The following information is intended to provide visitors to our website with information about how we process their personalised data and regarding their rights under data protection laws. What type of data is processed and in what manner it is utilised is largely determined by the services used. Therefore, not all of this information will be applicable to you.
1. Responsible body and contact details of the Data Protection Officer
Responsible for the processing of data on this website:
Main Incubator GmbH
Mainzer Landstrasse 33a
60329 Frankfurt am Main
(Hereinafter referred to as “Company”)
You can reach our Data Protection Officer at
Main Incubator GmbH
Data Protection Officer
Mainzer Landstrasse 33a
60329 Frankfurt am Main
2. Information regarding the processing of your personalised data
2.1. Data categories
Within the scope of use of our websites, applications, or online tools (hereinafter comprehensively referred to as “Online offer”), we process the following personalised data:
Personalised data such as first name and surname, e-mail address, phone number, or other information provided within the scope of contacting us or details pertaining to a planned project that you have provided to us voluntarily within the scope of an online offer (e.g., during registration, request for more information, within the scope of soliciting an offer/quotation).
HTTP data references protocol files that are generated when accessing the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes the IP address, the browser type and version, the operating system used, the websites accessed prior to visiting the reference URL, as well as the date and time of the access. HTTP(S) data is also generated on the servers of third-party providers (e.g., when accessing third-party content).
Search function data is data that you would enter into our website’s search function: This includes all information that you enter as search terms in the website’s respective search form.
Cookie settings data serve to manage your cookie settings. This includes your consent, your objections (opt-outs) and, if required, your individual choice for accepting cookies on your device
Error data is a saved error message generated by the server or individual applications.
2.2. Purposes and legal basis for data processing
In some cases, we expressly request your approval in order to process your personalised data. In this case, the legal basis for the processing of your personalised data is the consent provided by you as per Article 6, Sec. 1(a) GDPR in conjunction with Article 7 GDPR. This consent can be revoked by you at any time with effect for the future.
2.2.1. Technical administration of the website
When using the website, the browser installed on your device will send certain technically relevant information to our website’s server (among other information: HTTP data, search function data, cookies settings, as well as error data). This data is stored on our server and processed.
The data processing serves to repel and detect fraudulent activities or similar acts, including attacks on our IT infrastructure, as well as to enable user verification. As the same time, the processing serves to provide the requested website content, to manage all required troubleshooting, to enable and simplify the website search, and to manage cookies.
The legal basis for this data processing is our legitimate interest (Article 6, Sec. 1(f) GDPR). The use of the website is not possible without divulging personalised data such as the IP address. Communication via the website without the provision of data is not technically feasible.
2.2.2. Provision of services
Furthermore, we process data to enable the use of the services and functions of our online offers, to process queries, or to send marketing information upon request. This data is stored and processed on our server and is actively provided by you.
The legal basis for this data processing is the initiation of contractual relationships or the fulfilment of our contractual obligations (Article 6, Sec. 1(b) GDPR) as well as our legitimate interest (Art. 6, Sec. 1(f) GDPR). Without the ability to process your personalised data, we would not be able to fulfil the existing contract and/or process your enquiries.
2.3. Cookies and similar technologies
Depending on the type of cookies used, their usage is possible either without consent or their use is subject to consent. Cookies not requiring consent are, in particular, those that are necessary to use our online offer or those that ensure IT security, i.e., technically required cookies. In these cases, the legal basis for the data processing is Article 6, Sec. 1(f) GDPR.
Cookies that are required for the functionality of this website cannot be deactivate using the cookie settings function. However, you can deactivate these cookies at any time by making the appropriate settings in our browser. Different browsers offer different means by which cookie settings can be configured. However, we would like to point out that deactivating cookies in your browser may result in some or all of the website’s functionality not operating properly.
An overview of the cookies and similar technologies used on this website (as long as nothing else has been noted, this refers to cookies):
Saves the visitor’s settings that have been selected in the cookie banner.
Google Analytics Cookie, is used to throttle the request rate.
Google Analytics Cookie, is used to differentiate users.
Google Analytics Cookie, is used to differentiate users. Google provides two years as the lowest annual storage duration. The storage period is related to the interest in being able to carry out annual web analysis comparisons.
Storage of language preferences
2.4. Google Analytics
The storage of Google Analytics cookies – and the further processing in connection with Google Analytics – is processed in accordance with Article 6, Sec. 1(a) GDPR. The consent required for this will be requested from our user immediately after our website has been accessed.
On this website, we have activated the IP-Anonymisation function. This means that before being transmitted to the United States your IP address is shortened by Google within the states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the entire IP address be sent to a Google server in the United States and then stored there in an abbreviated form. Per order of the website operator, Google will use this information to analyse your use of the website, to compile reports on the website activities, and in order to provide additional services towards the website operator that are connected with the use of the website and the Internet. The IP address transferred by Google Analytics from your browser is not combined with any other Google data.
You can prevent the storage of cookies by making the appropriate settings in your browser’s software. However, we would like to point out that in this case you may not be able to use the website’s full functionality. Beyond this, you can prevent the recording of the data compiled by the cookie and related to your website usage (incl. your IP address) as well as the transmission thereof to Google – as well as the further processing of this data by Google – by installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaopout?hl=de.
General objection to data collection
You can prohibit the collection and processing of your data through Google Analytics by clicking on the following link. An opt-out cookie is then stored that will block the collection of your data when accessing the website in future: Deactivating Google Analytics.
More information regarding the use of personal data through Google Analytics can be found in the Google data privacy statement available at the following link: https://support.google.com/analytics/answer/6004245?hl=de.
If you would like to receive the newsletter offered on the website, then we will require your e-mail address as well as information that enables us to verify that you are the owner of the provided e-mail address and that you agree with receiving it (double opt-in process). In order to personalise the newsletter, we store – if you have provided us this information upon registration – additional personalised data, e.g., first name, last name. We will only use this data for sending the requested information and in order to document your consent. At any time, and with effect for the future, you can revoke the consent provided for storing the data, the e-mail address, as well as the use of these for mailing the newsletter. To do so, please click the “unsubscribe” link in the newsletter.
In order to manage and mail our newsletter, we employ the services of a third-party service provider – Sendinblue GmbH (formerly Newsletter2Go). This service provider was carefully selected and obligated to adhere to all data protection provisions in accordance with Article 28 GD‑PR.
2.6. Request for contact
In order to contact us, we provide e-mail addresses and contact forms on our website. Both can be used for contacting us electronically. If a user selects this option, the data entered into the e-mail is transferred to us and some of the data is stored. In this regard, the data is not forwarded to third parties not affiliated with the company. The data is exclusively used for the processing of the correspondence between the parties.
The legal basis for the processing of the data that is transferred via e-mail is Article 6, Sec. 1(f) GDPR. If the e-mail correspondence is targeting or insinuating the conclusion of a contract, then Article 6 Sec. 1(b) GDPR provides an additional legal basis for the processing.
The data will be deleted as soon as the grounds for its collection are no longer valid and no other legal retention periods exist, for example due to tax-specific laws.
The user always has the ability to object to the processing of their personalised data. In these case, the communication with the user must be discontinued. To do so, please send an e-mail requesting deletion to email@example.com. All personalised data that is stored within the scope of communication will be deleted, insofar as no other (statutory) retention periods apply.
3. Processing of personalised data for customer service surveys and direct marketing
Insofar as you have provided us with your consent – or if we are authorised within the scope of existing customer relationships – your contact data will also be used for direct marketing purposes (such as event invitations, newsletters) or for conducting customer satisfaction surveys. You have the right to object to the use of your contact data for these purposes. If you would like to exercise your right of objection, then please send an e-mail to firstname.lastname@example.org or follow the appropriate instructions provided in any of the advertising mails you have received from us. The legal foundations for the processing of your data for advertising purposes are listed in Article 6, Sec. 1(f) GDPR (in case of an existing business relationship) or Article 6, Sec. 1(a) GDPR if you have provided us with your consent.
4. ticketareo and Eventbrite
On our website, we use links for Eventbrite and ticketareo. You may use these links for registering for our events. Responsible party and operator of Eventbrite is Eventbrite Inc., 155 5th Street, Floor 7, San Francisco, CA 94103, Reg. No. 4742147, USA (“Eventbrite”). In the EU, the Eventbrite representative is Eventbrite NL BV with its registered seat in Silodam 402, 1013AW, Amsterdam, Netherlands. Responsible party and operator of ticketareo is ticketareo GmbH, Bahnhofplatz 6, 82110 Germering, Germany (“ticketareo”).
If you register for one of our events via Eventbrite, then Eventbrite will forward the data to us as the event organiser. We use the data for purposes of pre- and post-processing of the respective booked event. Furthermore, as a participant you may receive information either prior to or after the event.
The processing of the data by us is completed on the basis of Article 6, Sec. 1(b) GDPR (contract fulfilment).
In what manner Eventbrite processes the data is described in Eventbrite’s Data privacy statement or in the data privacy statement of ticketareo.
5. Social media and podcasts
On the basis of Article 6, Sec, 1 (1f) GDPR, we use links to the social networks LinkedIn, Twitter, Medium.com, YouTube, and Instagram to advertise our products and services as well as to contact you as the users and visitors to our social media sites. On the same basis, we also provide links to iTunes and Spotify, where our podcasts can be accessed.
The links can be recognised by the respective logo of the social network. By clicking on the logo, your browser will connect to the server of the respective service and you will be forwarded to the service provider’s website.
These are so-called Social plugins, where a connection and data transmission to the respective social network is established the moment our website is accessed. We would like to point out that you use the following services and their functions on your own responsibility. Please also consider that when accessing the respective networks and platforms, the general terms and conditions and the data processing guidelines of that respective operator apply. In detail, these are the following third-party providers:
This website links to our page on LinkedIn, a service which is used for expanding business contacts and networking. The operating company of LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
On our website, we provide a link at the footer of the page that links to the short message service Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. The responsible party for the data processed for individuals living outside of the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.
By using Twitter, you personalised data is recorded, transferred, stored, published, and used by Twitter Inc., whether you reside in the United States, Ireland, or in any other country in which Twitter operates its business. Once transferred, your data may continue to be stored and used. First, Twitter processes any information you voluntarily enter, such as your name and user ID, email address, phone number, and the contacts in your address book when you upload or sync it. Furthermore, Twitter also analyses the content shared by you in terms of what topics interest you. In some cases, Twitter may store and process confidential messages.
On our website, we link to the social media platform Medium.online, which is operated by A Medium Corporation, 760 Market Street, San Francisco, CA 94102 United States. The EU representative is VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road Cork T23AT2P, Ireland.
On our website, we provide a link to our YouTube feed. YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For users, whose place of residence lies within the European Economic Area or in Switzerland, the responsible party in terms of data protection is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 (“Google”).
By using YouTube, your data is transferred to Google. If required, Google transmits data to companies outside of the EU or the EEA on the basis of standard contractual provisions, e.g., to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This website links to our Instagram account. Instagram is a Facebook product that is made available by Facebook Ireland Limited (“Facebook”). Instagram is a social media platform that enables the sharing of pictures and videos. Users can edit pictures and videos as well as add filters. Other users can share, comment, or “like” these pictures or videos. Additionally, users can connect by sending each other private messages. Instagram’s operating company is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
6. Recipients and recipient categories
Within our company, access to your data is granted to those departments that need it to fulfil contractual and legal obligations. Moreover, the service providers and vicarious agents commissioned by us can receive data from us if they particularly ensure confidentiality and integrity. These service providers are companies representing the IT services industry, printing services, telecommunication services, as well as sales and marketing.
When forwarding data to recipients not affiliated with our company, it must be considered that only mandatory personalised data is forwarded under consideration of the applicable data protection provisions. We are fundamentally only permitted to forward your data if required by law, if you have provided your consent, or if we are authorised to provide information. Under these requirements, the recipients of personalised data can be:
- Public bodies and institutions (e.g., tax authorities, law enforcement agencies, family courts, land registry offices) if there is a legal or official obligation,
- Financial institutions and financial services or similar institutions, to whom we transfer personalised data within the scope of our business relationship (e.g., banks, credit agencies),
- Other affiliated companies for risk management due to legal or regulatory obligations,
- Creditors or insolvency administrators inquiring in the context of a foreclosure/compulsory execution,
- Auditors (CPAs),
- Service providers whose services we utilise for order processing.
7. Transfer to third-party countries
Through the use of our social media offer and our website, your data may be forwarded and/or subsequently processed in the United States. The legal framework for all data processing activities is your expressly provided declaration of consent, which you have provided via our cookie banner. Your declaration of consent justifies this type of data processing on an exceptional and case-by-case basis pursuant to Article 49, Sec. 1(a) GDPR. Please note that the level of data protection in the United States is not comparable to that of the EU or in the European Economic Area. In particular, it is possible that the government – due to legal authorisations – will be able to access your data without either you, or us, being informed. Comparable possibilities of enforcing one’s own rights do not exist in the United States, so that this does not appear to be a promising course of action.
8. Duration of storage
We process and store your personalised data as long as this is required for fulfilling our contractual obligations and exercising our rights. If the data is no longer required for fulfilling our contractual or legal obligations, then this data will be regularly deleted unless its – limited – processing is required for the following reasons:
- Fulfilment of commercial or fiscal retention periods listed in the German Commercial Code (HGB), Tax Code (AO), and the Money Laundering Act (GwG). The prescribed periods for retention and documentation are usually two to ten years.
- Preservation of evidence within the limits of the statutory limitation provisions. In accordance with Article 195 and sequential of the German Civil Code (BGB), these statutory limitation periods can be up to 30 years, whereby the typical statutory limitation period is three years.
9. Data security
Our employees and the service providers used by us are obligated to retain confidentiality and compliance with the provisions of applicable data protection laws. The company makes the required technical and organisational precautions in order to protect your personalised data from loss, alteration, deletion, and access through an unauthorised party or due to unauthorised forwarding. Our security measures are continually being updated and improved in accordance with the most recent technological developments.
10. Rights of the affected parties
Every affected party has the right to information as per Article 15 GDPR, the right to correction of data as per Art. 16 GDPR, the right to deletion as per Art. 17 GDPR, the right to limitation of processing as per Art. 18 GDPR, as well as the right to data transferability as per Art. 20 GDPR.
With regard to the right to information and the right of deletion, the restrictions pursuant to Articles 34 and 35 BDSG (Federal Data Protection Act) apply. Beyond this, the affected party has a right of appeal to a responsible data protection supervisory authority (Art. 77 GDPR in connection with Art. 19 BDSG).
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent, which were provided to us prior to 25 May 2018, the date the GDPR became effective. Please consider that the revocation only applies to the future.
You have the right, for reasons related to your personal situation, to revoke your consent against the processing of your personalised data, which particularly in processed in accordance with Article 6, Sec. 1(f) GDPR. If you revoke your consent, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms. In particular, this includes that the processing of the data is mandatory for the assertion, exercise, or defence of legal claims.
Beyond this, you have the right, in accordance with Article 22 GDPR, not to be subject to fully automated decision making. We generally do not use any fully automated decision-making function for establishment, implementation, and termination of the business relationship. If we employ this process in individual cases (e.g., to improve our products and services) we will inform you about this as well as about your related rights, insofar as this is prescribed by law.
11. Obligation to provide data
Within the scope of our business relationship, you must provide the personalised data that is essential for the initiation, execution, and termination of that business relationship and for the fulfilment of the resulting contractual obligations or which we are legally obligated to collect. Without this data, we will generally not be in the position to conclude, execute, or terminate a contract with you.
The same applies when visiting our online offer and the collection of user data. Without the collection of usage data, neither we nor our service providers are in the position to provide you with our online offer.
We do not process your personal data in an automated manner that has any legal impact on you or similarly affect you in another significant way.