not involve order processors;
- Government agencies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the disclosure is then Art. 6 para. 1 p. 1 lit. c DS-GVO;
- Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. b or lit. f DS-GVO.
For the guarantees of an adequate level of data protection in the event of a transfer of the data to third countries, see A.(8).
In addition, we will only disclose your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 (1) p. 1 lit. a DS-GVO.
IV. Hosting
Webflow
The provider is the Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as “Webflow”). When you visit our website, Webflow records various logfiles, including your IP address.
Webflow is a tool for the creation and hosting of websites. Webflow stores cookies or other recognition technologies that are required for the depiction of the site, for the provision of certain website functions and to guarantee its security (necessary cookies).
For details, please consult the data privacy policy of Webflow: https://webflow.com/legal/eu-privacy-policy.
We use Webflow on the basis of Art.6(1)(f) GDPR. We have a legitimate interest in ensuring that our website is depicted as reliable as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
The transfer of data to the United States is based on the standard contract clauses of the EU Commission. For details, please go to: https://webflow.com/legal/eu-privacy-policy.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TT9jAAG&status=Active
IV. Your rights
You can exercise your rights as a data subject with regard to your processed personal data by contacting us at:
22Ventures GmbH,
– Data Protection Officer –
Kreillerstraße 210, 81825 München,
Telefon: +49 171 628 4122
E-Mail: info@22ventures.eu
assert at any time. You have the right as a data subject:
Right of objection
object to the processing pursuant to Art. 21 DS-GVO, provided that the processing is based on Art. 6 (1) p. 1 lit. e or lit. f DS-GVO. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
Right to information, data portability, deletion, correction, blocking and revocation of consent
You can request information about your stored personal data (Art. 15 GDPR). You also have the right to receive this data in a standard and machine-readable format (Art. 20 DSGVO). If your personal data is transferred to a country outside the EU that does not provide adequate protection, you may request a copy of the contract that ensures the adequate protection of personal data. Finally, you have the right to obtain the essential of the joint responsibility agreement between the City of Hamburg and 21Dx).
In addition, in justified cases, you may also request the deletion, correction or restriction of the processing of your data (Art. 17-19 DSGVO).You may revoke any consent you have given at any time.
Right of appeal
In case of questions and in case of possible concerns about the data processing, you can also contact a supervisory authority.
Responsible for us is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA),
Promenade 18, 91522 Ansbach,
E-Mail: poststel-le@lda.bayern.de.
VI. Changes to the privacy notice
In the context of the further development of data protection law and technological or organizational changes, our data protection information is regularly reviewed to determine whether it needs to be adapted or supplemented. You will be informed of any changes, in particular on our German website at www.22ventures.eu. This data protection notice is current as of November 2022.