III. Use of third-party providers
14. Online meetings and webinars with Zoom
To conduct online meetings, workshops and webinars, we use the provider "Zoom" of Zoom Video Communications, Inc. The processing of personal data of meeting participants takes place exclusively in data centers in the European Union. Personal data is not transferred to the USA or any other third country.
We have concluded an order processing agreement with "Zoom" that includes the EU standard contractual clauses. The data of meeting participants (specified name, specified email address, duration of participation in meetings) are stored for a maximum period of 12 months.
The legal basis for the use of Zoom is Art. 6 para. 1 lit. b DS-GVO. In the case of "open webinars", it is Art. 6 (1) lit. f DS-GVO. For more information on the processing of personal data at Zoom, please visit https://zoom.us/de-de/gdpr and https://zoom.us/de-de/privacy.html.
15. Use of Zammad as a ticket system
(1) We use the ticket system Zammad, a service provided by Zammad GmbH, Marienstraße 11, 10117 Berlin, to process customer inquiries. For this purpose, when you contact us data such as surname, first name, email address and, optionally, any attachment to the message sent to us via our website are recorded so that we can process your inquiry. Zammad GmbH stores the data processed for us in Germany.
(2) For more information about Zammad's data processing please see the Zammad privacy policy at https://zammad.com/de/datenschutz.
(3) If you contact us by email, via the form or chat on the website, we will only use the personal data you provide for processing your specific request. The data provided will be treated confidentially. The data provided and the message history with our team will be stored for a period of six months for follow-up questions and subsequent contact. The data entered in the contact form will be processed on the basis of your consent (Art. 6 Section 1 a GDPR).
(4) We have concluded an agreement with Zammad GmbH. for contract data processing.
16. Use of Mailjet as a contract data processor
(1) Sending emails to the various user groups is a central function of the platform. This ensures that content is communicated promptly and personally. For the purpose of sending emails we use the email dispatch service Mailjet GmbH, Rankestr. 21, 10789 Berlin, Germany. Only the email addresses required for sending the newsletter are transferred and temporarily stored. Email addresses are used exclusively in the context of Startnext and are not passed on to third parties. You can find Mailjet's privacy policy at https://www.mailjet.de/privacy-policy/. The legal basis for the use of the distribution service provider is the consent pursuant to Art. 6 para. 1 p. 1 lit. which you can revoke at any time via the newsletter or by email. We have concluded an order processing agreement with Mailjet pursuant to Art. 28 Section 3 Sentence 1 GDPR. We have concluded a contract processing agreement with Mailjet in accordance with Art. 28 Section 3. 1 GDPR.
(2) Mailjet may use the recipient's data in pseudonymized form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical optimization of the distribution and presentation of the newsletter or for statistical purposes. However, the distribution service does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.
(3) According to Mailjet, they store your personal data, only as long as it is necessary to provide its services. Mailjet will delete your data when we delete you from our address file.
17. Use of Sendinblue as a contract data processor
(1) Sending emails to the various user groups is a central function of the platform. This ensures that content is communicated promptly and personally. For the purpose of sending emails we use the email dispatch service Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Only the email addresses required for sending the newsletter are transferred and temporarily stored. Email addresses are used exclusively in the context of Startnext and are not passed on to third parties. You can find Sendinblue's privacy policy at https://www.sendinblue.com/legal/privacypolicy/. The legal basis for the use of the distribution service provider is the consent pursuant to Art. 6 para. 1 p. 1 lit. which you can revoke at any time via the newsletter or by email. We have concluded an order processing agreement with Mailjet pursuant to Art. 28 Section 3 Sentence 1 GDPR. We have concluded a contract processing agreement with Sendinblue in accordance with Art. 28 Section 3. 1 GDPR.
(2) Sendinblue may use the recipient's data in pseudonymized form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical optimization of the distribution and presentation of the newsletter or for statistical purposes. However, the distribution service does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.
(3) According to Sendinblue, they store your personal data, only as long as it is necessary to provide its services. Sendinblue will delete your data when we delete you from our address file.
18. Use of Google Analytics
(1) This platform uses Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how visitors use the site. The information generated by the cookies about your use of this platform is usually transferred to a Google server in the USA and stored there. However, by anonymizing your IP address on this platform, Google will previously truncate your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The data is deleted by Google 14, 26, 38 or 50 months after your (last) visit to our website. On behalf of the operator of this website, Google will use this information to evaluate your use of the platform, to compile reports on website activity and to provide the website operator with further services associated with website and internet use.
(2) The (anonymized) IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data.
(3) A detailed description of the cookies used in connection with the use of Google Analytics can be found here.
(4) This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that a personal reference can be ruled out. If any data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user by means of the statistics. In exceptional cases where personal data originating in Europe is transferred to the USA, the EU standard contractual clauses that we have concluded with Google apply. The legal basis for the use of Google Analytics is the consent that you have given us via our cookie banner and can revoke at any time here.
(6) Third party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms of use: http://www.google.com/analytics/terms/de.html,
overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and privacy policy: http://www.google.de/intl/de/policies/privacy.
(7) This website also uses Google Analytics for a device-independent analysis of visitor flows that is carried out via a user ID. You can disable cross-device analysis of your usage in your Google Account under "My data", "Personal data".
(8) We have also concluded a contract data processing agreement with Google as a precaution - although no IP is transmitted to Google thanks to the anomyzeIP function
19. Use of Hotjar
(1) This website uses Hotjar, a web analysis tool provided to us by Hotjar Ltd, Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta (hereinafter "Hotjar Ltd.). Interactions of randomly selected individual visitors with the website are recorded anonymously. In addition, information on the operating system, browser, incoming and outgoing links, geographical origin, as well as resolution and type of device are evaluated (also anonymously) for statistical purposes. This creates a protocol of e.g. mouse movements and clicks, with the aim of pointing out possible improvements to the respective website. This information is not personal and will not be passed on by Hotjar to third parties. The legal basis for the use of Hotjar is the consent that you have given us via our cookie banner and can revoke at any time here.
(2) If you do not wish your data to be tracked, you can deactivate this function on all websites using Hotjar by setting the DoNotTrack header in your browser. You can find more information on the following website https://www.hotjar.com/opt-out
For information in German please see: http://www.akademie.de/wissen/do-not-track-datenschutz
(3) You can find a detailed description of the cookies used in connection with the use of Hotjar here.
(4) Further information about Hotjar Ltd. and the Hotjar tool can be found at: https://www.hotjar.com
(5) We have also concluded a contract data processing agreement with Hotjar Ltd. as a precaution - although no IP is transmitted to Hotjar Ltd. thanks to anonymization.
20. Integration of YouTube videos
(1) We and almost all Starters have included YouTube videos in our online offer or campaign descriptions, which are stored at http://www.YouTube.com and can be played directly from our platform. YouTube is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). The videos are all integrated in the "extended data protection mode" or can be integrated by Starters in this way, and are additionally prevented from direct transfer to YouTube by an image file upstream of the video. This means that no data about you as a user will be transferred to YouTube if you do not play the videos. The data mentioned in Section 2 will only be transmitted if you play the videos. We have no influence on the data transfer to Google after the start of the video. The legal basis for data processing when playing the video is your consent pursuant to Art. 6 section 1 p.1 lit. a) GDPR.
(2) Playing a YouTube video on our platform informs Google that you have accessed the corresponding sub-page of our platform. In addition, at least the data specified in 3. of this declaration will be transmitted. You can do this whether you're logged in to your Google Account or not, or even if you don't have a user account. If you are logged in to Google, your information will be directly associated with your account. If you do not wish the data to be associated with your user profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its own website. Such an evaluation takes place in particular (even for not logged in users) for the provision of demand-oriented advertising and to inform other users of the social network about your activities on our platform. You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.
(3) Further information on the purpose and scope of data collection and processing by YouTube can be found in the data protection declaration. It also provides you with more information about your rights and privacy settings: https://www.google.de/intl/de/policies/privacy.
21. Integration of Vimeo videos
(1) We and/or a number of Starters use components of the provider Vimeo as an alternative to YouTube videos on our site. Vimeo is a service of Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. Each time you visit our website equipped with such a component, this component causes the browser you are using to download a corresponding representation of the Vimeo component. If you access such a video on our platform while logged in to Vimeo, Vimeo uses the information collected by the component to identify which specific page you are visiting and associate this information with your personal account at Vimeo. For example, if you click the "Play" button and/or make comments, this information will be transferred to your personal Vimeo account and stored there. In addition, the information that you have visited our site will be passed on to Vimeo. However, this is done by placing an image file in front of the video only if you click on the component. The legal basis for data processing when playing the video is your consent pursuant to Art. 6 section 1 p.1 lit. a) GDPR.
(2) According to its own statement, Vimeo stores personal data only as long as you have an account with Vimeo. If you do not have an account, the data is only stored in anonymized form, so that the GDPR does not apply to this data.
(3) If you want Vimeo to stop this transmission and storage of data about you and your behavior on our website, you must log out of Vimeo before you visit our site. Vimeo's privacy policy provides more detailed information, in particular regarding the collection and use of data by Vimeo: https://vimeo.com/privacy
22. Use of SoundCloud Plugins
(1) We use SoundCloud for the integration of audio material. SoundCloud is operated by SoundCloud Limited, headquartered at 33 St James Square, London SW1Y 4JS, UK.
(2) Every time you visit our website that contains such a component, the component causes the browser you are using to download a corresponding representation of the SoundCloud component. If you start such an audio file on our platform while logged into SoundCloud, SoundCloud uses the information collected by the component to identify which specific page you are visiting and associate this information with your personal account on SoundCloud. For example, if you click the "Play" button and/or make comments, this information will be transferred to your personal SoundCloud account and stored there. In addition, the information that you have visited our site will be shared with SoundCloud. However, this is done by placing an image file in front of the audio file only if you click on the component. The legal basis for the processing is your consent according to Art. 6 section. 1 p. 1 lit. a) GDPR.
(3) If you want SoundCloud to stop this transmission and storage of data about you and your behavior on our website, you must log out of SoundCloud before starting an audio file. SoundCloud's privacy policy provides more detailed information, in particular about SoundCloud's collection and use of data: https://soundcloud.com/pages/privacy
23. Use of Spotify Plugins
(1) We use plugins from "Spotify" an audio streaming platform operated by Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden. For an overview of Spotify plugins, please visit: https://developer.spotify.com
(2) We use Spotify by embedding individual audio files from the platform on our website as a so-called iFrame, so that they can be played on our website as a stream. If you visit a subpage of our website on which a Spotify plugin is embedded and you click the "Play" button, a connection is established to the Spotify servers and the plugin is displayed within our website. Thereupon, this information is transmitted to your personal user account at Spotify and stored there. In addition, the information that you have visited our site is passed on to Spotify. For more information on data protection at Spotify, please visit https://www.spotify.com/de/legal/privacy-policy. The legal basis for the processing is your consent according to Art. 6 section. 1 p. 1 lit. a) GDPR.
24. Login with Facebook
(1) We offer you the option of using your Facebook profile information from your Facebook account to authenticate you to Facebook on our website ("Facebook Connect").
(2) If you choose to register with your Facebook account, Facebook will have access to certain information about your personal information through this interface and will be able to store that information. This includes, but is not limited to, your encrypted email address and other information about your registration on our websites. A listing can be found at: https://developers.facebook.com/docs/permissions/reference. Conversely, we may gain access to your email address, name, profile picture, and other publicly available profile information on Facebook. If you do not agree to this data exchange, you should not use Facebook Connect. You can still log in directly from our website as usual. Further details and what data Facebook collects in detail and what rights you have in this regard can be found at www.facebook.com and in particular in Facebook's Privacy Policy. The social login data will be stored and used as described until a revocation is declared.
(3) The legal basis for the transfer of data in connection with your use of Facebook Connect is the contractual basis with Facebook (Article 6 para. 1 sentence 1 lit. b GDPR) as well as supplementary consent within the framework of the express use of the Facebook Connect function (Article 6 para. 1 sentence 1 lit. a GDPR).
25. Login with Google
(1) We offer you the possibility to authenticate yourself with your Google account on our website ("Google Connect"). The registration takes place via a redirect to the website of Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), where you can log in with your login.
(2) If you decide to register with your Google account, your Google account will be linked to Startnext. We have no influence on the processing of your data at Google. We receive the following information from Google: Last name, first name, email address and profile picture. For more information about Google, please see Google's privacy policy and terms of use, at: https://policies.google.com/privacy?hl=de Legal basis for the processing is your consent according to Art. 6 section. 1 p. 1 lit. a) GDPR.
(3) If you do not agree with this data exchange, you should not use the Google login. You can still log in directly via our website as usual.
(4) The legal basis for the transfer of data in connection with your use of Google is the contractual basis with Google (Article 6 (1) sentence 1 lit. b DS-GVO) and, in addition, the consent in the context of the express use of the Google function (Article 6 (1) sentence 1 lit. a DS-GVO).
26. Use of Cloudflare
CloudFlare is used as a so-called CDN ("Content Delivery Network") to secure this website and optimize loading times. For this reason, all requests relating to our platform are forcibly routed through their servers and consolidated into statistics that cannot be deactivated and stored in the European Union. The collected raw data is usually deleted within 4 hours, at the latest after 3 days. Here you will find information about the data collected there and about security & privacy at CloudFlare. We have concluded a corresponding agreement with Cloudflare (DPA, Data Processing Agreement). The legal basis is Art. 6 Section 1 f GDPR.
27. Use of New Relic
(1) We use New Relic on our website to ensure robust technical platform operation. New Relic allows us to determine whether the website can be accessed and how quickly the page is displayed on your device when accessed. If your browser generates a technical error message, this is transmitted anonymously to New Relic.
(2) For this purpose, your browser connects to the domain bam-cell.nr-data.net operated by New Relic during your visit to Startnext. This transfers information such as your IP address and the type of browser you are using. No data like cookies are stored in the browser. All page views of all visitors are considered together, so that no identification of the actions of a single person is possible. You can find more information on data protection at: https://newrelic.com/termsandconditions/privacy. The legal basis is Art. 6 Section 1 f GDPR.
28. Use of Podigee (Podcast-Hosting)
(1) We use the Podcast Hosting service Podigee of the offerer Podigee UG, Am Walde 2, 56249 Herschbach, Germany. The Podcasts are hosted by Podigee or transferred over Podigee.
(2) The legal basis is Art. 6 Section 1 f GDPR (i.e. interest in a safe and efficient supply, analysis as well as optimization of our Podcast offer).
(3) Podigee processes IP addresses and device information to enable podcast downloads/reproductions and to determine statistical data, such as the number of downloads. This data is anonymised or pseudonymised before it is stored in the Podigee database, provided it is not required for the provision of the podcasts.
(4) Further information and possible objections can be found in Podigee's data protection declaration: https://www.podigee.com/de/about/privacy/.
29. Use of Risk.Ident
1) For our website we use the services of the IT security service provider Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, Germany. All communication between us and Risk.Ident is solely for the purpose of avoiding fraudulent use of our websites. The legal basis for the processing is our legitimate interest in the defense against criminal threats pursuant to Art. 6 (1) p. 1 lit. f) GDPR.
(2) Data storage: Risk.Ident uses cookies and tracking technologies to collect and process specific data from our users regarding the equipment of the end device used ("device-specific data"), raw data from the TCP/IP connection and data about the use of our website. Risk.Ident also collects and processes the IP address of the user, but this is encrypted within a few seconds at Risk.Ident. The information is stored by Risk.Ident in a fraud prevention database.
(3) Data retrieval: When creating, starting or supporting projects, we retrieve a risk assessment from the Risk.Ident database, which has been stored there for the end device used by the user.
This risk assessment is based, among other things, on information about:
(a) whether the user's device is currently communicating or has communicated in the past via a proxy connection,
(b) whether the terminal device has recently dialed in via different Internet service providers,
(c) whether the terminal device had or has a frequently changing geo-reference,
(d) how many Internet transactions have been made via the device within the last time (however, it is not recognizable for us what kind of transactions these were), and
(e) how likely it is that the device stored in the Risk.Ident database is actually that of the user.
The result of this risk assessment helps us to prevent fraud attempts.
(4) Data transmission: Furthermore, we transmit data to Risk.Ident if we become aware that a user has committed or attempted to commit fraud against us. Risk.Ident will be informed of this fact as well as the respective device-specific data of the user.
30. Use of QR Planet GmbH
(1) On the occasion of our monthly launch day, we present QR codes linked to our website in our Zoom Live show. The event participants can buy the rewards directly via the QR code and collect information about the related crowdfunding project.
(2) To create the QR codes we use the QR Code Generator from QR Planet GmbH, Mariahilferstraße 7/2, 1060 Vienna, Austria. Should you use the QR code to access our website, QR Planet processes your IP address as part of QR code tracking to determine where the QR code was scanned. In addition, location data is processed. Afterwards, the IP address is stored anonymously in the database. The data will not be passed on to third parties by QR Planet GmbH.
(3) The data processing is based on your consent pursuant to Art. 6 para. 1 p.1 lit. a) DSGVO. The purpose of the data processing is to inform you about the crowdfunding projects and rewards and to do so in a descriptive and user-friendly manner. The data will be deleted as soon as it is no longer needed for our recording purposes and no legal, contractual or official regulations prevent deletion. You have the option to revoke your consent to data processing at any time. You can also change your browser settings so that no location data is processed. Further information on data processing can be found here: https://qr1.at/privacy