Privacy Policy MSC Hub

The MSC Startup Hub is a joint venture of the Stiftung Münchner Sicherheitskonferenz (gemeinnützige) GmbH, UnternehmerTUM GmbH and TUM Venture Labs Management gGmbH as so-calles joint Controller of this website.

Due to the cooperation between the aforementioned entities, we jointly process the personal data of visitors to this website. This includes data that is processed when visiting this website as described in this privacy policy below, as well as data that we process in connection with your interest in joint events.

In this privacy policy, we provide information about data protection and, in particular, the processing of your personal data in connection with your use of the MSC Hub platform, as well as joint responsibility. We also explain your rights. The subject of data protection is exclusively personal data. This is individual information about the personal or factual circumstances of an identified or identifiable natural person. This includes, for example, information such as first and last name, postal address, email address or telephone number, but also usage data, if applicable.

Usage data is data that is necessary to use our websites, such as information about the start, end and scope of use of our website, as well as login data.

UnternehmerTUM and TUM Venture Labs are responsible for processing the data on the website, including the collection of cookies for analysis and statistical purposes, as well as for any rights of data subjects.

The protection and confidentiality of your personal data is of particular importance to us. The collection and use of your personal data during use is therefore carried out exclusively in accordance with the legal provisions of the applicable data protection law, in particular in accordance with the EU General Data Protection Regulation (GDPR), the new Federal Data Protection Act (BDSG-neu), the Telecommunications and Telemedia Data Protection Act (TTDSG) and the applicable country-specific data protection regulations.

I. Joint Controllership

The following parties have jointly determined the purposes and means of data processing and are therefore jointly responsible for the processing of personal data, Art. 26 (1) sentence 1 GDPR.

Stiftung Münchner Sicherheitskonferenz (gemeinnützige) GmbH
Karolinenplatz 3
80333 Munich, Germany

UnternehmerTUM GmbH
Lichtenbergstraße 6
85748 Garching
info@unternehmertum.de

TUM Venture Labs Management gGmbH
Lichtenbergstraße 6
85748 Garching
contact@tum-venture-labs.de

- hereinafter also collectively referred to as "the parties”-

II. Contact details of the data protection officers

Data Protection Officer of UnternehmerTUM GmbH and TUM Venture Labs:
Alexander Stolberg-Stolberg
SVF Lawyers
Oberanger 30
80331 Munich
stolberg@unternehmertum.de

Data Protection Officer of Stiftung Münchner Sicherheitskonferenz (gemeinnützige) GmbH:
Herrn Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
anfragen@projekt29.de

Joint controllership
To safeguard your rights and comply with the provisions of the GDPR, we have entered into an agreement that sets out rules for the processing of your personal data. As joint controllers (pursuant to Art. 26 GDPR), we are jointly responsible for the processing of your data. We have jointly agreed on how we will safeguard your rights and specified in more detail which obligations each party will fulfill in order to comply with the GDPR. This applies in particular to the exercise of
the rights of data subjects and the fulfillment of the information obligations under Articles 13 and 14 GDPR.
You can contact each Controller involved in the processing of your data, individually and assert your rights. We support each other in processing your requests.

III. Obligation to provide data on this website

You can visit this website without providing any personal information. Entering data – if applicable - is voluntary and not mandatory. You decide for yourself what data you provide when using the site. However, if you use services via this website, this usually requires you to provide your personal data. It is also necessary for you to provide certain data in order to complete the application/registration process. We will indicate when it is mandatory for you to enter data.

IV. Common purposes and means of data processing

The purpose of the processing is to build a joint ecosystem in the area of start-up support around the Technische Universität München, its associated institute UnternehmerTUM and the joint TUM Venture Labs Initiative. Those interested in founding, founders and alumni are to be guided through this ecosystem in a targeted and efficient manner so that they can be provided with the best possible support geared to their respective needs. The basis of such a joint ecosystem and its customer and stakeholder orientation is a uniform, resilient database with regard to the offers of the parties and the individuals and founding teams participating in them. The collected and processed data shall be used for the implementation of programmes, formats and events including advisory meetings as well as for sending information (e.g. about competitions, support and qualification offers, teaching events, infrastructure, events and event invitations, feedback opportunities). Furthermore, the collected and processed data shall be used for analysis and evaluation as well as reporting purposes, for marketing activities, for transfer within the ecosystem for the mediation of offers, for sending personalised addresses (e.g. for experts, mentors, speakers) and for recruiting for vacant staff positions within the ecosystem.
The data stored on the basis of consent will be processed for the above purpose. For this purpose, the data is stored in particular in the IT infrastructure of UnternehmerTUM GmbH and stored in shared databases. The data is collected and entered by the party responsible for the respective section of the ecosystem journey (e.g. a qualification offer, a consulting service, an event or the provision of infrastructure). A certain amount of data that is relevant for the entire ecosystem journey will be visible and usable for all parties involved (e.g. contact and account data, pitch decks, overview of contact points within the ecosystem journey, information from advisory meetings and on company and team developments). The data collected and processed will not be passed on to third parties outside the three contracting parties involved in the ecosystem.

V. Legal basis

Article 6 I lit. a GDPR serves as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary for the performance of pre-contractual measures, for example in the case of enquiries about our products or services.
If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. Individual processing operations may be based on Art. 6 I lit. f GDPR if none of the aforementioned legal bases apply and the processing is necessary to protect a legitimate interest, provided that the interests, fundamental rights and freedoms of the data subject are not
overridden.

VI. Newsletter

We use Mailchimp by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send the newsletter and other information on the ecosystem. This allows us to contact customers and interested individuals directly. In addition, we analyse your usage behaviour in order to optimise our offer. For this purpose, we pass on the e- mail address provided to Mailchimp. Mailchimp is the recipient of your personal data and acts as a processor for us as far as the sending of our newsletter is concerned. The processing of the data provided in this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot send out a newsletter to you. In addition, Mailchimp collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g. which emails / web pages were opened). Mailchimp needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of misuse. This corresponds to the legitimate interest of Mailchimp (according to Art. 6 para. 1 lit. f GDPR) and serves the execution of the contract (according to Art. 6 para. 1 lit. b GDPR). Mailchimp also evaluates performance data, such as email delivery statistics and other communication data. This information is used to create usage and performance statistics for the services. Mailchimp also collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third party data providers. We have no influence on this process. You can find further information on objection and removal options vis-à-vis Mailchimp at:
https://mailchimp.com/legal/pr...
The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the specified contact options. The declaration of revocation does not affect the lawfulness of the processing carried out to date.
Your data will be processed as long as a corresponding consent has been given. Apart from that, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary. Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Mailchimp processes personal data of individuals in the EU. These measures are based on the EU Standard
Contractual Clauses (SCCs). For more information, please visit: https://mailchimp.com/legal/da... processing-addendum/

VII. Event management software

We use the software ERADIANT to send invitations:
Responsible for content:
ECENT GmbH
Zentnerstr. 1,
80798 Munich

Ecent's terms and conditions can be found here: https://ecent.eu/agb. Further information on Ecent's data protection policy can be found here: https://eradiant.eu/privacy-po...

Pretix
Within our event offer, functions and contents of the service pretix are offered, provided by:
rami.io GmbH
Berthold-Mogel-Straße 1
69126 Heidelberg
Heidelberg, Germany
This includes the ticket shop, which is integrated via a JavaScript widget. When you buy a ticket, pretix uses a technically necessary cookie to enable the ordering process and to remember which shopping basket belongs to you. The cookie is set as soon as you interact with the widget. pretix does not store IP addresses, browser information or other unnecessary metadata beyond the duration of your request. Further information on data protection at pretix can be found here: https://pretix.eu/about/de/pri...

VIII. Responsibilities for individual phases of data processing

1. Collection and storage of personal data

The personal data collected is stored in a shared database. We use the service provider Salesforce for this purpose.
The operating company of Salesforce is:
Salesforce.com Germany GmbH
Erika Mann Str. 31
80636 Munich
Germany.
Salesforce's privacy policy can be viewed here: https://www.salesforce.com/de/....

We are supported by an agency in the administration and maintenance of the database. These are:
cloudworx GmbH
Rupert-Mayer-Straße 44, Building 64.07a
81379 Munich
The privacy policy of cloudworx can be viewed here:
https://www.cloudworx.agency/d...

2. Disclosure of personal data

The data collected within the scope of joint responsibility will not be disclosed to third parties without express consent or the existence of another legal basis within the meaning of Art. 6 GDPR.

3. use of personal data

The above-mentioned parties involved in the ecosystem may use the data for the purposes mentioned under point III. insofar as the data subject has consented to the corresponding use or other legal bases within the meaning of Art. 6 GDPR apply.


4. responsibility for data processing

The above-mentioned parties involved in the ecosystem are jointly responsible for the lawfulness of all data processing operations, notwithstanding the details of the joint responsibility agreement pursuant to Art. 26(1) GDPR.
Within the framework of joint responsibility, the parties involved have also agreed on the following responsibilities:

Process section:
Provision and maintenance of the database management system(Salesforce), information to data subjects, deletion according todeletion deadlines or on request, statistics
Responsible:
UnternehmerTUM GmbH

Process section:
Exercise of the information obligations in the event of a personal data breach
Responsible:
UnternehmerTUM GmbH, TUM Venture Labs Management gGmbH

Process section:
Collecting and entering data
Responsible:
UnternehmerTUM GmbH, TUM Venture Labs Management gGmbH

Process section:
Use of the data in accordance with the General Consent for the primary use cases in accordance with the purpose of the data processing stated under point III.
Responsible:
UnternehmerTUM GmbH, TUM Venture Labs Management gGmbH

The contact addresses of the parties for the purpose of notifying the respective responsible persons can be found in sections I. and II. of this privacy statement.

IX. Data subjects' rights

The following obligations exist for the exercise of the rights of the data subjects:


1. fulfilment of the information obligations

All parties involved in the ecosystem ensure compliance with the information obligations when collecting personal data pursuant to Art. 13 GDPR (collection from the data subject) and Art. 14 GDPR (collection not from the data subject). For this purpose, we provide the information required in each case free of charge in a precise, transparent, comprehensible and easily accessible form in clear and simple language.

2. processing and responding to requests for the exercise of data subjects' rights

Data subjects may contact any party involved in the ecosystem to exercise their respective data subject rights. In such a case, the other parties involved in the ecosystem are obliged to forward the data subject's request to the other parties involved.

3. security of data processing

The parties involved in the ecosystem shall ensure that all appropriate technical and organisational measures are implemented in such a way that the data processing is carried out in accordance with the requirements of applicable data protection regulations (in particular the GDPR) and ensures the protection of the rights of the data subject.

4. the use of processors

The parties involved in the ecosystem may use the services of third parties to process data on their behalf ("processors").
Currently, these are Salesforce.com Germany GmbH and cloudworx GmbH (cf. Section VI.1 of this data protection declaration).

Newsletter
Get Monthly Updates

Your bite of the innovation scene: stay up to date with news from the UnternehmerTUM network and our event recommendations and discover which startups are up and coming now.
You'll find our privacy policy with information on logging your registration, mailings via Mailchimp, statistical analysis, and unsubscribe options here.