Privacy & Policy

In accordance with Art. 12 of the General Data Protection Regulation (hereinafter referred to as the GDPR), we are obliged to inform you about the processing of your data when you use our website and applications, including our matchmaking platform “Albatross”. We take the protection of your personal data very seriously, and this privacy policy informs you about the details of the processing of your data and about your legal rights in this regard.

We reserve the right to adapt the privacy policy with future effect, in particular in the event of further developments of the website, the use of new technologies or changes to the legal bases or the corresponding case law. In any such case, you will be invited to accept/reject according changes. In such cases, we will eliminate all data other than otherwise publicly available data from our databases within a month, unless the request is particularly complex, in which case we will respond within three months.

We recommend that you read this privacy policy from time to time and take a printout or a copy for your documents.

General

The provider (in the following also referred to as “we”) of this website is ennea capital partners GmbH, Georgenstraße 118, 80798 Munich (hereafter: „provider“ or „we“). In this document we fulfill our legal obligation according to Art. 13 and 14 GDPR to provide information about the processing of your personal data: The provider collects, uses and stores your personal data in accordance with the EU General Data Protection Regulation (GDPR), the German Data Protection Act (“Bundesdatenschutzgesetz”) and the German Telemedia Act (“Telemediengesetz”). Personal data means any information relating to an identified or identifiable natural person. Below we inform you about the type, extent and purpose of the collection and use of personal data.  


Definitions

- In the following, website means all of the controller’s pages at https://www.ennea.vc
- In the following, platform refers to our matchmaking platform "Albatross", available on https://www.ennea.vc/albatross
- Personal data means any information relating to an identified or identifiable natural person. A natural person is identifiable if they can be identified, either directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special features that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. Personal data is therefore, for example, a person’s name, email address and telephone number, but may also include information about preferences, hobbies and memberships;
- Processing means operations or sets of operations carried out with or without the aid of automated procedures in connection with personal data, such as the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction;
- Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person;
- Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes in a particular case by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


Scope

This privacy policy applies to all pages of https://www.ennea.vc. It does not cover any linked websites of other providers.


Responsible provider

The following party is responsible for the processing of personal data within the scope of this privacy policy: 

ennea capital partners
Georgenstraße 118
80798 MünchenGermany
gdpr@ennea.vc


Questions about data protection


If you have any questions about data protection with regard to our company or our website, you can contact us using the above contact details.

Which data are being processed and what are the sources of these data?

We process personal data (Art. 4 Nr. 1 GDPR) which we receive in the course of doing business as a venture capital company. We also process – insofar as necessary for our business – data which we have permissibly received from publicly available sources (e.g. from the internet or from the commercial register). Personal data includes personal information (name, address and contact data, the company the person runs or owns, the position within the company).

For what purpose are the data processed?

We process personal data in order to be able to provide our services as a venture capital company (e.g. newsletters). Therefore, we are regularly looking for start-ups with interesting business models and process personal data of start-up team members in order to analyse the relevant markets and to prepare the investment. Therefore, we store data in our email-system as well as in our CRM System (Affinity) in order to be able to communicate with you.

Security

We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and other external disruption. To this end, we regularly review our security measures and adapt them to current standards.

Your rights

You have the following rights with regard to the personal data concerning you that you can assert against us:

- right of access (Art. 15 GDPR),right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
- right to restriction of processing (Art. 18 GDPR),
- right to object to processing (Art. 21 GDPR),
- right to withdraw your consent (Art. 7(3) GDPR),
- right to receive the datain a structured, commonly used, machine-readable format (‘data portability’) and the right to transfer the data to another controller, if the prerequisites ofArt. 20(1) (a) and (b) GDPR are fulfilled (Art. 20 GDPR).

You can assert your rights by informing us using the contact details specified above under ‘Responsible provider’ or by contacting the data protection officer designated by us. You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).

Use of the website, access data

In principle, you can use our website for purely informational purposes without disclosing your identity. When you access the individual pages of the website in this sense, this only results in access data being transferred to our web hosting service so that the website can be displayed to you.
This is the following data:

- browser type/browser version
- operating system used
- language and version of the browser software
- hostname of the accessing device
- IP address
- website from which the request comes
- content of the request (specific page)
- date and time of the server request
- access status/HTTP status code
- referrer URL (website visited before)
- volume of data transferred
- time zone difference from Greenwich Mean Time (GMT)

Temporary processing of the IP address by the system is necessary to make it technically possible to deliver the website to your device. This requires processing of your IP address for the duration of the session. The legal basis for such processing is Art. 6(1) Sentence 1(f) GDPR.

The access data is not used to identify individual users and is not combined with other data sources. The access data is deleted when it is no longer required for achieving the purpose of its processing. In the case of recording the data to provide the website, this is the case when you end your visit to the website.

IP addresses are stored in log files to ensure the functionality of the website. In addition, the data serves us to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context either. In principal, data is deleted after seven days at the latest; further processing is possible in individual cases. In this case, the IP address is deleted or so transformed that an assignment of the retrieving client is no longer possible.

The recording of data for the provision of the website and the processing of data in log files is an absolute necessity for the operation of the website. You may object to the processing. In the event that your objection if justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing. 

Cookies

In addition to the aforementioned access data, so-called cookies are stored in the internet browser of the device you use to access the website. These are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Cookies do not become part of the device system and cannot execute programs. They serve to make our website user-friendly. The use of cookies may be technically necessary or may occur for other purposes (e.g. analysis/evaluation of website usage).
a) Technically necessary cookies
Some elements of our website require that the retrieving browser can be identified even after a page change.
This involves processing the following data in the cookies:

- language settings
- items in shopping basket
- login information

The user data collected by technically necessary cookies is not processed to create user profiles. We also use session cookies, which store a session ID that can be used to assign various requests from your browser to the shared session. Session cookies are required for using the website. In particular, they enable us to recognise the device used when you return to the website. If you have an account with us, we use this cookie to recognise you on subsequent visits to the website; otherwise you would have to log in again each time you visited. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. We use session cookies to make using our website more attractive and effective. Session cookies are deleted as soon as you log out or close your browser.

You can object to the processing of your data by cookies. Most browsers are preset to automatically accept cookies. You can disable or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at anytime. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use the full functionality of the website.

b) Technically non-essential cookies
In addition, we also use cookies on the website which enable an analysis of users’ surfing behaviour. For example, this involves processing the following data in the cookies:

- entered search terms
- frequency of page views
- use of website functions

These cookies are used to make using the website more efficient and attractive. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. The technically non-essential cookies are automatically deleted after a specified period, which may vary depending on the cookie.

You can object to the processing of your data by cookies. If you do not wish to use cookies, you have the option of changing your browser settings in order to generally or selectively block the placement of cookies or remove stored cookies. You can also have the corresponding information displayed before a cookie is placed. If you change the browser settings for the use of cookies or disable cookies, the functionality of this website may be restricted.

Where we integrate cookies from third-party providers into our website, we point this out to you separately below. 

Contacting our company

When contacting our company, e.g. by email or using the contact form on the website, the personal data provided by you will be processed by us so that we can respond to your enquiry.In order for us to process enquiries submitted via the contact form on the website, it is essential that you provide the region, a name or pseudonym and a valid e-mail address including a confirmation e-mail, your home country, a telephone number and your message to us. At the moment when you submit the message to us, the following data, among others, will also be processed:

- IP address
- date/time of registration

The legal basis for the processing is Art. 6(1)Sentence 1(f) GDPR and Art. 6(1) Sentence 1(b) GDPR, if the contact is made with the intention of concluding a contract and Art. 6 (19 Sentence 1 (a) GDPR based on your consent to process your personal data. Processing the personal data from the form allows us to process the contact you make with us. Where you contact us by email, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process serves to prevent any misuse of the contact form and to ensure the security of our information technology systems. The data will not be transmitted to third parties in this context. As soon as processing is no longer necessary, we delete the data generated in this context or, if statutory retention obligations apply, restrict processing of the data.

You have the possibility to object to the processing of your personal data for contact requests at any time. This is the case if processing is not necessary in particular to fulfill a contract with you, which is described by us in the previous description of the functions. In such a case, it may not be possible to continue processing the request. In the event that your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing.

Processing and transmission of personal data for contractual purposes:
We process your personal data if and to the extent necessary for the initiation, creation, execution and/or termination of a legal transaction with our company.The legal basis for this results from Art. 6(1)Sentence 1(b) GDPR.

Once the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or erased, unless we are entitled to retain the data for a longer period and process it as required in the respective context on the basis of a consent granted by you (e.g. consent to the processing of your email address for sending promotional emails), a contractual agreement, a statutory authorisation (e.g. authorisation to send direct advertising) or on the basis of justified interests (e.g. retention for asserting claims).

Your personal data will be passed on if

- it is necessary for the creation, execution or termination of legal transactions with our company (e.g. when transmitting data to a payment service provider/a shipping company to process a contract with you) (Art.6(1) Sentence1(b) GDPR), or
- a subcontractor or party we use to perform our obligations, which we use exclusively within the framework of providing the offers or services requested by you, needs this data (unless you are expressly informed otherwise, such auxiliary parties are only entitled to process the data insofar as this is necessary for the provision of the offer or service), or
- there is an enforceable official order (Art. 6(1) Sentence1(c) GDPR) or
- there is an enforceable court order (Art.6(1) Sentence1(c) GDPR) or
- we are legally obliged to do so (Art.6(1) Sentence1(c) GDPR) or
- the processing is necessary in order to protect the vital interests of the data subject or another natural person (Art.6(1) Sentence1(d) GDPR) or
- we are authorised or even obliged to pursue overriding legitimate interests (Art.6(1) Sentence1(f) GDPR).

Your personal data will not be transmitted to other persons, companies or bodies unless you have effectively consented to such transmission. The legal basis for the processing is then Art. 6(1) Sentence 1(a) GDPR.

Hosting

We use external hosting services to provide the following services: Infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. All data necessary for the operation and use of our website will be processed.

We use external hosting services for the operation of this website. By using external hosting services, we aim to make our website available efficiently and securely. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) DSGVO. The collection of data for the provision and use of the website and the processing of data via external web hosts is absolutely essential for the operation of the website. You may object to the processing. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.

Integration of third-party content

The website integrates third-party content such as videos, maps, RSS feeds and graphics from other websites. This integration always requires that the providers of this content (“third-party providers”) perceive the IP addresses of users. This is because without the IP address they would not be able to send the content to the browser of the respective user. As such, the IP address is required to display this content. We endeavour to only use content from third-party providers who process the IP address solely for delivering the content. We do however have no influence over whether the third-party providers process the IP addresses, e.g. for statistical purposes. If we are aware of such activity, we inform you of this in the following. Some of the third parties may process data outside the European Union.

Use of the platform, access data

In principle, you can use our platform (“Albatross”) for purely informational purposes without disclosing your identity. When you access the individual pages of the platform in this way, this only results in access data being transferred to our web hosting service so that the platform can be displayed to you.
This is the following data:

- browser type/browser version
- operating system used
- language and version of the browser software
- hostname of the accessing device
- IP address
- website from which the request comes
- content of the request (specific page)
- date and time of the server request
- access status/HTTP status code
- referrer URL (website visited before)
- volume of data transferred
- time zone difference from Greenwich Mean Time (GMT)

Temporary processing of the IP address by the system is necessary to make it technically possible to deliver the platform  to your device. This requires processing of your IP address for the duration of the session. The legal basis for such processing is Art. 6(1) Sentence 1(f) GDPR.

The access data is not used to identify individual users and is not combined with other data sources. The access data is deleted when it is no longer required for achieving the purpose of its processing. In the case of recording the data to provide the platform, this is the case when you end your visit to the website.

IP addresses are stored in log files to ensure the functionality of the platform. In addition, the data serves us to optimise the platform and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context either. In principle, data is deleted after seven days at the latest; further processing is possible in individual cases. In this case, the IP address is deleted or so transformed that an assignment of the retrieving client is no longer possible.

The recording of data for the provision of the website and the processing of data in log files is an absolute necessity for the operation of the website. You may object to the processing. In the event that your objection if justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the  

If you wish to use the platform for matchmaking purposes, there are 3 options: 

a) You allow us to share information submitted to us through this form with all other parties on the platform, generally, or
b) You allow us to share information submitted to us through this form with other parties on the platform, as far as they are “on the other side of table” only, i.e. if you are a startup data can only be shared with investors / strategic corporates and vice versa.
c) You allow us to share information submitted to us through this form with other parties on the platform, only upon explicit permission in each individual case, which has to be solicited via email or through the “Albatros” platform. Permission will be stored in the Albatross accordingly. 

When you sign up to the platform, you will generally be obliged to sign this Non-Disclosure Agreement (NDA)


Application to the platform

If you choose to share information about you and your business with us, we will store the information on Albatross (www.ennea/albatross). We process personal data that you provide to us, enriching that data through other sources like Pitchbook and publicly available sources. You can object to processing of your personal data on the grounds of legitimate interest (see the ‘Your Rights’ section). However, bear in mind that if you do so, we will not be able to properly provide Albatross matchmaking services to you. 


Who will have access to data you share with us on the Albatross?

Albatross is a matchmaking platform. You decide upon signup - and can continuously change - who we are allowed to share your data with respectively whether other parties participating in the Albatros can see your data at all according to the 3 options described above. 

We use service providers to operate our platform, also via third party applications like Typeform. Some of these service providers will process your data as part of the services they offer to us. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure. We will never pass your details to third parties to market to you. 

Facebook

On our pages plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated. The processing is based on Art. 6 para. 1 f) GDPR. The Facebook plugins can be recognized by the Facebook logo or the "Like-Button" ("Like") on our site. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook "Like-Button" while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. As a result, Facebook can assign the visit to our pages to your user account. We point out that we as the provider of the pages are not aware of the content of the data transmitted and their use by Facebook. For more information, see the Facebook Privacy Policy at https://de-de.facebook.com/policy.php.If you do not wish Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

Twitter

Functions of the Twitter service are integrated on our sites. The processing is based on Art. 6 para. 1 f) GDPR. These features are available through Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit will be linked to your Twitter account and shared with other users. This data is also transmitted to Twitter. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. For more information, see the Twitter Privacy Policy at https://twitter.com/privacy.You can change your privacy settings on Twitter in the account settings at:https://twitter.com/account/settings.

LinkedIn

Our website uses features of the LinkedIn network. The processing is based on Art. 6 para. 1 f) GDPR. Providers is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit one of our pages that contains LinkedIn features, it will connect to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click LinkedIn's "Recommend Button" and are logged in to your LinkedIn account, LinkedIn will be able to associate your visit to our website with you and your user account. We point out that we as the provider of the pages have no knowledge of the content of the transmitted data and their use by LinkedIn.For more information, see the LinkedIn privacy statement at: https://www.linkedin.com/legal/privacy-policy

Security

To protect your personal data, we take reasonable precautions and follow industry best practices to make sure it is not lost, misused or inappropriately accessed, disclosed, altered or destroyed. 

Deletion

We will retain details connected to marketing until you tell us that you no longer wish to receive the subscription or marketing material. In general, we will keep your data in store for up to 10 years. 

Your rights

As a data subject, you have the following legal rights: 

(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent. 

If you would like to exercise your rights, please contact us at the details set out above. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months. 

Please note that exceptions apply to some of these rights which we will apply in accordance with the law. 

Complaints to the regulator

If you do not think that we have processed your data in accordance with this Privacy Notice, you should let us know as soon as possible. You also have the right to complain to the Bayerische Landesbeauftragte für den Datenschutz. Information about how to do this is available on its website at https://www.datenschutz-bayern.de/ 

Marketing

If you sign up to receive our marketing emails, we will use your name and email address to send you the material you have requested. We will only send you marketing where we have your consent to do so. You can withdraw your consent at any time if you change your mind by contacting us at the details set out above or clicking the unsubscribe link in the emails that you receive. 

How to contact us

If you have any questions about this Privacy Notice, how we handle your personal data, or want to exercise any of your rights, please contact us at hello@ennea.vc.