PRIVACY STATEMENT

General

The provider (in the following also referred to as “we”) of this website is coparion GmbH & Co. KG, Ottoplatz 6, 50679 Köln (im Folgenden: „provider“ or „we“). In this document we fulfill our legal obligation according to Art. 13 and 14 GDPR to provide information about the processing of your personal data:

The provider collects, uses and stores your personal data in accordance with the EU General Data Protection Regulation (GDPR), the German Data Protection Act (“Bundesdatenschutzgesetz”) and the German Telemedia Act (“Telemediengesetz”). Personal data means any information relating to an identified or identifiable natural person. Below we inform you about the type, extent and purpose of the collection and use of personal data.   

 

Which data are being processed and what are the sources of these data?

We process personal data (Art. 4 Nr. 1 GDPR) which we receive in the course of doing business as a venture capital fund. We also process – insofar as necessary for our business – data which we have permissibly received from publicly available sources (e.g. from the internet or from the commercial register). Personal data includes personal information (name, address and contact data, the company the person runs or owns, the position within the company).

 

For what purpose and are the data processed?

We process personal data in order to be able to provide our services as a VC fund. Therefore, we are regularly looking for start-ups with interesting business models and process personal data of start-up team members in order to analyse the relevant markets and to prepare the investment. Therefore, we store data in our email-system as well as in our CRM System (Pipedrive, Nimble) in order to be able to communicate with you.

 

On what legal basis are the data processed?

a) Processing personal data to fulfil contractual obligations (Art. 6 para. 1 a GDPR):

If you send us your information about you and your company and we assume your consent that we process your personal data (Art. 4 Nr. 2 GDPR). with your consent.

b) Processing personal data to fulfil contractual obligations (Art. 6 para. 1 b GDPR):

If we enter into a contractual relation (including the initiation of contractual relation) the processing of personal data takes place for the provision of our services as cloud software provider to Art. 6 para. 1 b GDPR.

c) Processing personal data to fulfil legal requirements (Art. 6 para. 1 c GDPR):

In the event that our company is subject to a legal obligation which requires the processing of personal data, such as for example the fulfilment of tax obligations, the processing of personal data is made pursuant to Art. 6 para. 1 lit. c GDPR.

d) Processing personal data according to Art. 6 para. 1 f GDPR:

We process personal data from publicly available sources because this is necessary to be able to run a VC fund.

 

Information about the transfer of personal data to a third country

We use various cloud services as part of our service, i.e. US-based providers or providers from other states outside EU/EEA who also process personal data (name, email-address or other) on our behalf.  (Microsoft Corporation, One Microsoft Way. Redmond, WA 98052-7329, USA; (details regarding the processing of personal data you find here: https://privacy.microsoft.com) und Pipedrive Inc, 460 Park Ave South, New York, NY 10016, USA (details regarding the processing of personal data you find here: https://www.pipedrive.com/en/privacy) und Nimble, 3122 Santa Monica Boulevard, Santa Monica, CA 90404, USA (details regarding the processing of personal data you find here: https://www.nimble.com/company/privacy/). We expressly point out that, with regard to the USA, no adequacy decision of the European Commission has been issued so far.

We will only transfer personal data to a provider in the USA if this transmission is permitted in accordance with the so-called Privacy Shield Agreement and / or the transmission is legitimized by standard data protection clauses (standard contractual clauses). The guarantees for privacy shield can be found here:

https://www.privacyshield.gov/EU-US-Framework

The standard contract clauses can be found here:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF

 

Is there an automated decision-making process?

We do not use automated decision-making processes under Art. 22 GDPR for initiating decisions on the establishment or carrying out of the business relationship, which would have legal consequences for the data subject or would have a similar significant negative impact on this person.

 

SSL-Encryption

For security reasons and in order to protect confidential information, such as requests submitted via our contact form, we use SSL-encryption. If an encrypted connection has been effected the address-line of your browser will show „https://“ instead of „http://“ and you might notice a locker symbol in your browser. If SSL is activated third parties cannot read data that you send to us.

 

Server Logfiles

We collect and store information on the basis of Art. 6 para 1 lit. f GDPR about your visits of our website in so called log-files on our server. The logfiles contain data that your browser is automatically sending to us, such as:

  • shortened IPaddress
  • browser type / browser version
  • your operating system
  • referrer URL (or the website visited previously)
  • date and time of the server request
  • amount of transmitted data
  • your internet service provider

These data will be collected and processed only for the purpose of measuring the statistics of our website performance. These data will not be connected with data from other data sources.

    

Use of Cookies

Our Website uses cookies on the basis of Art. 6 para 1 lit. f GDPR. A cookie is a text file that is placed on the device of the user (PC, tablet, smartphone etc.) and stores certain information referring to the device. If you visit our website from the respective device our server receives information from a cookie. Our server can use this information for different purposes. Cookies can be used for example for tailoring advertising to the user or in order to provide statistics for the use of the website. In your browser settings you can allow or deactivate cookies. In the case of deactivating cookies, however, some functionality of our website might not work.

 

Period of Data Storage

We process and store personal data only for the period, which is required to meet the purpose of processing, or as long and to the extent as statutory laws require us to process and/or store such data.

If the purpose of processing does not apply anymore and the applicable statutory retention requirement expires, we will as a matter of routine erase data or restrict the processing of data in accordance with the applicable statutory laws.

 

Use of Etracker

Our website uses on the basis of Art. 6 para. 1 lit. f GDPR the analytical service etracker. Provider is the etracker GmbH, First Brunnenstraße 1, 20459 Hamburg, Germany. From the data usage profiles can be created under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of your Internet browser. The cookies make it possible to recognize your browser. The data collected with the etracker technologies are not used to personally identify visitors to our website and are not combined with personal data about the bearer of the pseudonym.

You can object to the data collection and storage at any time with effect for the future. In order to counter data collection and storage of your visitor data for the future, you can obtain an opt-out cookie from etracker under the following link, which ensures that no visitor data from your browser will be collected and stored by etracker in the future: http://www.etracker.de/privacy?et=V23Jbb 

This sets an opt-out cookie named "cntcookie" by etracker. Please do not delete this cookie as long as you want to keep your objection. For more information, see the etracker Privacy Policy:

http://www.etracker.com/de/datenschutz.html

    

Facebook

On our pages plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated. The processing is based on Art. 6 para. 1 f) GDPR. The Facebook plugins can be recognized by the Facebook logo or the "Like-Button" ("Like") on our site. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.

When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook "Like-Button" while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. As a result, Facebook can assign the visit to our pages to your user account. We point out that we as the provider of the pages are not aware of the content of the data transmitted and their use by Facebook. For more information, see the Facebook Privacy Policy at https://de-de.facebook.com/policy.php.

If you do not wish Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

 

Twitter

Functions of the Twitter service are integrated on our sites. The processing is based on Art. 6 para. 1 f) GDPR. These features are available through Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit will be linked to your Twitter account and shared with other users. This data is also transmitted to Twitter. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. For more information, see the Twitter Privacy Policy at https://twitter.com/privacy.

You can change your privacy settings on Twitter in the account settings at:

https://twitter.com/account/settings.

 

LinkedIn

Our website uses features of the LinkedIn network. The processing is based on Art. 6 para. 1 f) GDPR. Providers is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit one of our pages that contains LinkedIn features, it will connect to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click LinkedIn's "Recommend Button" and are logged in to your LinkedIn account, LinkedIn will be able to associate your visit to our website with you and your user account. We point out that we as the provider of the pages have no knowledge of the content of the transmitted data and their use by LinkedIn.

For more information, see the LinkedIn privacy statement at: https://www.linkedin.com/legal/privacy-policy

 

Xing

Our website uses functions of the network XING. Provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. The processing is based on Art. 6 para. 1 f) GDPR. Each time you visit one of our sites that contains XING features, it will connect to XING servers. A storage of personal data is not done to our knowledge. In particular, no IP addresses are stored or the usage behaviour is evaluated.

Further information on data protection and the XING Share button can be found in XING's privacy policy at: https://www.xing.com/app/share?op=data protection

 

Rights of Data Subject

The data subject has gem. Art. 15 GDPR the right to obtain free information on request about the personal data stored about him as well as the purpose of the data processing. According to articles 16, 17 and 18 GDPR the data subject has the right to correct, incorrect data and block and delete his personal data. Moreover, according to Art. 20 GDPR, the data subject has the right to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from our part. According to Art. 21 (1) GDPR, the data subject shall also have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6 (1) GDPR. We will comply with the aforementioned requests if and to the extent such compliance is required by the applicable statutory laws. Requests for access to and rectification or erasure of personal data or restriction of processing may be directed to the email or post address stated in our website’s imprint. Each data subject has the right to lodge a complaint with a supervisory authority of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.