You are here: MCEI | About us | Privacy Policy

Privacy Policy

Privacy Policy

We at MCEI help entrepreneurs and startups grow and support the growth of the startup ecosystem at and around the University of Mannheim. To do so, we need some data at points. We do value your data privacy very highly. Thank you for taking the time to read our privacy policy. Most importantly, our privacy policy will tell you more about…

 

 Last updated on December 19, 2018

This privacy policy explains what personal data we collect from you when you are using our website www.mcei.de and how we use it. You can access this information at any time at https://www.mcei.de/about/privacy-policy.

 

1 Who is the responsible controller and how to contact them

The controller responsible in accordance to data protection laws is:

University of Mannheim
68131 Mannheim

of

University of Mannheim
Mannheim Center for Entrepreneurship and Innovation (a legally non-independent institution of University of Mannheim)

Schloss
68131 Mannheim
Internet: https://www.uni-mannheim.de

If you have any questions or suggestions regarding data protection, please do not hesitate to contact us by e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it..
You can contact our data protection officer here: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

2 What is the subject matter of data protection

Subject matter of data protection are personal data. According to Art. 4 No. 1 GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person; this includes, for example, names or identification numbers.

 

3 What personal data we collect and how we process it

3.1 Collection of data by automated means

When accessing our website, your device automatically transmits data for technical reasons. The following data is stored separately from other data that you may transmit to us:

  • Date and time of accessing our website
  • Browser type and version
  • Operating system
  • URL of the previously visited website (Referrer)
  • Amount of data sent

We only store these data for the technical administration and the security of the website. The data are deleted after 7 days, provided that there is no legitimate reason to suspect illegal use based on concrete indications. Apart from that, the data are not matched to a specific person. The respective processing is necessary for the purposes of our legitimate interests in a secure website, Art. 6 (1) point (f) GDPR.

3.2 Communication via e-mail

On our website we offer the possibility to contact us by e-mail, for example to register for specific events or to apply for places in courses or to receive further information.
If you send us enquiries via these e-mail addresses, your data, including the contact data you provide there, will be stored and used for the purpose of processing the enquiry. Your requests will be stored for a period of time of one year, unless we are legally obliged to keep them for a longer period or the requests are needed longer to protect, enforce or defend legal claims (for further information, please see sec 12).
We collect this data in order to be able to receive and process your request, Art. 6(1) point (b) GDPR.
If we process your data as described above for the purpose of receiving and processing your enquiries, you are contractually obligated to make this data available to us. Without this data we are not in a position to accept and process your inquiries.

3.3 Success Stories section

We list all current University of Mannheim alumni and partner startups we work or have worked with in our “Success Stories” section on MCEI.de (https://www.mcei.de/success-stories). This category includes the founders' names, basic information on the company and how we collaborate. You can withdraw your consent without reasons at any point in time. To do so, please contact This email address is being protected from spambots. You need JavaScript enabled to view it.
The use of your data is justified as consent has been given, Art. 6(1) point (f) GDPR.

 

4 Newsletter

We might offer you free newsletters or event mailings occasionally. With those we inform you about new contributions concerning the newsletter subject or the upcoming event.
To subscribe to a newsletter or event mailing, you can enter your e-mail address in the respective field on the website. You will then receive a link to confirm your registration. Only if you click on this link you will be added to the respective mailing list and receive the newsletter or event mailing.

You can unsubscribe from a newsletter or event mailing at any time. Each newsletter or event mailing contains information on how you can cancel the newsletter with effect for the future.
In this case, your personal data will be collected and processed in order to be able to offer you the newsletter or event mailing as you subscribed to it, Art. 6(1) point (b) GDPR.

 

5 Cookies

We store so-called "cookies" in order to offer you a comprehensive range of functions and to make the use of our websites more convenient. "Cookies" are small files that are stored on your computer with the help of your Internet browser. If you do not wish the usage of "cookies", you can prevent the storage of "cookies" on your computer by appropriate settings of your Internet browser. Please note that the functionality and range of functions of our website offer may be reduced as a result.

Specifically, we use the following types of Cookies: Session cookies and persistent cookies.

Session Cookies: These cookies are required for the technical operation of our website and are automatically deleted after closing your browser.

Persistent Cookies: These cookies help us to remember you and your settings when you visit them in the future. You can delete them manually or your browser deletes them based on the duration period contained within the persistent cookie's file. For more detail regarding specific persistent cookies, please see below.

These cookies cannot identify you as a person. In any case, the use of cookies is justified on the basis of our legitimate interest in a demand-based design as well as in the statistical evaluation of our website and the fact that your legitimate interests do not override ours, Art. 6(1) point (f) GDPR.

 

6 Google Analytics

We use Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your end-device, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your shortened IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to your use of the website and the Internet. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. 

For more information about how Google uses your information, see Google's Privacy Policy: https://www.google.com/policies/privacy/.
You can disable Google Analytics using a browser add-on if you do not want the web site analysis to take place. You can download the add-on here: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative, you can click here to disable Google Analytics.

Google is certified according to the EU-U.S. Privacy Shield. In a decision of 12 July 2016, the European Commission decided for the USA that an adequate level of data protection exists under the rules of the EU-U.S. Privacy Shield (Adequacy Decision, Art. 45 GDPR). Further information - also on the certification of the service providers we use - is available at https://www.privacyshield.gov.
Your data will be stored on Google Analytics for a period of 14 months. At the end of this period, the data will be deleted and only aggregated statistics will be kept.
The use of Google Analytics is justified on the basis of our legitimate interest in a demand-based design as well as in the statistical evaluation of and efficient advertising on our website and the fact that your legitimate interests do not override ours, Art. 6(1) point (f) GDPR.

 

7 Plugins

We provide the opportunity to use plugins from the social networks facebook, twitter, founder2be, and youtube on our website. You need to click on the respective activation button to load the plugin.
Only when you click on such a button, different data is transmitted to the respective social network. This may include:

  • Date and time of accessing the website
  • URL of the website on which the user is located
  • URL of the website the user has visited beforehand
  • Browser type and version
  • Operating system
  • User‘s IP address

If you are logged in to the social network while visiting our site, the provider may match the visit to your network account. If you use the plugin functions (e.g. clicking the "I like" button, making a comment), this information is also transmitted directly from your browser to the respective social network and possibly saved there. The purpose and scope of data collection and the further processing and use of the data by the networks can be found in the data protection information provided by facebook, twitter and youtube.

 

8 Facebook Fanpage

You can also find us on Facebook https://www.facebook.com/MannheimCEI/.

On our Facebook page we inform you about events and news from our startup ecosystem.

When you visit our Facebook Fanpage, we process certain information about you when you interact with our site, mark or comment on a post with "Like", or provide other content. The data processing in this regard is regularly based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time, e.g. by deleting the relevant content. This does not affect the legality of the processing that has taken place to date. Further data processing may take place in order to receive and process an enquiry or message (Art. 6 para. 1 lit. b GDPR). Furthermore, we can process your publicly made profile data if we have a legitimate interest in it (Art. 6 para. 1 lit. f. GDPR), such as the pursuit of economic interests and your interests do not outweigh.

Furthermore, together with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, we are responsible for the processing of so-called Insights data when visiting our Facebook fan page. Facebook uses this Insights data to analyze the behavior on our Facebook fan page and makes this data available to us in anonymous form. To this end, we have entered into an agreement with Facebook Ireland Ltd. regarding shared responsibility for data processing, which you can view here: https://www.facebook.com/legal/terms/page_controller_addendum. Facebook Irleland Ltd. undertakes, among other things, to assume primary responsibility under the GDPR for the processing of Insights data and to fulfil all obligations under the GDPR with regard to the processing of Insights data. The processing serves our legitimate economic interests in the optimization and demand-oriented design of our Facebook fan page, Art. 6 Para. 1 lit f. GDPR.
We would also like to draw your attention to the following: If you as a registered Facebook user visit or link to this page of our Facebook fan page, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") collects personal data from you. If you are not registered with Facebook and visit the Facebook Page, Facebook may collect pseudonymous usage information from you.

Specifically, the following information is collected by Facebook:

  • Viewing a page or post or video from a page
  • Subscribe or unsubscribe to a page
  • Mark a page or a post with "I like" or "I don't like it anymore".
  • Recommend a page in a post or comment
  • Comment on, share or respond to a page post (including the type of response)
  • Hide a page contribution or report as spam
  • From another page on Facebook or from a Web page outside Facebook, click a link that leads to the page.
  • Move the mouse over the name or profile picture of a page to see a preview of the page contents.
  • Click on the website, phone number, "plan route" button or any other button on a page.
  • Information as to whether you are logged in via a computer or mobile device while visiting or interacting with a page or its content

For more information, see Facebook's privacy policy at https://www.facebook.com/legal/terms/information_about_page_insights_data.
Facebook also processes this data in the USA. The European Commission has not made any adequacy decision for the USA. Facebook Inc. is certified according to the EU-U.S. Privacy Shield. For the USA, the European Commission decided on 12 July 2016 that an adequate level of data protection exists under the EU-U.S. Privacy Shield regulations (adequacy decision, Art. 45 GDPR), but Facebook Inc. is certified according to the EU-U.S. Privacy Shield Agreement. Further information on Facebook certification can be found at: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. https://www.privacyshield.gov/

Based on this data collected by Facebook, we receive anonymous statistics - we have no access to personal data collected by Facebook. However, we can of course see the information you provide to the public, for example when you comment on a post or write us a message.

We are jointly responsible with Facebook Ireland Ltd. for processing your information when you visit our Facebook page. To this end, we have entered into an agreement with Facebook on shared data processing responsibility, which you can view here: https://www.facebook.com/legal/terms/page_control

Translated with www.DeepL.com/Translator

 

9 What happens if the purpose of data processing changes

Your personal data will only be processed for purposes other than those described if permitted by law or if you have consented to the changed purpose of data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes before further processing and provide you with all other relevant information.

 


10 Automated individual case decisions and measures for profiling

We do not use automated processing procedures to bring about a decision or profiling.

 

11 In which cases do we transfer data to third parties

In principle, your personal data will only be passed on without your express prior consent in the following cases:

  • If it is necessary to discover or investigate any illegal use of our services or for prosecution, personal data will be forwarded to the law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are specific indications of illegal or abusive activity. A transfer may also take place if this serves to enforce terms of use or other agreements. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement authorities, authorities that prosecute fined administrative offences and the tax authorities.
    The transfer of this data is justified by our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing legal claims and that your rights and interests in protecting your personal data do not prevail, Art. 6(1) point (f) GDPR.
  • For the provision of services, we are depending on contractually affiliated external companies and external service providers ("processors"). In such cases, personal data will be transferred to these processors in order to enable them to process the data further. These processors are carefully selected and regularly reviewed by us to ensure that your privacy is protected. The processors may only use the data for the purposes specified by us and are also contractually obligated to treat your data in accordance with this privacy policy and applicable data protection laws.
  • Specifically, we use the following processors:
    • Webhoster
    • E-Mail-Provider for our Newsletters (Mailchimp)
      Data is passed on to contract processors on the basis of Art. 28(1) GDPR, alternatively on the basis of our legitimate interest in the economic and technical advantages associated with the use of specialised contract processors and the fact that your rights and interests in the protection of your personal data do not prevail, Art. 6(1) point (f) GDPR.
    • Data may also be processed in countries outside the European Economic Area ("EEA").
      In a decision of 12 July 2016, the European Commission decided for the USA that an adequate level of data protection exists under the regulations of the EU-U.S. Privacy Shields (Adequacy Resolution, Art. 45 GDPR). Further information - also on the certification of the service providers we use - is available at https://www.privacyshield.gov. We use the following processors, which are certified according to the EU-U.S. Privacy Shield:
    • Google Analytics (as described under Para. 6 of this privacy policy)
    • Mailchimp

 

12 When and how we erase your data

We delete or make your personal data anonymous as soon as they are no longer required for the purposes for which we have collected or processed them in accordance with the above paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the website plus a period of 7 days in which we store backup copies after erasure, unless this data is required longer for legal reasons or for criminal prosecution or to secure, assert or enforce legal claims.

If data must be kept for legal reasons, it will be blocked. The data is then no longer available for further use.

 

13 The rights you have as a data subject and how to exercise them

13.1 Right of access

You have the right to request information from us at any time about the personal data we have processed concerning you within the scope of Art. 15 GDPR. You can submit an application by mail or e-mail to the above addresses.

13.2 Right to rectification of inaccurate data

You have the right to have us correct any personal data concerning you immediately if it is inaccurate. To do so, please contact the above addresses.

13.3 Right to erasure

You have the right to have us delete personal data concerning you under the conditions described in Art. 17 GDPR. These conditions provide in particular for a right of erasure if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed and in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under Union law or the law of the Member State to which we are subject. With regard to the period of data storage, please refer to section 9 of this privacy policy. To exercise your right to erasure, please contact the above addresses.

13.4 Right to restriction of processing

You have the right to have us restrict processing of your personal data in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period necessary for the verification of the accuracy and in the event that the user requires limited processing in the case of an existing right to erasure instead of erasure; furthermore in the event that the data is no longer required for the purposes pursued by us but the user needs it for the establishment, exercise or defence of legal claims and if the successful exercise of an objection is still disputed between us and the user. To exercise your above right, please contact the above addresses.

13.5 Right to data portability

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR. To exercise your above right, please contact the above addresses.

13.6 Right to object

You have the right to object on grounds relating to your particular situation at any time to processing of your personal data which is based, inter alia, on Art. 6(1) point (e) or (f), according to Art. 21 GDPR. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

13.7 Right to lodge a complaint

You also have the right to contact any of the supervisory authorities in the event of complaints. The competent supervisory authority for our website would be:

Landesbeauftragter für den Datenschutz Baden-Württemberg

Postfach 10 29 32, 70025 Stuttgart
Urbanstr. 32, 70182 Stuttgart

This email address is being protected from spambots. You need JavaScript enabled to view it.

You find a list of all European data privacy authorities here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

 

14 Amendments of our privacy policy

The current version of this data protection declaration is available at all times at https://www.mcei.de/about/privacy-policy.

 

Related items

Sponsors

  • University of Mannheim
  • Institut für Mittelstandsforschung
  • Gründerverbund
  • ESF
  • Europäische Union
  • Baden-Württemberg - Ministerium für Finanzen und Wirtschaft
  • Absolventum