The provider (in the following also referred to as “we”) of this website is coparion GmbH & Co. KG, Ottoplatz 6, 50679 Köln (im Folgenden: „provider“ or „we“). In this document we fulfill our legal obligation according to Art. 13 and 14 GDPR to provide information about the processing of your personal data:
The provider collects, uses and stores your personal data in accordance with the EU General Data Protection Regulation (GDPR), the German Data Protection Act (“Bundesdatenschutzgesetz”) and the German Telemedia Act (“Telemediengesetz”). Personal data means any information relating to an identified or identifiable natural person. Below we inform you about the type, extent and purpose of the collection and use of personal data.
Which data are being processed and what are the sources of these data?
We process personal data (Art. 4 Nr. 1 GDPR) which we receive in the course of doing business as a venture capital fund. We also process – insofar as necessary for our business – data which we have permissibly received from publicly available sources (e.g. from the internet or from the commercial register). Personal data includes personal information (name, address and contact data, the company the person runs or owns, the position within the company).
For what purpose and are the data processed?
We process personal data in order to be able to provide our services as a VC fund. Therefore, we are regularly looking for start-ups with interesting business models and process personal data of start-up team members in order to analyse the relevant markets and to prepare the investment. Therefore, we store data in our email-system as well as in our CRM System (Pipedrive, Nimble) in order to be able to communicate with you.
On what legal basis are the data processed?
a) Processing personal data to fulfil contractual obligations (Art. 6 para. 1 a GDPR):
If you send us your information about you and your company and we assume your consent that we process your personal data (Art. 4 Nr. 2 GDPR). with your consent.
b) Processing personal data to fulfil contractual obligations (Art. 6 para. 1 b GDPR):
If we enter into a contractual relation (including the initiation of contractual relation) the processing of personal data takes place for the provision of our services as cloud software provider to Art. 6 para. 1 b GDPR.
c) Processing personal data to fulfil legal requirements (Art. 6 para. 1 c GDPR):
In the event that our company is subject to a legal obligation which requires the processing of personal data, such as for example the fulfilment of tax obligations, the processing of personal data is made pursuant to Art. 6 para. 1 lit. c GDPR.
d) Processing personal data according to Art. 6 para. 1 f GDPR:
We process personal data from publicly available sources because this is necessary to be able to run a VC fund.
Information about the transfer of personal data to a third country
We use various cloud services as part of our service, i.e. US-based providers or providers from other states outside EU/EEA who also process personal data (name, email-address or other) on our behalf. (Microsoft Corporation, One Microsoft Way. Redmond, WA 98052-7329, USA; (details regarding the processing of personal data you find here: https://privacy.microsoft.com) und Pipedrive Inc, 460 Park Ave South, New York, NY 10016, USA (details regarding the processing of personal data you find here: https://www.pipedrive.com/en/privacy) und Nimble, 3122 Santa Monica Boulevard, Santa Monica, CA 90404, USA (details regarding the processing of personal data you find here: https://www.nimble.com/company/privacy/). We expressly point out that, with regard to the USA, no adequacy decision of the European Commission has been issued so far.
We will only transfer personal data to a provider in the USA if this transmission is permitted in accordance with the so-called Privacy Shield Agreement and / or the transmission is legitimized by standard data protection clauses (standard contractual clauses). The guarantees for privacy shield can be found here:
The standard contract clauses can be found here:
Is there an automated decision-making process?
We do not use automated decision-making processes under Art. 22 GDPR for initiating decisions on the establishment or carrying out of the business relationship, which would have legal consequences for the data subject or would have a similar significant negative impact on this person.
For security reasons and in order to protect confidential information, such as requests submitted via our contact form, we use SSL-encryption. If an encrypted connection has been effected the address-line of your browser will show „https://“ instead of „http://“ and you might notice a locker symbol in your browser. If SSL is activated third parties cannot read data that you send to us.
We collect and store information on the basis of Art. 6 para 1 lit. f GDPR about your visits of our website in so called log-files on our server. The logfiles contain data that your browser is automatically sending to us, such as:
- shortened IPaddress
- browser type / browser version
- your operating system
- referrer URL (or the website visited previously)
- date and time of the server request
- amount of transmitted data
- your internet service provider
These data will be collected and processed only for the purpose of measuring the statistics of our website performance. These data will not be connected with data from other data sources.
Period of Data Storage
We process and store personal data only for the period, which is required to meet the purpose of processing, or as long and to the extent as statutory laws require us to process and/or store such data.
If the purpose of processing does not apply anymore and the applicable statutory retention requirement expires, we will as a matter of routine erase data or restrict the processing of data in accordance with the applicable statutory laws.
Use of Etracker
Our website uses on the basis of Art. 6 para. 1 lit. f GDPR the analytical service etracker. Provider is the etracker GmbH, First Brunnenstraße 1, 20459 Hamburg, Germany. From the data usage profiles can be created under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of your Internet browser. The cookies make it possible to recognize your browser. The data collected with the etracker technologies are not used to personally identify visitors to our website and are not combined with personal data about the bearer of the pseudonym.
You can object to the data collection and storage at any time with effect for the future. In order to counter data collection and storage of your visitor data for the future, you can obtain an opt-out cookie from etracker under the following link, which ensures that no visitor data from your browser will be collected and stored by etracker in the future: http://www.etracker.de/privacy?et=V23Jbb
On our pages plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated. The processing is based on Art. 6 para. 1 f) GDPR. The Facebook plugins can be recognized by the Facebook logo or the "Like-Button" ("Like") on our site. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.
If you do not wish Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.
You can change your privacy settings on Twitter in the account settings at:
Our website uses features of the LinkedIn network. The processing is based on Art. 6 para. 1 f) GDPR. Providers is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit one of our pages that contains LinkedIn features, it will connect to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click LinkedIn's "Recommend Button" and are logged in to your LinkedIn account, LinkedIn will be able to associate your visit to our website with you and your user account. We point out that we as the provider of the pages have no knowledge of the content of the transmitted data and their use by LinkedIn.
For more information, see the LinkedIn privacy statement at: https://www.linkedin.com/legal/privacy-policy
Our website uses functions of the network XING. Provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. The processing is based on Art. 6 para. 1 f) GDPR. Each time you visit one of our sites that contains XING features, it will connect to XING servers. A storage of personal data is not done to our knowledge. In particular, no IP addresses are stored or the usage behaviour is evaluated.
Rights of Data Subject
The data subject has gem. Art. 15 GDPR the right to obtain free information on request about the personal data stored about him as well as the purpose of the data processing. According to articles 16, 17 and 18 GDPR the data subject has the right to correct, incorrect data and block and delete his personal data. Moreover, according to Art. 20 GDPR, the data subject has the right to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from our part. According to Art. 21 (1) GDPR, the data subject shall also have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6 (1) GDPR. We will comply with the aforementioned requests if and to the extent such compliance is required by the applicable statutory laws. Requests for access to and rectification or erasure of personal data or restriction of processing may be directed to the email or post address stated in our website’s imprint. Each data subject has the right to lodge a complaint with a supervisory authority of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.