§1 Information on the collection of personal data
(1) In the following we inform you about the collection of personal data when visitors use our platform. Personal data are any data that can be related to you personally, e.g. your name, address, email addresses and (if applicable) your user behavior.
(2) The person responsible in accordance with Art. 4 Section 7 of the EU's General Data Protection Regulation (GDPR) is:
Startnext Crowdfunding GmbH
represented by its Managing Director
(see our legal notice).
You can contact our data protection officer Helmuth Hilse at the following postal address
- Startnext -
Störmthaler Str. 12
For questions regarding the processing of your personal data and your rights regarding data protection, please contact datenschutz (at) startnext.com
(3) When you contact us by email or via a contact form, the data you provide will be processed and saved by us in order to answer your questions. Fields for required information on our contact form are marked by an "*". We delete the data arising in this context after its storage is no longer necessary, or limit the processing if legal storage obligations (e.g. for tax purposes) or other reasons exist for further storage. In the latter case we will separate and restrict access to the data stored due to legal regulations at the latest after one year of storage, unless otherwise stated below. The legal basis for the initial collection of your data is Article 6 Section 1 a GDPR, and for further processing within the framework of contract fulfillment Article 6 Section 1 b GDPR, and (if applicable) further storage for other legal reasons Article 6 Section 1 c GDPR.
(4) If we use contracted service providers for individual functions of our offering or wish to use your data for advertising purposes, we will inform you in detail about the relevant processes below. We also specify the criteria defined for the storage period.
§2 Your rights
(1) With respect to your personal data you have the following rights in relation to us:
- the right to information,
- the right to correction or deletion,
- the right to the restriction of processing,
- the right to object to the processing of your data,
- the right to data transferability.
As a participant you can assert your rights to information and data transferability via the respective function in your user profile. In all other respects you can contact us via the contact data indicated in § 1 Section 2.
(2) You also have the right to complain to a data protection supervisory authority about any - from your point of view - unlawful processing of your personal data by us.
(3) If you have asserted your rights to the correction, deletion or restriction of the processing listed in Section 1, we are obliged to inform all recipients to whom your personal data have been disclosed of the correction or deletion of the data or restriction of the processing requested by you, unless this proves impossible or involves a disproportionate effort. In any case, however, you have the right to be informed about these recipients.
(4) We would like to make it clear that we do not apply any automated decision-making processes in accordance with Article 22 Sections 1 and 4 of the GDPR.
§3 Collection of personal data during a visit (= access) to our platform
(1) If you visit the platform for information purposes only (= access), i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. We use a transmission method based on the SSL protocol (Secure Sockets Layer Protocol: TLS 1.2). If you wish to view our website, we collect the following data, which are technically necessary for us to display our website and to guarantee stability and security (legal basis is Art. 6 Section 1 f GDPR):
- IP address (storage time 7 days)
- date and time of access
- time zone difference to Greenwich Mean Time (GMT)
- content accessed (specific page)
- access status/HTTP status code
- the amount of data transferred in each case
- referrer URL
- operating system and its interface
- language and version of the browser software.
a) This platform uses the following types of cookies, the scope and functionality of which are explained below:
- transient cookies (see b)
- persistent cookies (see c).
You can find a detailed description of the cookies used by us here.
b) Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. These store a so-called session ID, with which different requests from your browser can be assigned to the specific session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser. Persistent cookies are deleted after 365 days at the latest, unless otherwise indicated by the following provisions or our cookie overview page.
d) You can configure your browser settings according to your wishes and refuse to accept third party cookies or all cookies, for example. Please note that if you do so you may not be able to use all the functions of this platform.
§4 Further functions and offers of our platform
(1) In addition to the purely informational use of our platform, we offer various services that you can use if you are interested. As a rule, you must provide further personal data which we use to provide the respective service and to which the above data processing principles apply.
(2) In some cases we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
(3) Furthermore, we may pass on your personal data to third parties if we offer contracts or similar services in conjunction with partners. You will receive more information about this when you provide your personal data or in the description of the offer. As part of hosting our website, we use ProfitBricks GmbH, Greifswalder Str. 207, 10405 Berlin, Germany, whose servers are also located in Germany.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
§5 Objection to or revocation of the processing of your data
(1) If you have given your consent to the processing of your data in individual cases, you can revoke this at any time in the contact data indicated in § 1 Section 2 above or in the legal notice linked there. Such a revocation influences the permissibility of processing your personal data after you have given it to us.
(2) If we base the processing of your personal data on the balancing of interests, you have the right to object to the processing. This is the case if the processing is not necessary in particular for the fulfillment of a contract with you, which is described by us in the following description of the functions involved. If you make such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or modify the data processing or point out to you the compelling reasons on the basis of which we have to continue the processing.
(3) Of course, you can object to any processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your rejection of advertising under the contact data mentioned above under § 1 Section 2 or in the legal notice linked there.
§6 Using the blog functions
(1) You can post public comments in our blog, in which we publish various articles on topics related to our activities, as well as in the blogs and on the pinboards of the starters. Your post will be published with your username. You must be logged in to our platform to post a comment. Posts will not be reviewed before publication. We reserve the right to delete posts if they are objected to as unlawful by third parties. The legal basis for the storage and processing of your posts by us is Article 6 Section 1 a) GDPR
(2) After writing a post, you will be informed when other users leave a comment on the post, as long as you have not deactivated this in your user profile under notification options.
§7 Use of our crowdfunding functions
(1) If you want to use our crowdfunding functions, it is necessary for the conclusion of the contract that you enter your personal data, which we need for the completion of your support or registration. The information requested for registration on the platform and the conclusion and processing of crowdfunding contracts is mandatory.
(2) As a supporter, you can also voluntarily create a customer account (hereinafter referred to as "profile"), which is mandatory if you are a starter, which enables us to store your data for further support later. When you create a profile under "Register", the data you have entered will be saved on a revocable basis. The legal basis for the storage and processing of voluntary data is Art. 6 Section 1 a) GDPR.
(3) If there are contracts with the platform requiring payment, we are obliged under commercial and tax law to store your address, payment and order data for a period of ten years. In addition, we store your data for up to ten years after the end of the crowdfunding campaign in relation to normal statute of limitations provisions, taking into account the earliest possible start of the limitation period, in order to be able to provide assistance in the event of disputes between participants. In the case of unsuccessful campaigns your data will be deleted 3 months after the end of the campaign. In this respect, the legal basis for storage is (subordinated) Art. 6 Section 1 b), c) and f) GDPR.
(4) Within the scope of your legally required verification, we also enable you to compile data for independent transmission to the respective verification partner (e.g. Deutsche Post - postal service), which will be checked by us after receipt of the confirmation. The legal basis in this respect is (subordinated) Art. 6 Section 1 a), b) and f) GDPR.
(5) To prevent unauthorized access to your personal data, especially financial data, the support process is encrypted using TLS technology.
§8 Use of our platform
(1) If you wish to use the advanced functions of our platform, you must register by entering your email address and a password of your choice. Supporters are not required to provide a real name, pseudonymous use is possible. We use the so-called double opt-in procedure for checking your email address, i.e. your registration is not complete until you have previously confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. You must provide your first and last name, email address and password. All other information can be provided voluntarily by using our platform or entering it in your user profile.
(2) If you use our platform, we store the data necessary for the fulfillment of the contract on our part, including information on the chosen method of payment, for the duration of the tax law regulations. The legal basis for this is Art. 6 Section 1 b GDPR. In addition, we store the voluntary data provided by you for the duration of your use of the platform, unless you delete it beforehand. You can manage and change all information in the protected login area. The legal basis for storing and processing the data made available to us voluntarily is primarily Art. 6 Section 1 a) GDPR and secondarily Art. 6 Section 1 f) GDPR.
(3) If you use our platform, your data may become accessible to other users and visitors to the platform in accordance with the contractually agreed service.
a) Simple visitors receive the following standardized information about you: first and last name or user name.
b) All visitors can also see the campaigns they have started themselves. You can also voluntarily extend this display to your supported and favored campaigns.
c) You can also provide the following information in your user profile: Biography, city, country, link to website / blog, Twitter link, Facebook link, Google+ link, profile photo and profile background image.
d) If you post contributions to public groups, these are visible for all visitors.
e) Messages that you send via our message system are only visible to the respective recipient.
(4) To prevent unauthorized access to your personal data, especially financial data, the connection is encrypted using TLS technology.
§9 Data transmission to starters
If you provide your personal data, we are entitled to make the necessary data available to those starters whose campaigns you are financially supporting, so that you can get your rewards. This concerns your first and last name, your address data, your support level, your e-mail address, the selected reward including any selected special options (e.g. size/colour) and the date of the support. The legal basis for this data transfer is Art. 6 Section 1 b) GDPR.
§10 Use of Zammad as a ticket system
(1) We use the ticket system Zammad, a service provided by Zammad GmbH, Marienstraße 11, 10117 Berlin, to process customer inquiries. For this purpose, when you contact us data such as surname, first name, email address and, optionally, any attachment to the message sent to us via our website are recorded so that we can process your inquiry. Zammad GmbH stores the data processed for us in Germany.
(3) If you contact us by email or via the form on the website, we will only use the personal data you provide for processing your specific request. The data provided will be treated confidentially. The data provided and the message history with our team will be stored for a period of six months for follow-up questions and subsequent contact. The data entered in the contact form will be processed on the basis of your consent (Art. 6 Section 1 a GDPR).
(4) We have concluded an agreement with Zammad GmbH. for contract data processing.
(1) With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers.
(2) For the registration to our newsletter we use the so-called double opt-in procedure, unless your email address has already been verified during registration or you subscribe to the newsletter from your account. The double opt-in procedure means that after your registration we will send an email to the email address provided, asking you to confirm that you would like to receive the newsletter. If you do not confirm your registration within 72 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation for a period of one week. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. The legal basis for storing this accompanying data is Art. 6 Section 1 f) GDPR
(3) The information we require to send you the newsletter is your email address and your name. Your name is required so that we can contact you personally. After your confirmation we will save your email address and name for the purpose of sending you the newsletter. The legal basis for saving and processing your email address is Art. 6 Section 1 a) GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe to the newsletter. You can declare your revocation by clicking on the link provided in every newsletter email, or by sending a message to the contact details given in the legal notice.
(5) We use Mailjet GmbH, Rankestr. 21, 10789 Berlin, Germany for the distribution of newsletters and have concluded a contract data processing agreement with them for this purpose.
§12 Payment with Stripe
If you choose a payment method from the payment service provider Stripe, payment will be processed by Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland and Stripe Payments UK, Ltd, 7th Floor, The Bower Warehouse, 211 Old Street, London EC1V 9NR, United Kingdom ("Stripe"). As a starter, by confirming your withdrawal information before starting your crowdfunding, you create an account with Stripe to receive funds for your crowdfunding campaign. The transfer of your data for payment processing or the creation of an account with Stripe is exclusively for the purpose of payment processing with the payment service provider Stripe and for the purpose of fraud prevention by Stripe. Stripe is responsible for the data processing there.
You can find more information about Stripe's data protection at the URL https://stripe.com/de/privacy. The legal basis for the transfer of data to Stripe for the purpose of payment processing is Article 6 para. 1 sentence 1 lit. b) DSGVO. The legal basis for the transfer of data for the purpose of fraud prevention is Art. 6 section 1) sentence 1 f). The legitimate interest is to avoid economic damage through criminal acts and to protect supporters.
§12 Project news
As a supporter, you will receive news from the team about your funding and the project in the form of an update by email via the corresponding Startnext function. Your name and email address from the support form will be processed further in order to send you the newsletter. However, your data will not be passed on to third parties. The legal basis for this is Art. 6 Section 1 b) GDPR.
§13 Use of Mailjet as a contract data processor
(2) Mailjet may use the recipient's data in pseudonymized form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical optimization of the distribution and presentation of the newsletter or for statistical purposes. However, the distribution service does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.
§14 Use of Google Analytics
(1) This platform uses Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how visitors use the site. The information generated by the cookies about your use of this platform is usually transferred to a Google server in the USA and stored there. However, by anonymizing your IP address on this platform, Google will previously truncate your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the platform, to compile reports on website activity and to provide the website operator with further services associated with website and internet use.
(2) The (anonymized) IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data.
Google Analytics will then no longer collect any data from your visit. Opt-out cookies prevent future collection of your data when you visit this platform. In addition, in order to prevent Universal Analytics from collecting data across different devices (on all third party sites), you must download the above opt-out cookie on all systems used.
(4) This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that a personal reference can be ruled out. If any data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user by means of the statistics. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Section 1 f GDPR.
(6) Third party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html,
(7) This website also uses Google Analytics for a device-independent analysis of visitor flows that is carried out via a user ID. You can disable cross-device analysis of your usage in your Google Account under "My data", "Personal data".
(8) We have also concluded a contract data processing agreement with Google as a precaution - although no IP is transmitted to Google thanks to the anomyzeIP function
§15 Use of Hotjar
(1) This website uses Hotjar, a web analysis tool provided to us by Hotjar Ltd, Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta (hereinafter "Hotjar Ltd.). Interactions of randomly selected individual visitors with the website are recorded anonymously. In addition, information on the operating system, browser, incoming and outgoing links, geographical origin, as well as resolution and type of device are evaluated (also anonymously) for statistical purposes. This creates a protocol of e.g. mouse movements and clicks, with the aim of pointing out possible improvements to the respective website. This information is not personal and will not be passed on by Hotjar to third parties.
(2) If you do not wish your data to be tracked, you can deactivate this function on all websites using Hotjar by setting the DoNotTrack header in your browser. You can find more information on the following website https://www.hotjar.com/opt-out
For information in German please see: http://www.akademie.de/wissen/do-not-track-datenschutz
(3) You can find a detailed description of the cookies used in connection with the use of Hotjar here.
(4) Further information about Hotjar Ltd. and the Hotjar tool can be found at: https://www.hotjar.com
(5) We have also concluded a contract data processing agreement with Hotjar Ltd. as a precaution - although no IP is transmitted to Hotjar Ltd. thanks to anonymization.
§16 Integration of YouTube videos
(1) We and almost all Starters have included YouTube videos in our online offer or campaign descriptions, which are stored at http://www.YouTube.com and can be played directly from our platform. YouTube is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). The videos are all integrated in the "extended data protection mode" or can be integrated by Starters in this way, and are additionally prevented from direct transfer to YouTube by an image file upstream of the video. This means that no data about you as a user will be transferred to YouTube if you do not play the videos. The data mentioned in Section 2 will only be transmitted if you play the videos. We have no influence on the data transfer to Google after the start of the video.
(2) Playing a YouTube video on our platform informs Google that you have accessed the corresponding sub-page of our platform. In addition, at least the data specified in § 3 of this declaration will be transmitted. You can do this whether you're logged in to your Google Account or not, or even if you don't have a user account. If you are logged in to Google, your information will be directly associated with your account. If you do not wish the data to be associated with your user profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its own website. Such an evaluation takes place in particular (even for not logged in users) for the provision of demand-oriented advertising and to inform other users of the social network about your activities on our platform. You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.
(3) Further information on the purpose and scope of data collection and processing by YouTube can be found in the data protection declaration. It also provides you with more information about your rights and privacy settings: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§17 Integration of Vimeo videos
(1) We and/or a number of Starters use components of the provider Vimeo as an alternative to YouTube videos on our site. Vimeo is a service of Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA. Each time you visit our website equipped with such a component, this component causes the browser you are using to download a corresponding representation of the Vimeo component. If you access such a video on our platform while logged in to Vimeo, Vimeo uses the information collected by the component to identify which specific page you are visiting and associate this information with your personal account at Vimeo. For example, if you click the "Play" button and/or make comments, this information will be transferred to your personal Vimeo account and stored there. In addition, the information that you have visited our site will be passed on to Vimeo. However, this is done by placing an image file in front of the video only if you click on the component.
§18 Use of SoundCloud Plugins
(1) We use SoundCloud for the integration of audio material. SoundCloud is operated by SoundCloud Limited, headquartered at 33 St James Square, London SW1Y 4JS, UK.
Every time you visit our website that contains such a component, the component causes the browser you are using to download a corresponding representation of the SoundCloud component. If you start such an audio file on our platform while logged into SoundCloud, SoundCloud uses the information collected by the component to identify which specific page you are visiting and associate this information with your personal account on SoundCloud. For example, if you click the "Play" button and/or make comments, this information will be transferred to your personal SoundCloud account and stored there. In addition, the information that you have visited our site will be shared with SoundCloud. However, this is done by placing an image file in front of the audio file only if you click on the component.
§19 Use of Facebook Connect
(1) We offer you the option of using your Facebook profile information from your Facebook account to authenticate you to Facebook on our website ("Facebook Connect").
The legal basis for the transfer of data in connection with your use of Facebook Connect is the contractual basis with Facebook (Article 6 para. 1 sentence 1 lit. b DS-GVO) as well as supplementary consent within the framework of the express use of the Facebook Connect function (Article 6 para. 1 sentence 1 lit. a DS-GVO).
§20 Use of Google+
(1) We offer you the possibility to authenticate yourself with your Google+ profile details of your user account at Google+ on our website ("Google+ Connect").
(2) If you choose to register with your Google+ account, Google+ will use this interface to gain access to certain information about your personal information and the ability to store that information. This includes, but is not limited to, your encrypted email address and other information about your registration on our websites. Conversely, we may gain access to your email address, name, profile picture, and other publicly available profile information on Google+. If you do not agree to this data exchange, you should not use Google+ Connect. You can still log in directly from our website as usual.
The legal basis for the transfer of data in connection with your use of Google+ is the contractual basis with Google (Article 6 para. 1 sentence 1 lit. b DS-GVO) as well as supplementary consent in the context of the express use of the Google+ function (Article 6 para. 1 sentence 1 lit. a DS-GVO).
§21 Links to external websites
Insofar as links are provided to websites of other providers, this data protection declaration does not apply to their content. What data the operators of these pages may collect is beyond our knowledge and sphere of influence. Information about this can be found in the data protection notice of the respective site.
§22 Use of Cloudflare
CloudFlare is used as a so-called CDN ("Content Delivery Network") to secure this website and optimize loading times. For this reason, all requests relating to our platform are forcibly routed through their servers and consolidated into statistics that cannot be deactivated and stored in the European Union. The collected raw data is usually deleted within 4 hours, at the latest after 3 days. Here you will find information about the data collected there and about security & privacy at CloudFlare. We have concluded a corresponding agreement with Cloudflare (DPA, Data Processing Agreement). Cloudflare is a certified participant of the EU-US Privacy Shield Framework. Cloudflare is committed to handling all personal data held by European Union (EU) member states in accordance with the Privacy Shield Framework and its applicable principles. Further information about the Privacy Shield Framework can be found on the US Department of Commerce's Privacy Shield list at [https://www.privacyshield.gov]. The legal basis is Art. 6 Section 1 f GDPR.
§23 Collection of the personal data of customers, prospective customers and suppliers
(2) You are not obliged to provide the aforementioned personal data. The data provided may be required for the conclusion of a contract. Without the provision of the data, it may not be possible to communicate, conclude a contract or process a contract.
(3) On the basis of the applicable legal regulations or a contractual agreement, the data which is relevant in individual cases is transmitted to public authorities if legal regulations take priority and - if you have given your consent or such transmission is permissible on the basis of predominant interests - to external service providers or other contractors and to further external bodies. There is no intention to transfer your data to a recipient in a third country (not an EU/EEA member state) or an international organisation.
(4) The data is deleted 12 months after the respective point in time, as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data provided, this is the case when the conversation with you has ended. The conversation has ended when it can be inferred from the circumstances that the facts in question have been finally clarified. Insofar as the data communicated is subject to retention obligations under tax and commercial law, it will be stored for the duration of the storage obligations of ten years and then deleted, unless you have consented to further storage or if further processing of the data is necessary for the assertion, exercise or defence of legal claims. The legal basis for the processing of personal data for the purpose of fulfilling statutory archiving and storage obligations is Art. 6 Section 1 c) GDPR.
§24 Collection of personal data from job applicants
(1) We only collect your personal data as an applicant for a position if you provide it to us by email, post or telephone. This applies both to applications for job advertisements and unsolicited applications. In this context, we collect the information provided in the application. Depending on the scope of your communications, this may include your name, date of birth, contact details, interests, qualifications and educational and professional background. The personal data collected by you will only be used for the purpose of carrying out the application procedure (the legal basis is then Art. 6 Section 1 a), b) and f) GDPR in conjunction with § 26 of the Federal Data Protection Act - BDSG).
(2) You are not obliged to provide the aforementioned personal data. The data provided may be required for a future contract to be concluded after the application procedure has been completed. Without the provision of the data, it may not be possible to communicate, carry out the application procedure or conclude an (employment) contract.
(3) Data is transmitted to employees of the personnel department, the management and the respective head of department. Your personal data will not be passed on to third parties. There is no intention to transfer your data to a recipient in a third country (not an EU/EEA member state) or an international organisation.
(4) The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. We will therefore retain your application data for 12 months after the application procedure has been completed or, in the event of a rejection, after the rejection decision has been communicated to you. If you have agreed to longer storage, the storage period will be the period covered by your consent. After that we will either delete your data or revoke your consent to further storage - unless any other justification for storage is clearly the case. You have the possibility to revoke your consent to the processing of your personal data at any time. The revocation of consent will not affect the legality of the processing carried out on the basis of the consent prior to revocation.