Privacy policy

 

1. Data protection at a glance

1.1 General notes

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text. 

1.2 Data collection on this website

1.2.1 Contact form

If you contact us by e-mail, telephone or fax, your inquiry including all personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on your consent (Art. 6 para. 1 lit. a DSGVO) and/or on our legitimate interests (Art. 6 para. 1 lit. f DSGVO), as we have a legitimate interest in the effective processing of the inquiries addressed to us.

The data sent to us by you via contact requests will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored ceases to apply (e.g. after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

1.2.3. Cookies

Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage on your end device. They are either temporarily stored on your device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until your web browser automatically resolves them.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for the processing of payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are required for the electronic communication process or for the provision of certain functions you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 Para. 1 lit. f DSGVO. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of his services. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing will be carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the scope of this data protection declaration and, if necessary, request your consent.

1.2.4 Surveys

Use of Jotform for Conducting Our Surveys
To conduct our surveys, we use the service “Jotform” provided by Jotform Inc. Processing takes place exclusively on EU servers, as Jotform offers EU data residency and stores data from EU users by default in a European data center. Jotform acts as a data processor within the meaning of Art. 28 GDPR and provides an appropriate Data Processing Addendum (DPA) as well as EU Standard Contractual Clauses for this purpose.

We do not embed the forms directly on our website; instead, we only link to the external Jotform forms. No integrations or additional third‑party connections are used. The data entered into the forms is used solely for the respective survey purposes.
Data subjects may request access, rectification, restriction of processing, or deletion of their data at any time. Corresponding requests can be directed to info@mi-incubator.com. Further information on Brevo’s data protection practices can be found at: Jotform Privacy Policy.

Use of Microsoft Forms for Conducting Our Surveys
We use Microsoft Forms, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052‑6399, USA, to conduct surveys, forms, and questionnaires. Microsoft Forms enables us to collect information such as name, email address, and other data voluntarily provided by you via online forms.

1.2.5 Customer Relation Management and Marketing

Use of Brevo (Marketing, Email Communication, CRM, and Forms)
We use Brevo (formerly Sendinblue), provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, as a data processor for marketing purposes, email communication (including various mailing lists), newsletter distribution, form registrations, as well as for maintaining our contact and participant data.

Depending on the type of contact and purpose of use, we process personal data such as name, email address, telephone number, organization or company, location, information regarding registrations, bookings, and participation in events, programs, or other formats, as well as the date and time of contact or registration and more. The processing is carried out for the purposes of communication, organizing and implementing our services, maintaining contact relationships, and statistically evaluating email campaigns (e.g., measuring open and click rates).

Data processing is based, depending on the context, on Art. 6(1)(a) GDPR (consent, e.g., via a double opt‑in procedure), Art. 6(1)(b) GDPR (pre‑contractual measures or performance of a contract), or Art. 6(1)(f) GDPR (legitimate interest in efficient and targeted communication).

Functions for SMS or WhatsApp communication are technically available through Brevo; however, we currently do not use these features.

A data processing agreement pursuant to Art. 28 GDPR has been concluded with Brevo. Corresponding requests can be directed to info@mi-incubator.com. Further information on Brevo’s data protection practices can be found at:
https://www.brevo.com/de/legal/privacypolicy/

1.2.6 Wordfence Security

The “Wordfence Security” service, which is operated by Defiant Inc, 800 5th Ave, Suite 4100, Seattle, WA 98104, USA, is used to secure our online offering. The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) DSGVO.
The website uses the PlugIn to protect against viruses and malware and to defend against attacks by computer criminals. In order to recognize whether the visitor is a human or a robot, the PlugIn sets cookies. For the purpose of protection against brute force and DDoS attacks or comment spam, IP addresses are stored on Wordfence servers. IP addresses classified as harmless are placed on a white list. Wordfence Security secures our website and thus protects visitors to the website from viruses and malware. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The option “Participate in the Real-Time Wordfence Security Network” of the PlugIn is switched off, as it is not mandatory.

More information on the collection and use of data by Wordfence Security can be found in Defiant’s privacy policy: https://www.wordfence.com/privacy-policy/. 

2. Hosting and content delivery networks (CDN)

2.1 External Hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, web page accesses and other data generated by a website.

The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).

Our hoster will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions with regard to this data. 

2.2 Conclusion of a contract on order processing

In order to guarantee data protection compliant processing, we have concluded a contract for order processing with our hoster.

3. General notes and mandatory information

3.1 Note on the responsible authority

The person responsible for data processing on this website is

Medical Innovations Incubator GmbH
Eisenbahnstraße 13
72072 Tübingen, DE

Phone: +49 152 / 52 99 8535
e-mail: info@mi-incubator.com

Responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.). 

3.2 Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke a previously given consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing that took place up to the revocation remains unaffected by the revocation.

3.3 Right to object to data collection in special cases and to direct advertising (Art. 21 DSGVO)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, INCLUDING PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN PROVE THAT THERE ARE COMPELLING REASONS FOR PROCESSING WHICH ARE WORTHY OF PROTECTION AND WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PARA. 1 DSGVO).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING, INCLUDING PROFILING, INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION ACCORDING TO ART. 21 PARA. 2 DSGVO).

3.4 Right of appeal to the competent supervisory authority

In the event of violations of the DPAs, the persons concerned have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the suspected violation. This right of appeal is without prejudice to other administrative or judicial remedies.

3.5 Right to data transferability

You have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent technically feasible.

3.6 Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct or delete this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the imprint.

3.7 Right to limit processing

You have the right to request that the processing of your personal data be restricted. To do so, you can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases:

• If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to request that we limit the processing of your personal data.
• If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that we limit the processing of your personal data instead of deleting it.
• If you have lodged an objection under Art. 21 para. 1 DSGVO, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to demand that the processing of your personal data be restricted

If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.

3.8 Objection to advertising e-mails

The use of contact data published within the scope of the imprint obligation for the transmission of not expressly requested advertisement and information material is hereby contradicted. The operators of the site expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as through spam e-mails.

4. Analysis tools and advertising

4.1 1&1 Web Analytics

This website uses the analysis services of 1&1-Webanalytics. Provider is 1&1 IONOS SE, Elgendorfer Straße 57, D – 56410 Montabaur. Analyses with 1&1 can include analysis of visitor numbers and behaviour (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (i.e. what page the visitor comes from), visitor locations and technical data (browser and operating system versions). For this purpose, 1&1 stores the following data in particular:

• Referrer (previously visited website)
• requested web page or file
• Browsertyp und Browserversion
• Browser type and version
• Operating system used
• used device type
• Time of access
• IP address in anonymous form (used only to determine the location of access)

According to 1&1, data collection is completely anonymous, so that it cannot be traced back to individual persons. Cookies are not stored by 1&1-Webanalytics.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the statistical analysis of user behaviour in order to optimise both his website and his advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the data will be processed exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Further information on data collection and processing by 1&1 Webanalytics can be found in the following links:

https://hosting.1und1.de/hilfe/online-marketing/
https://hosting.1und1.de/hilfe/datenschutz/datenverarbeitung-von-webseitenbesuchern-ihres-company-name-produktes/webanalytics/
https://hosting.1und1.de/terms-gtc/terms-privacy/

Source: https://www.e-recht24.de/muster-datenschutzerklaerung.html

4.2 Use of SalesViewer® technology

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.