Crowdfunding since 2010

I. General Rights 

1. Information on the collection of personal data

(1) In the following we inform you about the collection of personal data when visitors use our platform. Personal data are any data that can be related to you personally, e.g. your name, address, email addresses and (if applicable) your user behavior.

(2) The person responsible in accordance with Art. 4 Section 7 of the EU's General Data Protection Regulation (GDPR) is:

Startnext GmbH
represented by its Managing Director
Denis Bartelt
Grundstraße 1
01326 Dresden

(see our legal notice).

You can contact our data protection officer Helmuth Hilse at the following postal address

WS Datenschutz GmbH
Dircksenstraße 51 
10178 Berlin

[email protected]


For questions regarding the processing of your personal data and your rights regarding data protection, please contact datenschutz (at) startnext.com

(3) When you contact us by email or via a contact form, the data you provide will be processed and saved by us in order to answer your questions. Fields for required information on our contact form are marked by an "*". We delete the data arising in this context after its storage is no longer necessary, or limit the processing if legal storage obligations (e.g. for tax purposes) or other reasons exist for further storage. In the latter case we will separate and restrict access to the data stored due to legal regulations at the latest after one year of storage, unless otherwise stated below. The legal basis for the initial collection of your data is Article 6 Section 1 a GDPR, and for further processing within the framework of contract fulfillment Article 6 Section 1 b & f GDPR, and (if applicable) further storage for other legal reasons Article 6 Section 1 c GDPR.

(4) If we use contracted service providers for individual functions of our offering or wish to use your data for advertising purposes, we will inform you in detail about the relevant processes below. We also specify the criteria defined for the storage period.

2. Your rights

(1) With respect to your personal data you have the following rights in relation to us:

  1. the right to information,
  2. the right to correction or deletion,
  3. the right to the restriction of processing,
  4. the right to object to the processing of your data,
  5. the right to data transferability.

As a participant you can assert your rights to information and data transferability via the respective function in your user profile. In all other respects you can contact us via the contact data indicated in 1. Section 2.

(2) You also have the right to complain to a data protection supervisory authority about any - from your point of view - unlawful processing of your personal data by us.

(3) If you have asserted your rights to the correction, deletion or restriction of the processing listed in Section 1, we are obliged to inform all recipients to whom your personal data have been disclosed of the correction or deletion of the data or restriction of the processing requested by you, unless this proves impossible or involves a disproportionate effort. In any case, however, you have the right to be informed about these recipients.

(4) We would like to make it clear that we do not apply any automated decision-making processes in accordance with Article 22 Sections 1 and 4 of the GDPR.

3. Collection of personal data during a visit (= access) to our platform

(1) If you visit the platform for information purposes only (= access), i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. We use a transmission method based on the SSL protocol (Secure Sockets Layer Protocol: TLS 1.2). If you wish to view our website, we collect the following data, which are technically necessary for us to display our website and to guarantee stability and security (legal basis is Art. 6 Section 1 f GDPR):

  1. IP address (storage time 7 days)
  2. date and time of access
  3. time zone difference to Greenwich Mean Time (GMT)
  4.  content accessed (specific page)
  5.  access status/HTTP status code
  6. the amount of data transferred in each case
  7. referrer URL
  8. browser
  9. operating system and its interface
  10. language and version of the browser software.

(2) In addition to the above data, cookies are stored on your computer when you use our platform. Cookies are small text files that are stored on your hard disk in relation to the browser you use and provide certain information to the party which sets them (in this case us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet offering more user-friendly and effective overall. If the use of cookies is necessary in order to enable or further develop our service, the legal basis for their collection is Article 6, Section 1 f GDPR): otherwise Article 6, Section 1 a GDPR):

(3) Use of cookies:

a) This platform uses the following types of cookies, the scope and functionality of which are explained below:

- transient cookies (see b)
- persistent cookies (see c).

You can find a detailed description of the cookies used by us here.

b) Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. These store a so-called session ID, with which different requests from your browser can be assigned to the specific session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser. Persistent cookies are deleted after 365 days at the latest, unless otherwise indicated by the following provisions or our cookie overview page.

d) You can configure your browser settings according to your wishes and refuse to accept third party cookies or all cookies, for example. Please note that if you do so you may not be able to use all the functions of this platform.

4. Objection to or revocation of the processing of your data

(1) If you have given your consent to the processing of your data in individual cases, you can revoke this at any time in the contact data indicated in 1. Section 2 above or in the legal notice linked there. Such a revocation influences the permissibility of processing your personal data after you have given it to us.

(2) If we base the processing of your personal data on the balancing of interests, you have the right to object to the processing. This is the case if the processing is not necessary in particular for the fulfillment of a contract with you, which is described by us in the following description of the functions involved. If you make such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or modify the data processing or point out to you the compelling reasons on the basis of which we have to continue the processing.

(3) Of course, you can object to any processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your rejection of advertising under the contact data mentioned above under 1. Section 2 or in the legal notice linked there.

II. Use of the platform functions  

1. Use of our platform

(1) If you wish to use the closed area of our platform, you must register by entering your email address and a password of your choice. Supporters are not required to use their real names; pseudonymous use is possible. We use the so-called double opt-in procedure to check your e-mail address, i.e. your registration is only complete once you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. You are required to provide your first and last name as well as your email address and password; you can provide all other information voluntarily by using our platform or in your profile.

(2) If you use our platform, we store your data required for the fulfillment of the contract on our part, including information on the selected payment method for the duration of the tax law requirements. The legal basis for this is Art. 6 para. 1 p. 1 lit. b DS-GVO. Furthermore, we store the voluntary data provided by you for the duration of your use of the platform, unless you delete it beforehand. You can manage and change all data in the protected login area. The legal basis for the storage and processing of your voluntary data made available to us is primarily Art. 6 para. 1 p. 1 lit. a) DS-GVO and secondarily Art. 6 para. 1 p. 1 lit. f) DS-GVO.

(3) Each user receives a non-public user account on Startnext. In order to access this, you must confirm your email address that you provided during registration or support and set a password. Such a user account is created purely as an internal system assignment for fraud prevention and to avoid incorrect entries on your part, which could make the delivery of any rewards more difficult. The data transmitted to us as part of the account creation process is not publicly accessible. 

(4) If you use the closed area of the platform, your following data may also become accessible to other users and visitors of the platform:

  • The posts you publish on a project wall as well as your first and last name in connection with them,
  • Posts that you send via our messaging system are only visible to the respective recipient.
  • If you support a project, your first and last name will be made publicly available on the supporter list, unless you support anonymously.

(5) As a starter or as a team member you will receive a publicly visible user profile with the following data from the starting phase:

  • First name & Last name,
  • projects already initiated by yourself or (co-)managed as a team member as well as other projects supported by you and
  • your personal profile (e.g. profile, social media channels).

(6) To prevent unauthorized access by third parties to your personal data, especially financial data, the connection is encrypted using TLS technology.

2. Use of our payment functions

(1) If you want to use our crowdfunding functions, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your support or registration. The information requested for the registration in the platform, the conclusion as well as the processing of the crowdfunding contracts are mandatory data. We process the data you provide to process your support. For this purpose, we may pass on your payment data and - for abuse control - also your IP address to our payment service provider Stripe Technology Europe Ltd, 25-28 North Wall Quay, Dublin 1, Ireland. Stripe then performs a technical check of the risk of non-payment. The personal data exchanged with Stripe is first name, last name, address, email address, IP address, phone number or other data necessary for payment processing. The data is transmitted for the purpose of payment processing and fraud prevention. 

(2) As a starter, when you confirm your payout information before the funding phase begins, you also create an account with Stripe that you can use to receive funds for your crowdfunding campaign.

(3) The legal basis for the processing of this personal data is Art. 6 para. 1 lit. b), c) and f) DSGVO. We will only transfer other personal data to Stripe if there is a legitimate interest for the transfer or if you have given your consent. Stripe's own privacy policy can be accessed by you at https://stripe.com/de/privacy#translation

(4) If there are also contracts with the platform that require payment, we are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. The storage also takes place against the background of the regular statute of limitations, taking into account the earliest possible start of the statute of limitations, in order to be able to provide support in the event of disputes between participants. In addition, we store your address, payment and order data for up to 10 years after the conclusion of the crowdfunding campaign. In the case of unsuccessful campaigns, your address, payment and order data will be deleted 3 months after the end of the campaign. In this respect, the legal basis for the storage is (subordinate) Art. 6 para. 1 p. 1 lit. b), c) and f) DS-GVO.

3. integration of the payment provider PayPal

(1) We offer the option of processing the payment transaction via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). The personal data transmitted to PayPal are regularly first name, last name, address, email address, IP address or other data necessary for payment processing (Art. 6 para. 1 lit b) DSGVO).

The processing of the data provided under this section is not required by law or contract. Without the transmission of your personal data, we cannot carry out a payment via PayPal. You have the option to choose another payment method.

(2) PayPal carries out a credit check for various services to ensure your willingness and ability to pay. This corresponds to the legitimate interest of PayPal (pursuant to Art. 6 para. 1 lit. f) DSGVO) and serves the execution of the contract (pursuant to Art. 6 para. 1 lit. b) DSGVO). For this purpose, your data (name, address and date of birth, bank account details) may be passed on to credit agencies. We have no influence on this process and only receive the result of whether the payment has been made or rejected or a check is pending.

You can find more information about objection and removal options vis-à-vis PayPal at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

(3) Your data will be stored until the completion of payment processing. This includes, in addition to the fulfillment of tax requirements, the period necessary for the processing of any refunds, receivables management and fraud prevention.

4. Using the blog functions

(1) You can post public comments in our blog, in which we publish various articles on topics related to our activities, as well as in the blogs and on the pinboards of the starters. Your post will be published with your username. You must be logged in to our platform to post a comment. Posts will not be reviewed before publication. We reserve the right to delete posts if they are objected to as unlawful by third parties. The legal basis for the storage and processing of your posts by us is Article 6 Section 1 a) GDPR

(2) After writing a post, you will be informed when other users leave a comment on the post, as long as you have not deactivated this in your user profile under notification options. 

5. Startnext-Newsletter

(1) With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers.

(2) For the registration to our newsletter we use the so-called double opt-in procedure, unless your email address has already been verified during registration or you subscribe to the newsletter from your account. The double opt-in procedure means that after your registration we will send an email to the email address provided, asking you to confirm that you would like to receive the newsletter. If you do not confirm your registration within 72 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation for a period of one week. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. The legal basis for storing this accompanying data is Art. 6 Section 1 f) GDPR

(3) The information we require to send you the newsletter is your email address and your name. Your name is required so that we can contact you personally. After your confirmation we will save your email address and name for the purpose of sending you the newsletter. The legal basis for saving and processing your email address is Art. 6 Section 1 a) GDPR.

(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe to the newsletter. You can declare your revocation by clicking on the link provided in every newsletter email, or by sending a message to the contact details given in the legal notice.

(5) We use Mailjet GmbH, Rankestr. 21, 10789 Berlin, Germany for the distribution of newsletters and have concluded a contract data processing agreement with them for this purpose.

6. Project news

(1) As a supporter, you will receive news from the team about your funding and the project in the form of an update by email via the corresponding Startnext function. 

(2) The projects have the possibility to extend the duration once for a maximum of 30 days. If a project you've supported does so, you will receive this information via the corresponding function of Startnext by email.

(3) Your name and email address from the support form will be processed further in order to send you the newsletter. However, your data will not be passed on to third parties. The legal basis for this is Art. 6 Section 1 b) GDPR.

11. A/B Testing

In order to create a better website for you, we carry out A/B tests during your visit to our website. A/B tests involve providing two different versions of a website. So some users will see version A, other users will see version B of the website. This is to determine which version is being liked better by our users, in order to optimize the entire website bit by bit. The legal basis for A/B testing is Art. 6 para. 1 sentence 1 lit. f GDPR. The data collected by A/B Testing is not personal. 

7. Data transmission to starters

If you provide your personal data, we are entitled to make the necessary data available to those starters whose campaigns you are financially supporting, so that you can get your rewards. This concerns your first and last name, your address data, your support level, your e-mail address, the selected reward including any selected special options (e.g. size/colour) and the date of the support. The legal basis for this data transfer is Art. 6 Section 1 b) GDPR.

8. Further functions and offers of our platform

(1) In addition to the purely informational use of our platform, we offer various services that you can use if you are interested. As a rule, you must provide further personal data which we use to provide the respective service and to which the above data processing principles apply.

(2) In some cases we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.

(3) Furthermore, we may pass on your personal data to third parties if we offer contracts or similar services in conjunction with partners. You will receive more information about this when you provide your personal data or in the description of the offer. As part of hosting our website, we use 1&1 IONOS SE Elgendorfer Str. 57 56410 Montabaur, Germany, whose servers are also located in Germany.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

9. Links to external websites

Insofar as links are provided to websites of other providers, this data protection declaration does not apply to their content. What data the operators of these pages may collect is beyond our knowledge and sphere of influence. Information about this can be found in the data protection notice of the respective site.

III. Use of third-party providers

1. Online meetings and webinars with Zoom

To conduct online meetings, workshops and webinars, we use the provider "Zoom" of Zoom Video Communications, Inc. The processing of personal data of meeting participants takes place exclusively in data centers in the European Union. Personal data is not transferred to the USA or any other third country.  

We have concluded an order processing agreement with "Zoom" that includes the EU standard contractual clauses. The data of meeting participants (specified name, specified email address, duration of participation in meetings) are stored for a maximum period of 12 months.  

The legal basis for the use of Zoom is Art. 6 para. 1 lit. b DS-GVO. In the case of "open webinars", it is Art. 6 (1) lit. f DS-GVO. For more information on the processing of personal data at Zoom, please visit https://zoom.us/de-de/gdpr and https://zoom.us/de-de/privacy.html

2. Use of Zammad as a ticket system

(1) We use the ticket system Zammad, a service provided by Zammad GmbH, Marienstraße 11, 10117 Berlin, to process customer inquiries. For this purpose, when you contact us data such as surname, first name, email address and, optionally, any attachment to the message sent to us via our website are recorded so that we can process your inquiry. Zammad GmbH stores the data processed for us in Germany.

(2) For more information about Zammad's data processing please see the Zammad privacy policy at https://zammad.com/de/datenschutz.

(3) If you contact us by email, via the form or chat on the website, we will only use the personal data you provide for processing your specific request. The data provided will be treated confidentially. The data provided and the message history with our team will be stored for a period of six months for follow-up questions and subsequent contact. The data entered in the contact form will be processed on the basis of your consent (Art. 6 Section 1 a GDPR).

(4) We have concluded an agreement with Zammad GmbH. for contract data processing.

3. Use of Mailjet as a contract data processor

(1) Sending emails to the various user groups is a central function of the platform. This ensures that content is communicated promptly and personally. For the purpose of sending emails we use the email dispatch service Mailjet GmbH, Rankestr. 21, 10789 Berlin, Germany. Only the email addresses required for sending the newsletter are transferred and temporarily stored. Email addresses are used exclusively in the context of Startnext and are not passed on to third parties. You can find Mailjet's privacy policy at https://www.mailjet.de/privacy-policy/. The legal basis for the use of the distribution service provider is the consent pursuant to Art. 6 para. 1 p. 1 lit a GDPR. which you can revoke at any time via the newsletter or by email. We have concluded an order processing agreement with Mailjet pursuant to Art. 28 Section 3 Sentence 1 GDPR. We have concluded a contract processing agreement with Mailjet in accordance with Art. 28 Section 3. 1 GDPR.

(2) Mailjet may use the recipient's data in pseudonymized form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical optimization of the distribution and presentation of the newsletter or for statistical purposes. However, the distribution service does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.

(3) According to Mailjet, they store your personal data, only as long as it is necessary to provide its services. Mailjet will delete your data when we delete you from our address file.

4. Use of Sendinblue as a contract data processor

(1) Sending emails to the various user groups is a central function of the platform. This ensures that content is communicated promptly and personally. For the purpose of sending emails we use the email dispatch service Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Only the email addresses required for sending the newsletter are transferred and temporarily stored. Email addresses are used exclusively in the context of Startnext and are not passed on to third parties. You can find Sendinblue's privacy policy at https://www.sendinblue.com/legal/privacypolicy/. The legal basis for the use of the distribution service provider is the consent pursuant to Art. 6 para. 1 p. 1 lit a GDPR. which you can revoke at any time via the newsletter or by email. We have concluded an order processing agreement with Mailjet pursuant to Art. 28 Section 3 Sentence 1 GDPR. We have concluded a contract processing agreement with Sendinblue in accordance with Art. 28 Section 3. 1 GDPR.

(2) Sendinblue may use the recipient's data in pseudonymized form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical optimization of the distribution and presentation of the newsletter or for statistical purposes. However, the distribution service does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.

(3) According to Sendinblue, they store your personal data, only as long as it is necessary to provide its services. Sendinblue will delete your data when we delete you from our address file.

5. Use of Google Analytics

(1) This platform uses Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how visitors use the site. The information generated by the cookies about your use of this platform is usually transferred to a Google server in the USA and stored there. However, by anonymizing your IP address on this platform, Google will previously truncate your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The data is deleted by Google 14, 26, 38 or 50 months after your (last) visit to our website. On behalf of the operator of this website, Google will use this information to evaluate your use of the platform, to compile reports on website activity and to provide the website operator with further services associated with website and internet use.

(2) The (anonymized) IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data.

(3) A detailed description of the cookies used in connection with the use of Google Analytics can be found here

(4) This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that a personal reference can be ruled out. If any data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.

(5) We use Google Analytics to analyze and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user by means of the statistics. In exceptional cases where personal data originating in Europe is transferred to the USA, the EU standard contractual clauses that we have concluded with Google apply. The legal basis for the use of Google Analytics is the consent that you have given us via our cookie banner and can revoke at any time here.

(6) Third party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms of use: http://www.google.com/analytics/terms/de.html,
overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and privacy policy: http://www.google.de/intl/de/policies/privacy.

(7) This website also uses Google Analytics for a device-independent analysis of visitor flows that is carried out via a user ID. You can disable cross-device analysis of your usage in your Google Account under "My data", "Personal data".

(8) We have also concluded a contract data processing agreement with Google as a precaution - although no IP is transmitted to Google thanks to the anomyzeIP function

6. Use of Matomo

(1) In order to constantly improve our platform, we use the statistic analysis tool "Matomo" (formerly "Piwik") to analyze the use of our website. The statistics obtained allow us to regularly improve our services and make it more interesting for you as a user. We use "Matomo" according to Art. 6 para. 1 p. 1 lit. f) GDPR for the purpose of analyzing user behavior in order to continuously improve the Startnext platform.

(2) Cookies are stored on your computer for this analysis. We store the information collected in this way exclusively on our server. The evaluation can be prevented by deleting existing cookies and preventing the storage of cookies. If the storage of cookies is prevented, we point out that our platform may not be fully usable. Preventing the storage of cookies is possible through the setting in your browser. If you do not want your navigation to be evaluated anonymously by "Matomo", you can deactivate this function. You can decide here whether a unique web analysis cookie may be stored in your browser to enable the website operator to collect and analyze various statistical data.

For information to activate the Do Not Track Header, please visit https://www.eff.org/de/deeplinks/2012/06/how-turn-do-not-track-your-browser 


7. Use of Hotjar

(1) This website uses Hotjar, a web analysis tool provided to us by Hotjar Ltd, Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta (hereinafter "Hotjar Ltd.). Interactions of randomly selected individual visitors with the website are recorded anonymously. In addition, information on the operating system, browser, incoming and outgoing links, geographical origin, as well as resolution and type of device are evaluated (also anonymously) for statistical purposes. This creates a protocol of e.g. mouse movements and clicks, with the aim of pointing out possible improvements to the respective website. This information is not personal and will not be passed on by Hotjar to third parties. The legal basis for the use of Hotjar is the consent that you have given us via our cookie banner and can revoke at any time here.

(2) If you do not wish your data to be tracked, you can deactivate this function on all websites using Hotjar by setting the DoNotTrack header in your browser. You can find more information on the following website https://www.hotjar.com/opt-out

For information in German please see: http://www.akademie.de/wissen/do-not-track-datenschutz

(3) You can find a detailed description of the cookies used in connection with the use of Hotjar here.

(4) Further information about Hotjar Ltd. and the Hotjar tool can be found at: https://www.hotjar.com

(5) We have also concluded a contract data processing agreement with Hotjar Ltd. as a precaution - although no IP is transmitted to Hotjar Ltd. thanks to anonymization.

8. Integration of YouTube videos

(1) We and almost all Starters have included YouTube videos in our online offer or campaign descriptions, which are stored at http://www.YouTube.com and can be played directly from our platform. YouTube is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). The videos are all integrated in the "extended data protection mode" or can be integrated by Starters in this way, and are additionally prevented from direct transfer to YouTube by an image file upstream of the video. This means that no data about you as a user will be transferred to YouTube if you do not play the videos. The data mentioned in Section 2 will only be transmitted if you play the videos. We have no influence on the data transfer to Google after the start of the video. The legal basis for data processing when playing the video is your consent pursuant to Art. 6 section 1 p.1 lit. a) GDPR.

(2) Playing a YouTube video on our platform informs Google that you have accessed the corresponding sub-page of our platform. In addition, at least the data specified in 3. of this declaration will be transmitted. You can do this whether you're logged in to your Google Account or not, or even if you don't have a user account. If you are logged in to Google, your information will be directly associated with your account. If you do not wish the data to be associated with your user profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its own website. Such an evaluation takes place in particular (even for not logged in users) for the provision of demand-oriented advertising and to inform other users of the social network about your activities on our platform. You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.

(3) Further information on the purpose and scope of data collection and processing by YouTube can be found in the data protection declaration. It also provides you with more information about your rights and privacy settings: https://www.google.de/intl/de/policies/privacy.

9. Integration of Vimeo videos

(1) We and/or a number of Starters use components of the provider Vimeo as an alternative to YouTube videos on our site. Vimeo is a service of Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. Each time you visit our website equipped with such a component, this component causes the browser you are using to download a corresponding representation of the Vimeo component. If you access such a video on our platform while logged in to Vimeo, Vimeo uses the information collected by the component to identify which specific page you are visiting and associate this information with your personal account at Vimeo. For example, if you click the "Play" button and/or make comments, this information will be transferred to your personal Vimeo account and stored there. In addition, the information that you have visited our site will be passed on to Vimeo. However, this is done by placing an image file in front of the video only if you click on the component. The legal basis for data processing when playing the video is your consent pursuant to Art. 6 section 1 p.1 lit. a) GDPR.

(2) According to its own statement, Vimeo stores personal data only as long as you have an account with Vimeo. If you do not have an account, the data is only stored in anonymized form, so that the GDPR does not apply to this data.

(3) If you want Vimeo to stop this transmission and storage of data about you and your behavior on our website, you must log out of Vimeo before you visit our site. Vimeo's privacy policy provides more detailed information, in particular regarding the collection and use of data by Vimeo: https://vimeo.com/privacy

10. Use of SoundCloud Plugins

(1) We use SoundCloud for the integration of audio material. SoundCloud is operated by SoundCloud Limited, headquartered at 33 St James Square, London SW1Y 4JS, UK.

(2) Every time you visit our website that contains such a component, the component causes the browser you are using to download a corresponding representation of the SoundCloud component. If you start such an audio file on our platform while logged into SoundCloud, SoundCloud uses the information collected by the component to identify which specific page you are visiting and associate this information with your personal account on SoundCloud. For example, if you click the "Play" button and/or make comments, this information will be transferred to your personal SoundCloud account and stored there. In addition, the information that you have visited our site will be shared with SoundCloud. However, this is done by placing an image file in front of the audio file only if you click on the component. The legal basis for the processing is your consent according to Art. 6 section. 1 p. 1 lit. a) GDPR.

(3) If you want SoundCloud to stop this transmission and storage of data about you and your behavior on our website, you must log out of SoundCloud before starting an audio file. SoundCloud's privacy policy provides more detailed information, in particular about SoundCloud's collection and use of data: https://soundcloud.com/pages/privacy

11. Use of Spotify Plugins

(1) We use plugins from "Spotify" an audio streaming platform operated by Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden. For an overview of Spotify plugins, please visit: https://developer.spotify.com

(2) We use Spotify by embedding individual audio files from the platform on our website as a so-called iFrame, so that they can be played on our website as a stream. If you visit a subpage of our website on which a Spotify plugin is embedded and you click the "Play" button, a connection is established to the Spotify servers and the plugin is displayed within our website. Thereupon, this information is transmitted to your personal user account at Spotify and stored there. In addition, the information that you have visited our site is passed on to Spotify. For more information on data protection at Spotify, please visit https://www.spotify.com/de/legal/privacy-policy. The legal basis for the processing is your consent according to Art. 6 section. 1 p. 1 lit. a) GDPR.

12. Login with Facebook

(1) We offer you the option of using your Facebook profile information from your Facebook account to authenticate you to Facebook on our website ("Facebook Connect").

(2) If you choose to register with your Facebook account, Facebook will have access to certain information about your personal information through this interface and will be able to store that information. This includes, but is not limited to, your encrypted email address and other information about your registration on our websites. A listing can be found at: https://developers.facebook.com/docs/permissions/reference. Conversely, we may gain access to your email address, name, profile picture, and other publicly available profile information on Facebook. If you do not agree to this data exchange, you should not use Facebook Connect. You can still log in directly from our website as usual. Further details and what data Facebook collects in detail and what rights you have in this regard can be found at www.facebook.com and in particular in Facebook's Privacy Policy. The social login data will be stored and used as described until a revocation is declared.

(3) The legal basis for the transfer of data in connection with your use of Facebook Connect is the contractual basis with Facebook (Article 6 para. 1 sentence 1 lit. b GDPR) as well as supplementary consent within the framework of the express use of the Facebook Connect function (Article 6 para. 1 sentence 1 lit. a GDPR).

13. Login with Google

(1) We offer you the possibility to authenticate yourself with your Google account on our website ("Google Connect"). The registration takes place via a redirect to the website of Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), where you can log in with your login. 

(2) If you decide to register with your Google account, your Google account will be linked to Startnext. We have no influence on the processing of your data at Google. We receive the following information from Google: Last name, first name, email address and profile picture. For more information about Google, please see Google's privacy policy and terms of use, at: https://policies.google.com/privacy?hl=de Legal basis for the processing is your consent according to Art. 6 section. 1 p. 1 lit. a) GDPR.  

(3) If you do not agree with this data exchange, you should not use the Google login. You can still log in directly via our website as usual. 

(4) The legal basis for the transfer of data in connection with your use of Google is the contractual basis with Google (Article 6 (1) sentence 1 lit. b DS-GVO) and, in addition, the consent in the context of the express use of the Google function (Article 6 (1) sentence 1 lit. a DS-GVO). 

14. Use of Cloudflare

CloudFlare is used as a so-called CDN ("Content Delivery Network") to secure this website and optimize loading times. For this reason, all requests relating to our platform are forcibly routed through their servers and consolidated into statistics that cannot be deactivated and stored in the European Union. The collected raw data is usually deleted within 4 hours, at the latest after 3 days. Here you will find information about the data collected there and about security & privacy at CloudFlare. We have concluded a corresponding agreement with Cloudflare (DPA, Data Processing Agreement). The legal basis is Art. 6 Section 1 f GDPR.

15. Use of New Relic

(1) We use New Relic on our website to ensure robust technical platform operation. New Relic allows us to determine whether the website can be accessed and how quickly the page is displayed on your device when accessed. If your browser generates a technical error message, this is transmitted anonymously to New Relic. 

(2) For this purpose, your browser connects to the domain bam-cell.nr-data.net operated by New Relic during your visit to Startnext. This transfers information such as your IP address and the type of browser you are using. No data like cookies are stored in the browser. All page views of all visitors are considered together, so that no identification of the actions of a single person is possible. You can find more information on data protection at: https://newrelic.com/termsandconditions/privacy. The legal basis is Art. 6 Section 1 f GDPR.

16. Use of Podigee (Podcast-Hosting)

(1) We use the Podcast Hosting service Podigee of the offerer Podigee UG, Am Walde 2, 56249 Herschbach, Germany. The Podcasts are hosted by Podigee or transferred over Podigee.

(2) The legal basis is Art. 6 Section 1 f GDPR (i.e. interest in a safe and efficient supply, analysis as well as optimization of our Podcast offer).

(3) Podigee processes IP addresses and device information to enable podcast downloads/reproductions and to determine statistical data, such as the number of downloads. This data is anonymised or pseudonymised before it is stored in the Podigee database, provided it is not required for the provision of the podcasts.

(4) Further information and possible objections can be found in Podigee's data protection declaration: https://www.podigee.com/de/about/privacy/.

17. Use of Risk.Ident

1) For our website we use the services of the IT security service provider Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, Germany. All communication between us and Risk.Ident is solely for the purpose of avoiding fraudulent use of our websites. The legal basis for the processing is our legitimate interest in the defense against criminal threats pursuant to Art. 6 (1) p. 1 lit. f) GDPR. 

(2) Data storage: Risk.Ident uses cookies and tracking technologies to collect and process specific data from our users regarding the equipment of the end device used ("device-specific data"), raw data from the TCP/IP connection and data about the use of our website. Risk.Ident also collects and processes the IP address of the user, but this is encrypted within a few seconds at Risk.Ident. The information is stored by Risk.Ident in a fraud prevention database. 

(3) Data retrieval: When creating, starting or supporting projects, we retrieve a risk assessment from the Risk.Ident database, which has been stored there for the end device used by the user.

This risk assessment is based, among other things, on information about:

(a) whether the user's device is currently communicating or has communicated in the past via a proxy connection,

(b) whether the terminal device has recently dialed in via different Internet service providers,

(c) whether the terminal device had or has a frequently changing geo-reference,

(d) how many Internet transactions have been made via the device within the last time (however, it is not recognizable for us what kind of transactions these were), and

(e) how likely it is that the device stored in the Risk.Ident database is actually that of the user.

The result of this risk assessment helps us to prevent fraud attempts.


(4) Data transmission: Furthermore, we transmit data to Risk.Ident if we become aware that a user has committed or attempted to commit fraud against us. Risk.Ident will be informed of this fact as well as the respective device-specific data of the user.

18. Use of QR Planet GmbH

(1) On the occasion of our monthly launch day, we present QR codes linked to our website in our Zoom Live show. The event participants can buy the rewards directly via the QR code and collect information about the related crowdfunding project.

(2) To create the QR codes we use the QR Code Generator from QR Planet GmbH, Mariahilferstraße 7/2, 1060 Vienna, Austria. Should you use the QR code to access our website, QR Planet processes your IP address as part of QR code tracking to determine where the QR code was scanned. In addition, location data is processed. Afterwards, the IP address is stored anonymously in the database. The data will not be passed on to third parties by QR Planet GmbH.

(3) The data processing is based on your consent pursuant to Art. 6 para. 1 p.1 lit. a) DSGVO. The purpose of the data processing is to inform you about the crowdfunding projects and rewards and to do so in a descriptive and user-friendly manner. The data will be deleted as soon as it is no longer needed for our recording purposes and no legal, contractual or official regulations prevent deletion. You have the option to revoke your consent to data processing at any time. You can also change your browser settings so that no location data is processed. Further information on data processing can be found here: https://qr1.at/privacy 

IV. Notes regarding general communication; job applicants

1. Collection of the personal data of customers, prospective customers and suppliers

(1) We only collect your personal data as a customer, prospective customer or supplier if you provide it to us by email, post or telephone. We then collect the information that is generated when you contact us. This includes in particular any names and transmitted contact data, the date and the reason for the establishment of contact. The personal data collected from you will only be used for the purpose of providing you with the desired products or services and of corresponding with you (legal basis Art. 6 Section 1 b) GDPR), or for other purposes for which you have given your consent (legal basis Art. 6 Section 1 a) GDPR) and which are described in this privacy policy. You have the possibility to revoke your consent to the processing of your personal data at any time.

(2) You are not obliged to provide the aforementioned personal data. The data provided may be required for the conclusion of a contract. Without the provision of the data, it may not be possible to communicate, conclude a contract or process a contract.

(3) On the basis of the applicable legal regulations or a contractual agreement, the data which is relevant in individual cases is transmitted to public authorities if legal regulations take priority and - if you have given your consent or such transmission is permissible on the basis of predominant interests - to external service providers or other contractors and to further external bodies. There is no intention to transfer your data to a recipient in a third country (not an EU/EEA member state) or an international organisation.

(4) The data is deleted 12 months after the respective point in time, as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data provided, this is the case when the conversation with you has ended. The conversation has ended when it can be inferred from the circumstances that the facts in question have been finally clarified. Insofar as the data communicated is subject to retention obligations under tax and commercial law, it will be stored for the duration of the storage obligations of ten years and then deleted, unless you have consented to further storage or if further processing of the data is necessary for the assertion, exercise or defence of legal claims. The legal basis for the processing of personal data for the purpose of fulfilling statutory archiving and storage obligations is Art. 6 Section 1 c) GDPR.

2. Collection of personal data from job applicants

(1) We only collect your personal data as an applicant for a position if you provide it to us by email, post or telephone. This applies both to applications for job advertisements and unsolicited applications. In this context, we collect the information provided in the application. Depending on the scope of your communications, this may include your name, date of birth, contact details, interests, qualifications and educational and professional background. The personal data collected by you will only be used for the purpose of carrying out the application procedure (the legal basis is then Art. 6 Section 1 a), b) and f) GDPR in conjunction with § 26 of the Federal Data Protection Act - BDSG).

(2) You are not obliged to provide the aforementioned personal data. The data provided may be required for a future contract to be concluded after the application procedure has been completed. Without the provision of the data, it may not be possible to communicate, carry out the application procedure or conclude an (employment) contract.

(3) Data is transmitted to employees of the personnel department, the management and the respective head of department. Your personal data will not be passed on to third parties. There is no intention to transfer your data to a recipient in a third country (not an EU/EEA member state) or an international organisation.

(4) The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. We will therefore retain your application data for 6 months after the application procedure has been completed or, in the event of a rejection, after the rejection decision has been communicated to you. If you have agreed to longer storage, the storage period will be the period covered by your consent. After that we will either delete your data or revoke your consent to further storage - unless any other justification for storage is clearly the case. You have the possibility to revoke your consent to the processing of your personal data at any time. The revocation of consent will not affect the legality of the processing carried out on the basis of the consent prior to revocation.

Status: August 2022