Privacy Policy
Objective and Responsibility
The topic of data protection has the highest priority at GrantGPT. Therefore, this Privacy Policy informs you about the type, scope and purpose of the processing of personal data in relation to our online offer and the associated websites, functions and content (hereinafter jointly referred to as “online offer” or “website”). GrantGPT, represented by FörderLab Beratung – Iwa Eck, Kopernikusstr. 25, 10245 Berlin, Germany, hereinafter referred to as “Provider”, “we” and “us,” is responsible for data protection within the meaning of European General Data Protection Regulation (GDPR), in line with Art. 24 GDPR, other data protection laws applicable in the Member States of the European Union and other provisions with data protection character. Our data protection officer is: Iwa Eck, LL.M., Kopernikusstr. 25, 10245 Berlin, Germany, E-Mail: hello (a) grantgpt.eu. The term “user” includes all customers and visitors to the online service.
Legal Basis
We collect and process personal data based on the following legal bases:
- Consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. Consent is any voluntary, specific, informed and unambiguous expression of will in the form of a statement or other unambiguous affirmative act by which the data subject indicates his or her agreement to the processing of personal data relating to him or her.
- Necessity for the performance of the contract or the implementation of preparatory measures in accordance with Art. 6 para. 1 s. 1 lit. b GDPR, i.e. the data is necessary for us to be able to fulfill our contractual obligations towards you or we need the data to prepare for the conclusion of a contract with you.
- Processing for the fulfilment of a legal obligation pursuant to Art. 6 para. 1 s. 1 lit. c GDPR, i.e. that processing of the data is required, e.g. due to a law or other regulations.
- Processing for the protection of legitimate interests pursuant to Art. 6 para. 1 s. 1 lit. f GDPR, i.e. that the processing is necessary to protect legitimate interests on our part or on the part of third parties, unless such interests are overridden by the interests or fundamental rights and freedoms of you which require the protection of personal data.
Collection and Storage of Personal Data
When you visit our website, information is automatically sent to our website server by the browser used on your end device. The following information is collected without your intervention and stored until automatic deletion:
- IP address of your device
- Date and time of your visit
- Name and URL of the file accessed
- Website from which you visit us
- Information about your browser used and, if applicable, the operating system of your computer as well as the name of your access provider
- Status information such as error messages
- Transferred data volume and the access status (file transferred, file not found, etc.)
The aforementioned data is processed by us for the following purposes:
- Ensuring a smooth prevention construction of the website
- Ensuring a comfortable use of our website
- Evaluating system security and stability
- Further administrative purposes
The legal basis for data processing is Art. 6 para. 1 s. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. While personal data is anonymized or pseudonymized to prevent identification, absolute anonymity cannot be guaranteed, yet the collected data will not be used for the purpose of drawing conclusions about your person. Furthermore, automated decision-making, including profiling, is not used.
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. In the case of storage of the data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses are anonymised by deleting the last eight bits, so that an identification of you is no longer possible.
When you visit our website, the information specified as well as the information from the cookies classified as strictly necessary is processed automatically. The transfer of this information is voluntary. Without the provision of this personal data, we cannot display the requested page.
If you
- allow us to use cookies that are not classified as strictly necessary or
- want to see embedded YouTube videos
the transfer of the information is voluntary.
If you contact us, we cannot answer your inquiry in the chosen way without the provision of the personal data required in the individual case. As far as cookies are concerned, the lack of consent can lead to a restriction of the functionality of the website or parts of it. Embedded videos cannot be played without your consent.
Rights of data subjects
You have certain rights under the General Data Protection Regulation including the right to request a copy of the personal information we hold about you, if you request it from us in writing:
- Right of access: You have the right to request confirmation as to whether personal data concerning you is being processed and, where that is the case, access to the personal data and information.
- Right of rectification: You have the right to request the correction of inaccurate personal data concerning you.
- Right of erasure (‘right to be forgotten’): You have the right to request the deletion of personal data concerning you without undue delay under certain conditions.
- Right of restriction of processing: You have the right to request the restriction of processing of your personal data under certain conditions.
- Right of data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller without hindrance.
- Right to object: You have the right to object to the processing of personal data concerning you at any time on grounds relating to your particular situation.
- Right to withdraw consent: You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Exercising these rights is free of charge. For security reasons, you are required to prove your identity by means of a two-factor-authentication. We will engage reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you. To request the exercise of any of the rights held by the interested parties established by the regulations, you can write a letter to Iwa Eck c/o GrantGPT Kopernikusstr. 25, 10245 Berlin or an e-mail to hello (a)grantgpt.eu and your request will be processed by the Data Privacy Officer.
Detailed Consent Information
Obtaining Consent
When we require your consent to process your personal data, we will provide you with clear and detailed information about what you are consenting to, including the specific purposes for which the data will be used, the type of data to be processed, and any third parties with whom the data will be shared. Consent will be obtained through an affirmative action, such as ticking a box on our website or through a similar mechanism, ensuring that your consent is freely given, specific, informed, and unambiguous.
Managing and Documenting Consent
We keep records of the consents you have given, including the information you were provided with at the time of consent and the mechanism through which your consent was obtained. This ensures that we can demonstrate compliance with GDPR requirements regarding consent.
Right to Withdraw Consent
You have the right to withdraw your consent at any time. To withdraw your consent, you can contact us at hello (a)grantgpt.eu. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Upon receiving your request, we will cease processing your personal data for the purposes you initially consented to, unless there is another legal ground for processing.
Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
Processing safety
We have implemented appropriate Technical and Organizational Security Measures (TOMs). This means that the data we process is protected against accidental or intentional manipulation, loss, destruction and unauthorized access. The security measures include, in particular, the encrypted transmission of data between your browser and our server using the SSL method in accordance with the state of the art.
Data transfer to third parties, subcontractors and third-party providers
Within GrantGPT, only persons are granted access to your personal data as far as they need it to fulfil the above-mentioned purposes.
We also involve service providers. These service providers will only act on our instructions and are contractually obliged to comply with the applicable data protection requirements.
Otherwise, personal data is only transferred to third parties within the framework of legal requirements. We only pass on user data to third parties if
- you have given your express consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR,
- the disclosure is necessary to protect legitimate interests in accordance with Art. Art. 6 para. 1 s. 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 s. 1 lit. c GDPR,
- this is legally permissible and necessary according to Art. 6 para. 1 s. 1 lit. b GDPR for the processing of contractual relationships with you, or
- this is necessary for billing purposes or for other purposes, if the transfer is necessary to fulfil contractual obligations towards users.
If we use content, tools or other means from other companies (hereinafter collectively referred to as “third party providers”) and their registered office is located in a third country, it is to be assumed that a transfer of data to the third party providers’ countries of domicile will take place. A transfer of your personal data to service providers in a third country will only take place if the special requirements of Art. 44 ff. GDPR are fulfilled. The transfer of personal data to third countries by us will only take place if there is an adequate level of data protection, user consent or other legal permission.
Data Transfers to Third Countries
In providing our AI-powered prototype, we may transfer personal data to countries outside the European Union (EU) and the European Economic Area (EEA).
We ensure that appropriate safeguards are in place to protect your personal data when it is transferred internationally. These safeguards include:
- Standard Contractual Clauses (SCCs): We have implemented SCCs as approved by the European Commission to ensure that your personal data receives an adequate level of protection when transferred outside the EU/EEA.
- Binding Corporate Rules (BCRs): In some cases, we may rely on BCRs approved by relevant supervisory authorities.
You have the right to obtain a copy of the safeguards in place to protect your personal data transferred outside the EU/EEA. To request such information, you can contact us at hello (a)grantgpt.eu.
After the prototype stage, we will integrate a solution to keep your data entirely within EU/EEA.
Google Tag Manager
- This website uses the Google Tag Manager of Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags, does not set cookies and does not collect any personal data. The Google Tag Manager triggers other tags that may collect personal data. However, the Google Tag Manager does not access this data.
- If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags, provided they are implemented with the Google Tag Manager.
- Your consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools, pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. In addition to consent, we have a legitimate interest pursuant to Art. 6 para. 1 s. 1 lit. f GDPR in analyzing the behavior of visitors to our website in order to improve our offering technically and economically.
Content Management System (CMS) WordPress
- For our website we also use the services of WordPress. WordPress is a website building system. The service provider is the American company Automattic Inc., 60 29 th Street #343, San Francisco, CA 94110, USA. WordPress also processes data from you in the USA, among other places. WordPress uses so-called standard contractual clauses in accordance with Art. 46 paras. 2, 3 GDPR as the basis for data processing for recipients in third countries or data transfer there. Standard contractual clauses are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries and stored there. Through these clauses, WordPress undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eurlex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
The Data Processing Agreements, which correspond to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements. You can find out more about the data processed through the use of WordPress in the privacy policy at https://automattic.com/de/privacy/. - The legal basis for the use of the CMS is our legitimate interest, as per Art. 6 para. 1 s. 1 lit. f GDPR.
Content Delivery Network (CDN)
We use a content delivery network (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or programme scripts, can be delivered more quickly and securely with the help of regionally distributed servers connected via the Internet. The types of data processed are content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses). Users are, for example, website visitors and users of online services. The purpose of the processing of personal data is the provision of our online services and user-friendliness.
The legal basis for the use of the CDN is our legitimate interest, as per Art. 6 para. 1 s. 1 lit. f GDPR.
Google Analytics
- We use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House Barrow Dublin Ireland – hereinafter “Google”), for the analysis, optimisation and economic operation of our online services in accordance with Art. 6 para. 1 s. 1 lit. f GDPR., we use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) – hereinafter “Google”. Google uses cookies and other technologies. The information generated by the service about the use of the online offer, such as browser type/version, operating system used, referrer URL, host name of the accessing computer (IP address), time of the server request by the users, is transmitted to a Google server in the USA and processed there.
- The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the internet for the purposes of market research and the needs-based design of this website.
- Google acts on our behalf as part of a commissioned processing pursuant to Art. 28 GDPR. We have concluded a data protection agreement with Google that includes the EU standard data protection clauses.
- The information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. We use Google Analytics with IP anonymisation activated. This means that under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an allocation is not possible (IP masking).
- Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future website visits. Users can prevent the storage of cookies by setting their browser software accordingly. However, we would like to point out that in this case not all functions of this website can be used to their full extent. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the website (incl. your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
- The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 26 months. Other data remain stored in aggregated form indefinitely.
- You can find out more information about Google’s use of data, settings and revocation options on Google’s website:
- https://policies.google.com/technologies/partner-sites?hl=de („Datennutzung durch Google bei Ihrer Nutzung von Webseiten oder Apps unserer Partner“)
- https://policies.google.com/technologies/ads („Datennutzung zu Werbezwecken“)
- https://adssettings.google.com/authenticated („manage information that Google uses to serve ads to you“).
Youtube
- We use the provider YouTube to embed videos. Plug-ins, links and buttons to YouTube are used on the basis of Art. 6 para. 1 s. 1 lit. f GDPR. The videos are embedded in the extended data protection mode.
- The data controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all kinds of videos, which is why complete film and television programmes, but also music videos, trailers or videos made by users themselves can be accessed via the internet portal. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc.1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. 2. YouTube uses cookies to collect information about the users of the website. YouTube uses them, among other things, to create video statistics, prevent fraud and improve user-friendliness.
- Each time you call up one of the individual pages of this website, which is operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on your information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://ww.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google receive information about which specific sub-page of our website is visited by you. This information is collected by YouTube and Google and assigned to your YouTube account.
- YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged into YouTube at the same time as calling up our website. This takes place regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before accessing our website.
- You can find further information about data protection at YouTube in their data protection declaration at: http://www.youtube.com/t/privacy_at_youtube. This provides information about the collection, processing and use of personal data by YouTube and Google. 5.
- The processing of this information is based on your consent in accordance with as per Art. 6 para. 1 s. 1 lit. a GDPR.
Hosting
Our website uses netcup.de hosting. netcup.de ensures compliance with GDPR requirements by implementing robust data protection measures and adhering to EU data protection standards. You find the netcup.de privacy policy here: https://www.netcup.eu/kontakt/datenschutzerklaerung.php#:~:text=When%20you%20visit%20our%20website%2C%20data%20may%20be%20collected%20using,you%20outside%20of%20our%20website.
Cookies
Data Processing and Respective Legal Basis
- Cookies are pieces of information that are transmitted from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage. The cookie is either sent from the web server to the browser or generated in the browser by a script (JavaScript). The web server can read this cookie information directly from the server when the user visits this page again or transfer the cookie information to the server via a script of the website.
- Cookies are used to store data about your visit and for recognition purposes, as well as for statistical purposes, to improve and guarantee the operation of our website. The legal basis for this is Art. 6 para. 1 s. 1 lit. f GDPR. Cookies do not cause any damage to your device, do not contain viruses, trojans or other malware.
- Information is stored in the cookie that is related to the specific device used. This does not mean, however, that we obtain direct knowledge of your identity.
- If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
- We generally use the following cookies:
-
Strictly necessary cookies:
- These cookies are necessary for the functioning of the website. In general, these cookies are only set in response to actions you take in response to a service request, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block these cookies or to notify you about these cookies. However, some areas of the website may not function properly.
- The legal basis for the processing of these cookies is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the data processing purposes listed under B.1.b.
-
Performance cookies
- These cookies enable us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answering questions about which pages are most popular, which are least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we cannot know when you visited our website.
- The legal basis for the processing of these cookies is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, which you have given us by making your selection in the cookie banner or in our Privacy Preference Center.
- You have the right to revoke your consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To do so, please change the settings in the Privacy Preference Center.
-
Functional cookies
- These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third parties whose services we use on our pages. If you do not allow these cookies, some or all of these services may not function properly.
- The legal basis for the processing of these cookies is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, which you have given us by making your selection in the cookie banner or in our Privacy Preference Center.
- You have the right to revoke your consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To do so, please change the settings in the Privacy Preference Center.
-
Cookies for marketing purposes
- These cookies can be set via our website. They may be used by our marketing partners to profile your interests and show you relevant ads on other websites. If you do not allow these cookies, you will experience less targeted advertising.
- The legal basis for the processing of these cookies is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, which you have given us by making your selection in the cookie banner or in our Privacy Preference Center.
- You have the right to revoke your consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To do so, please change the settings in the Privacy Preference Center.
-
Strictly necessary cookies:
Specific Use of Cookies, Purposes and Storage Period
Specifically, we use the following cookies, depending on the cookie preferences you set in the Privacy Preference Center. Only the strictly necessary cookies are activated by default. If you do not want this either, you have the option of generally rejecting cookies in your browser. In this case, the functionality of the visited website may be impaired.
YouTube Videos
We have integrated YouTube videos into our online offering, which are stored on the YouTube platform and can be played directly from our website. YouTube is a service of Google LLC, D/B/A YouTube. 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter as ‘Google’). The videos are all embedded in the so-called ‘2-click-mode’, which means that no data about you as a user is being transferred to Google if you do not activate the video function. Before the video function’s activation, only a preview image loaded from our own web server is being displayed.
Data will only be transferred to Google if you activate such video functions. Once being activated, we have no influence on this data transfer. The data transfer is carried out regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account.
Cookie Subgroup | Cookies | Cookies used | Lifespan |
---|---|---|---|
youtube.com | VISITOR_PRIVACY_METADATA, CONSENT, YSC, VISITOR_INFO1_LIVE | Third Party | 179 Days, 729 Days, Session, 179 Days |
youtube-nocookie.com | CONSENT | Third Party | 729 Days |
Data Breach Notification
In the event of a data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will communicate the data breach to the data subjects without undue delay.
Supervisory Authority Contact Information
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information of Berlin
(Berliner Beauftragte für Datenschutz und Informationsfreiheit)
Alt-Moabit 59-61
10555 Berlin
Eingang: Alt-Moabit 60
+49 30 13889-0
Data Protection for Minors
This website is intended for persons who are at least 18 years old. If a minor submits personal data via this website, we will delete this data and not process it further as soon as we become aware of this fact.
Changes to the Privacy Policy
- We reserve the right to change this data protection declaration with regard to data processing in order to adapt it to changed legal situations, to changes in the online offer or to data processing.
- Insofar as user consent is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
- Users are requested to inform themselves regularly about the content of this data protection declaration.
- Contact Information
- If you, as a visitor to our website, have any questions about data protection, please write to the person responsible for data protection Iwa Eck, LL.M. via e-mail to hello (a) grantgpt.eu or via mail to the above mentioned address.