The english version of the Privacy Policy is meant for informational purposes. The german version is the only legally binding text.

PRIVACY POLICY

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Baltic Business Angels Schleswig-Holstein e.V. (hereinafter: BBA-SH)

c/o WTSH – Wirtschaftsförderung und Technologietransfer Schleswig-Holstein GmbH

Lorentzendamm 24, 24103 Kiel

Phone: +49 431 66666 – 848

E-Mail: info@bba-sh.de

We summarise here the general rights you have under the GDPR with regard to your personal data processed by us. For an explanation of the legal terms, we refer to the applicable definitions in the GDPR (see Article 4 there). If anything remains incomprehensible, please do not hesitate to ask us.

  1. You can revoke any consent you have given us to process or share your data at any time for the future (Article 7(3) GDPR).
  2. Should the legal basis for processing your data be a legitimate interest pursuant to Article 6(1)(f) GDPR, you may lodge an objection to the data processing pursuant to Article 21 GDPR. Insofar as the relevant data processing is direct marketing, you do not have to justify your objection in any way; in all other cases, you would have to provide reasons for your objection that arise from your particular situation.
  3. If we have stored incorrect information about you, you can ask us to correct your data (Article 16 of the GDPR).
  4. You can request information from us about which of your data we process (Article 15 GDPR, Section 34 BDSG).
  5. You can demand that we delete your data or restrict its processing, insofar as your request does not conflict with higher-ranking retention obligations (Article 17 or 18 GDPR, Section 35 BDSG).
  6. You may request that we provide you with the data you have provided to us yourself in a machine-readable format for disclosure to third parties (Article 20 GDPR).
  7. You may complain to a supervisory authority for data protection, e.g. the Independent Centre for Data Protection Schleswig-Holstein, about facts relating to data protection law with us.

Any form of processing of personal data requires a legal basis that allows us to do so. The legal basis primarily results from the purpose for which the data is processed. The lawfulness within a legal basis is regularly measured according to the specific scope of the data processing and the measures we have taken to protect your data.

Legal bases for data processing arise from Article 6(1) GDPR and for data requiring special protection, such as health data, from Article 9(2) GDPR. These two regulations name the preparation or fulfilment of contractual, legal or also social obligations as the most important legal bases for data processing. In addition, many data processing operations are carried out in our legitimate interest, unless the interests of the data subjects prevail in view of the specific circumstances. If one of the aforementioned types of legal basis is relevant, the processing does not require any further consent from you.

In addition, data processing may be carried out on the basis of consent from you (Article 7 of the GDPR) or, for persons under the age of 16, when using information society services (e.g. websites, online games, social media platforms) by the children or young people in conjunction with the consent of a parent or guardian (Article 8 of the GDPR).

We would like to expressly point out at this point that none of our offers are directed at persons under the age of 16.

In part, our obligation to ask for your consent does not, or not solely, result from the GDPR but from the stricter law under the EU ePrivacy Directive of 2002 (often called the "Cookie Directive"). The provisions of this directive apply in Germany via the German Telemedia Act (TMG) and the Unfair Competition Act (UWG). We have taken into account the obligations arising from these laws without expressly referring to them below.

If a data transfer to a state outside the European Economic Area (EEA) takes place, we ensure that data protection is secured in the sense of Articles 44 - 49 DSGVO.

The BBA-SH works in close cooperation with the WTSH - Wirtschaftsförderung und Technologietransfer Schleswig-Holstein GmbH. Likewise, the administration of the BBA-SH is carried out via the IT infrastructure of the WTSH (e-mail inboxes, software and hardware, telephone system, mobile phones). If you write to the BBA-SH (by letter or e-mail) or call the BBA-SH, your data will be processed by the BBA-SH as the sole data controller according to the purpose of the content, but technically and in terms of personnel at the same time by the WTSH as the administrative sponsor.

In terms of data protection law, the use of the WTSH infrastructure results in partial joint responsibility in accordance with Article 26 GDPR. WTSH only processes the BBA-SH data to the extent necessary to provide the infrastructure. You can assert your data subject rights vis-à-vis the BBA-SH as well as the WTSH. We recommend that you contact the BBA-SH in the first instance with all questions regarding data processing through tasks of the BBA-SH.

Our Internet pages use so-called cookies. These are text files that are stored by your browser on your device when you call up a website. Different information can be stored in a cookie. Sometimes a cookie only stores a yes or no ("true" or "false"), sometimes a string of characters is stored that enables the browser to be uniquely identified when the website is called up again (a so-called cookie ID).

The right to set cookies is not only determined by the GDPR, but also by the EU ePrivacy Directive and Section 15 of the German Telemedia Act (TMG). The ePrivacy Directive distinguishes between cookies that are absolutely necessary for the operation of the online offer (essential cookies) and those that are not. Essential cookies may also be set without consent, but non-essential cookies always require consent - even if this is not required under the GDPR (and e.g. there is a legitimate interest as a legal basis).

Due to the strict requirements of the ePrivacy Directive, we ask for your consent to set non-essential cookies when you access our website.

The purpose of each cookie as well as the legal basis for its use according to the GDPR can be found in the following description of the individual data processing.

There are various ways for you to prevent the acceptance of cookies on your device:

  1. The standard case is probably that you decide via our consent manager which cookies you allow and which you do not when you call up one of our Internet pages.
  2. In principle, you can set your browser so that it never accepts cookies. By such a complete exclusion, you will most likely lose functions that are based on cookies and that you would actually like to allow or that do not require consent at all.
  3. You can access Internet pages in the private mode of your browser. Private mode also blocks the setting of cookies in your browser memory or automatically deletes all cookies at the end of the session.
  4. Some browsers or browser plug-ins offer you the possibility to make more differentiated default settings as to which cookies you generally want to accept by default and which you do not.
  6. Concrete data processing

6.1.1 Provision of our Internet pages

Description: In order for a web server to make our website available to your browser, the server must collect technical data about your device used for this purpose, your browser and your Internet access. This is referred to as a log file or weblog. This is the same data that you necessarily leave behind with every internet page that you call up. At the centre is the IP address from which you call up our pages. To this internet address the web server sends you the data you want to see.

Data categories: IP address from which our site was accessed; date and time of access; objects on our website accessed in the browser; type and version of internet browser; type and version of operating system.

Data recipients (if applicable, third country transfer): Our hosting service provider, which is bound to data protection via an order processing agreement, is located in the EEA. There is no data transfer outside the EEA.

If our websites are attacked, we pass on the log data to forensic experts acting on our behalf or to investigating authorities. A transfer to third countries does not take place in this case

Purpose + legal basis: Provision of our website as well as investigations in the event of unlawful access to our websites (e.g. a hacker attack). Legal basis is a legitimate interest, as the operation of a website is not possible without the collection of the weblog. In the specific case of an attack on our website, we have a legitimate interest in being able to provide investigators with circumstantial evidence of how the attack took place.

Storage period: 7 days

6.1.2 Video-Streaming (Vimeo and YouTube)

Our website shows films via a video player from Vimeo. When you call up a page equipped with a Vimeo player, a connection to the Vimeo servers is established. This tells Vimeo which of our pages you have visited and which film you have watched. This communication is technically necessary so that the film can be displayed in your browser.

We use the Vimeo player with the default setting "Do not track" (DNT), so that the Vimeo player does not set any cookies in your browser cache.

For more information on how we handle your data, please see Vimeo's privacy policy at: https://vimeo.com/privacy https://vimeo.com/privacy. On YouTube at: https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/.

Data categories: IP address from which our site was accessed; date and time of access; films accessed; sharing functions used to recommend the film; type and version of internet browser; type and version of operating system.

Data recipients (if applicable, third country transfer): Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. The data collected as part of the Vimeo use is transferred to servers in the USA and processed there. In order to guarantee that the data is handled at EU data protection level, Vimeo has concluded standard data protection clauses with us.

Purpose + legal basis: We use the Vimeo player to provide you with powerful video streaming. The legal basis for the data transfer to Vimeo is a legitimate interest, as we have limited the data transfer to the technically necessary minimum by using the do-not-track function.

Storage period: The storage period is the responsibility of Vimeo. It is not possible for us to delete data, as we do not collect any data from you through the use of Vimeo.

6.2.1 Bewerbung für Matching-Events

Description: You can apply to participate in a so-called matching event. At such an event, the BBA-SH brings together founders and investors and offers you the opportunity to present your business idea and solicit support for your start-up.

To participate in a matching event, you apply via an online questionnaire. After a positive pre-selection, you will receive an invitation to an event. The pre-selection is supervised by the WTSH team together with the screening officer of the BBA-SH. In terms of content, members of the BBA-SH and guests will receive your documents after signing a confidentiality agreement in order to decide on the invitation.

Both WTSH employees and members of the BBA-SH have been obliged to handle your application documents confidentially before they are given access to your data. Following the matching event, the BBA-SH administration will retain your documents to the extent necessary to document the association's work. The individual members of the BBA-SH who are presented with your data are obliged to delete the application data if they do not independently start a business relationship with you on the basis of your application.

Data categories: Name, email address, telephone number; information on the business idea (see online questionnaire) incl. link to the team video.

Data recipients (if applicable, third country transfer): WTSH as partner; BBA-SH members and guests; service providers for online storage and project management/collaboration (cloud solutions), each of which is bound to data protection via order processing contracts. A third country transfer does not take place.

Purpose + legal basis: Decision on an invitation to a matching event of the BBA-SH as well as inclusion of positive decided applications in the pool and, if applicable, preparation of the event participation. The legal basis is the fulfilment of the contract for participation in a matching event.

Storage period: Depending on the content of the correspondence; commercial law requires business letters to be stored for six years, but other documentation obligations may also result in longer storage periods.

6.2.2 Photos of participants

Description: At our events, we take photos of the participants for documentation and public relations purposes for publication on the Internet and in print publications. The personal photos are stored on WTSH and BBA-SH storage media.

In terms of the legal basis, a distinction is made between participants such as the BBA-SH board with representation duties and participants without such duties as well as photographs of groups in which no visual focus is placed on individual persons.

Photos of participants without representation duties can only be stored and published if they have consented to this via our corresponding form.

In addition, photos may be stored and used in which people can be seen at official events of the organisation, where they are part of a larger group and do not stand out as individuals. Insofar as these photos are only used to document our events or our own public relations work, the data processing falls under a legitimate interest.

Depending on the communication channels used, the photos may be published on the internet as part of our public relations work and may be passed on to external media.

Data categories: Photo; if applicable, name of the person in the context of the file name or photo description.

Data recipients (if applicable, third country transfer): Hosting service provider of the website (bound by a contract processing agreement) and external media company. A third country transfer does not take place.

Purpose + legal basis: The storage and publication of participant photos serves to be able to document the work of the BBA-SH and to present it in the context of public relations work. The legal basis is consent or - in the case of persons with representation tasks or persons not highlighted in larger groups - a justified interest.

Storage period: As soon as a person has revoked their consent to the use of their photo, the person's photos are removed from the memory and the digital publications that are still current.

6.3.1 E-mail communication

BeschreibungIf you send us an e-mail, it will arrive in at least one of our e-mail inboxes. The content of your e-mail and the metadata accompanying it (sender, time of sending, etc.) are stored on the e-mail servers of our hosting provider. In addition, after retrieval from the server, they may be stored in the email programs on the devices that have access to the mailbox (computers, smartphones, tablets). The same applies to e-mails that we send to you.

The specific processing of personal data in an email depends on the thematic content of the email. Obviously, we include your data in our contact directory for customers, business partners and other contacts.

DatenkategorienName, email address; time of delivery or dispatch; other metadata typically generated in email communication; other personal information in the content of the email such as other contact details in email signatures, enquiries, orders, offers or complaints by email.

Data recipients (if applicable, third country transfer): Our service provider for email hosting, who is bound to data protection via an order processing agreement, is located in the EEA. Data transfer outside the EEA does not take place in this respect. If you use a hosting service provider outside the EEA for your mailbox or retrieve our emails from outside the EEA, this is not our responsibility.

Purpose + legal basis: Communication by e-mail. Depending on the content of the correspondence, the legal basis is preparation or fulfilment of a contract or a legitimate interest in answering your email.

Storage period: Depending on the content of the correspondence; commercial law requires business letters to be stored for six years, but other documentation obligations may also result in longer storage periods.

6.3.2 Telephone Calls

Description: When we make a phone call to each other, our telephone system or our mobile phones record your number and the time of the call. This data in the call lists is continuously deleted from subsequent calls.

If the content of the conversation suggests this, we create a conversation note and document it at the appropriate place. It is conceivable that we will include your data in our contact directory for further communication.
Audio recordings of conversations will only take place in exceptional circumstances and after we have obtained your explicit consent to do so.

Data categories: Telephone number; time of conversation; content of conversation incl. name and organisation, if applicable.

Data recipients (if applicable, third country transfer): : Telecommunication providers covered by the secrecy of telecommunications. There is no transfer to third countries.

Purpose + legal basis: Communication by telephone call. Depending on the content of the conversation, the legal basis is the preparation or fulfilment of a contract or a legitimate interest in exchanging information with you.

Storage period: Depending on the content of the conversation. Individual conversation notes may fall under the commercial law retention obligation for business letters of six years.

6.3.3 Letter post

Description: If you send us a letter, we regularly reply with a letter that we create on the computer and save as a file. We often scan your letter in order to archive it as part of digital office management. The specific processing of personal data in our correspondence depends on the thematic content of the letters and the resulting retention obligations. It is conceivable that we may include your data in our contact directory for further communication.

Data categories: Name + address; personal details in the content of the letters such as further contact details in your letterhead, enquiries, orders, offers, complaints or other topics. Data recipient (if applicable, transfer to third countries): Postal service provider. A transfer to third countries only takes place if the item is sent to an address outside the European Economic Area. In these cases, data protection is guaranteed by international agreements on postal secrecy.
Datenempfänger (ggf. Drittstaatentransfer): Postdienstleister. Ein Transfer in Drittstaaten findet nur statt, wenn die Sendung an eine Adresse außerhalb des Europäischen Wirtschaftsraums geht. Der Datenschutz ist in diesen Fällen durch internationale Vereinbarungen zum Postgeheimnis gewährleistet.

Zweck + RechtsgrundlageCommunication by letter. Depending on the content of the correspondence, the legal basis is preparation or fulfilment of a contract or a legitimate interest in exchanging information with you.

Storage period: Depending on the content of the correspondence; in principle, commercial law requires business letters to be stored for six years.

6.3.4 Business cards

Description: If you give us your business card, we will add your data to our contact directory.

Data categories: Name, contact details (address, telephone, fax, e-mail), your company, your company's business area, your job title, your area of responsibility, place, time and circumstance of contact, as well as any special notes on your availability or the business topics addressed.

Data recipients (if applicable, third country transfer): Our service provider for the operation of the contact directory, who is bound to data protection via an order processing agreement, is located in the EEA. There is no data transfer outside the EEA.

Purpose + legal basis: Maintenance of contacts. Legal basis is a legitimate interest, as you have voluntarily given us your business card.

Storage period: We store your data until you ask us to delete it - unless a business relationship has arisen between us in the meantime, from which independent storage obligations arise for us with regard to your contact data.

6.4.1 Business relationship

Description: From our suppliers and service providers who are self-employed or partnerships, or our contacts at such organisations, we process personal data as a customer in order to be able to communicate with you about the processing of the order.

In addition to the substantive communication, your data is typically processed in the separately described processing operations for "communicating with us" (see there).

Data categories: Contact, contract and invoice data

Data recipients (if applicable, third country transfer): Tax advisors, auditors, lawyers in their function as professional secrecy holders.

Purpose + legal basis: Proper business management. Legal bases are contract fulfilment as well as legal obligations and legitimate interests.

Storage period: In accordance with tax law, invoice data must be stored for 10 years; contract data must be stored for different periods depending on the type of contract. In the case of copyrights, such periods extend up to 70 years beyond the death of the author.

6.4.2 Naming in publications

Description: In publications published by us, we name authors in accordance with the authors' right to be named. The same applies to lecturers at our events. The naming also extends to the accompanying marketing and public relations work. If authors or lecturers represent an institution that is relevant to the publication, their affiliation to this institution is also mentioned. For some publications, professional contact details of the above-mentioned persons are also published as a service to readers.

Data categories: Name, academic title; in some cases institution and professional contact details.

Data recipients (if applicable, third country transfer): Hosting service provider for our website (see the corresponding processing); printing service provider for print publications.

Purpose + legal basis: Identification of authorship or lecturing activity. The legal basis for the name is fulfilment of the author contract or lecturer contract. For the contact details, the legal basis is a legitimate interest, as only professional contact details of subject-relevant contacts are published here.

Storage period: In the case of digital publications, deletion takes place when you ask us to do so or when the publication has lost its relevance. After delivery of printed publications, subsequent deletion by us is not possible.

6.5.1 Bewerbungen

Description: If you apply for a job with us, we will process your application documents until the application process is completed solely for the purpose of deciding on your employment. We restrict access to your documents to those persons whom we reasonably involve in the decision on your recruitment. If you are hired, your application documents will become part of your personnel file. If recruitment does not take place, we will either ask for your consent to include you in our candidate pool or return or destroy your records as soon as it is no longer reasonable to expect any objection to our decision under anti-discrimination law.

Data categories: Name + contact details (email, phone, address), photo, profile URL in professional networks (e.g. Xing); details in the letter of application, CV, certificates and references, educational certificates and professional qualifications, notes on job interviews (by phone and in person), results from recruitment tests, if applicable.

Data recipients (if applicable, third country transfer): None (but note the reference to our cooperation with WTSH).

Purpose + legal basis: Decision-making basis for filling a position. Legal basis is preparation for fulfilment of a contract (employment contract) and subsequently a justified interest in defending against objections to negative decisions.

Storage period: 6 months after completion of the original application procedure.

6.5.2 Candidate pool

Description: If we are unable to offer you a suitable position at the moment, but would like to consider you again in the selection process for future vacancies, we ask for your consent to keep your application documents beyond the end of the current application process. If we are unable to get back to you for more than two years, we will ask for your consent to keep them again or return or delete your documents.

Data categories: Name + contact details (email, phone, address), photo, profile URL in professional networks (e.g. Xing); details in the letter of application, CV, certificates and references, educational certificates and professional qualifications, notes on job interviews (by phone and in person), results from recruitment tests, if applicable.

Data recipients (if applicable, third country transfer): None (but note the reference to our cooperation with WTSH).

Purpose + legal basis: Decision-making basis for future staffing. Legal basis is consent.

Storage period: 2 years since last contact or last consent.

6.6.1 IT administration

Description: We use service providers for the administration, maintenance and care of our information technology. These service providers do not deal with the content of the personal data processed by us. However, in the maintenance of databases and other system units, personal data may come to the attention of the service providers. All our service providers have been explicitly committed to confidentiality via appropriate contracts, in line with the sensitivity of the data they may access.

Data categories: Any type of data

Data recipients (if applicable, third country transfer): IT service providers who have been committed to data protection via an order processing contract or another form of confidentiality obligation. A third country transfer does not take place.

Purpose + legal basis: Use of competent service providers for professional IT administration. The legal basis is a legitimate interest, as the service providers have been committed to data protection via adequate confidentiality obligations.

Storage period: Data is not stored independently.

6.6.2 File storage (metadata)

Description: In addition to collecting data in individual databases (described above), we store documents on our storage media. This typically includes Office documents (Word, Excel, PowerPoint), PDF files, images, films, layouts, other formats of text, table and presentation files and ultimately any type of file whose use is appropriate in the context of our business processes.

The data protection issues regarding the content of the files depend on the relevant processing purposes in each case. In parallel, the storage of the files and the metadata regularly attached to them (primarily the creator signature) results in independent processing. Office documents in particular contain personal metadata when they are worked on jointly (collaboration) and the comment and note functions as well as the change mode are used for this purpose.

Data categories: Any type of data, but here the focus is on metadata: signature of the file creator, signatures of file editors (also in comments + notes); time of creation, editing or storage. Data recipient (if applicable, third country transfer): None (but note the information on our cooperation with the WTSH).
Datenempfänger (ggf. Drittstaatentransfer): Keiner (Beachten Sie aber den Hinweis zu unserer Zusammenarbeit mit der WTSH.)

Purpose + legal basis: File storage. Legal basis is a legitimate interest.

Storage period: Depending on the storage time for the individual file.

6.6.3 Disposal of data carriers and documents

Description: The deletion or destruction of data also constitutes data processing. Paper documents with personal data requiring corresponding protection are shredded by us or disposed of via the sealed bins of a professional document shredder. The quality level of the shredder used // The level of document destruction agreed with the service provider corresponds to the risk or confidentiality classification of the documents to be destroyed.

Storage media (hard disks e.g. from servers, computers, smartphones, tablets, USB sticks, memory cards) on which personal data worthy of protection were previously stored are, if they are no longer to be used to store this data, securely deleted by our IT administration by multiple, at least triple, complete overwriting or handed over to a professional shredder of storage media. The level of erasure or destruction will be commensurate with the risk or confidentiality rating of the data previously stored on the media.

Data categories: Any type of data

Data recipients (if applicable, third country transfer): Service providers for the professional destruction of paper documents and storage media who are obliged to comply with data protection via order processing contracts. A third country transfer does not take place.

Purpose + legal basis: Risk-compliant destruction or deletion of personal data. The legal basis is the legal obligation to minimise and delete data from the DSGVO.

Storage period: Data is not stored beyond the deletion/destruction.

Letzte Aktualisierung: 20.12.2021

You want to contact us right here?

Write to us!

The development and establishment of the Baltic Business Angels Network is supported by WTSH - Wirtschaftsförderung und Technologietransfer Schleswig-Holstein GmbH within the framework of the state-funded project »StartUp SH 2.0« accompanies.

WTSH Logo des BBA Network
Startup.SH Logo - Frische Ideen aus dem echten Norden
en_GBEN

Claus Ruhe Madsen

Vorstandsmitglied und Minister für Wirtschaft, Verkehr, Arbeit, Technologie und Tourismus des Landes Schleswig-Holstein​

Claus Ruhe Madsen ist seit dem 29. Juni 2022 Minister für Wirtschaft, Verkehr, Arbeit, Technologie und Tourismus. Er wurde am 27. August 1972 in Kopenhagen geboren, ist verheiratet und hat eine Tochter.

Norma Jensen

Commercial Officer

Claas Nieraad

2. Vorsitzender & Screening Officer,
Next Logistics Accelerator GmbH

Claas begann seine Karriere in der Old Economy bei „AEG und Electrolux Group“, wo er seine Leidenschaft für aufstrebende Industrien entdeckte. Das ist es, was ihn bis heute antreibt. Nachdem er bei „American Heritage Management Corp.“ an der Wall Street war und in den 1990er Jahren an den ersten internetbasierten Börsengängen teilnahm, wurde seine Leidenschaft für Technik und disruptive Technologien immer stärker. Er ist Mitgründer von „New Commercial Room“, einem VC-Unternehmen mit Sitz in Hamburg, mit dem er ein Portfolio von High-Tech-Wachstumsunternehmen verwaltet, das von medizinischen Geräten über Medien bis hin zu SaaS, IT und Cybersecurity reicht. Als Angel Investor investierte er sowohl privat in Unternehmen als auch mit dem „btov Investor-Network“. Er betreut aktiv zahlreiche deutsche StartUps, Accelerator-Programme und ist Scout im Norden für den „High-Tech Gründerfonds“ (HTGF). Dadurch hat er Zugang zu erstklassigem internationalen Deal Flow und Investoren. Darüber hinaus hat Claas mehrere Aufsichtsratspositionen inne und ist Live-Musiker mit der „Soul Lounge Connection“.

Julian von Hassell

1. Chairman

Julian beschäftigt sich als Serial Entrepreneur, Investor und Business Angel seit 2003 mit der deutschen StartUp- und Venture Capital-Szene. Dabei konzentriert er sich darauf, ausgewählten frühphasigen StartUps und ihren Gründerinnen und Gründern dabei zu helfen, Ambitionen in die Tat umzusetzen. Investiert wird meist in frühphasige B2B-Technologie-unternehmen mit erstem Track Record. Julian‘s Fokus liegt zurzeit auf Industrial IoT, Data Analytics, b2b-Plattform-Tools, e-Health und 3D. Er liebt SpinOffs, die aus Forschungsstiftungen und -organisationen oder technischen Hochschulen stammen, ist aber auch für andere Möglichkeiten offen. Mehr zu Julian findet man am besten auf seiner Webseite und hier im Interview.