Data processing via the MedTech Entrepreneurs Management GmbH website can essentially be split into two categories:
• In order to provide the investor area and guarantee the best possible service for our investors, all necessary data is processed by MedTech Entrepreneurs Management GmbH. If third parties, e.g. portfolio companies, are involved in the respective project, your data will be shared with them as necessary.
• Visiting the MedTech Entrepreneurs Management GmbH website prompts various information to be exchanged between your end device and our server. This may also include personal data. The collected information is used for purposes such as optimising our website or displaying advertising in your end device’s browser.
Under the GDPR, you have various rights which you may assert against us. These include the right to object to selected forms of data processing, particularly data processing for advertising purposes. The possibility of objection is highlighted in the text.
2. Name and contact details of the party responsible for processing
3. Purpose of data processing, legal bases and justified interests pursued by MedTech Entrepreneurs Management GmbH or third parties, and types of recipients
3.1 Visiting our website
When visiting our website, the browser used on your end device automatically sends information to our website’s server, and temporarily stores it in a “log file”. We have no influence on this. The following information is recorded without any involvement from you and stored until automatically deleted:
• The IP address of the requesting Internet-enabled device,
• The time and date of the visit,
• The name and URL of the retrieved file,
• The website from which our website was accessed (referrer URL),
• The browser used by you, the operating system of your Internet-enabled computer (if applicable), and the name of your access provider.
The legal basis for processing IP addresses is Art. 6 Para. 1 f) GDPR. Our justified interest is based on the data-collection purposes listed below. We wish to advise here that we cannot, and will not, connect the collected data to your identity in any way.
We use your end device’s IP address and the other data listed above for the following purposes:
• To ensure a smooth connection,
• To ensure comfortable use of our website,
• To analyse system security and stability, and
• Other administrative purposes.
The data is stored for the duration of the respective session, and then automatically deleted when the browser is closed. We also use “cookies”, tracking tools and a CRM system for our website. Point 3.4 below provides more detailed information on these specific processes and how your data is used in them.
3.2 Investors area
Data processing when logging into the investors area
The aim of MedTech Entrepreneurs Management GmbH work is to invest in healthcare businesses. We consider ourselves a platform for bringing investors, young businesses and expertise together. We give investors the opportunity to log into a secured investors area on our website. The purpose of this area is to provide information.
In this context, we process the data required to log into and run our investors area. This data includes:
• First and last name of person responsible,
• Membership of a company or organisation,
• Account details,
• Email address,
• Copy of ID,
• The transmitted data,
• Communication data,
• Other contact details,
• Date of birth.
The legal basis for this is Art. 6 Para. 1 b) GDPR. If we do not use your contact details for promotional purposes (see point 3.3 below), we store the data collected to run the investors area until the legal statutes of limitations elapse. Once said deadline has passed, we store the contractual information required under commercial and tax law for the legally stipulated periods. During this time (usually ten years from the date of contract conclusion), the data is only reprocessed in the event of an assessment by the tax authorities.
3.3 Newsletter mailings
3.3.1 Newsletter subscription via double opt-in
On our website, we give you the option of subscribing to our newsletter. To ensure no errors occur when entering the email address, and that it is the correct address of the owner, we use what is known as the double opt-in process: Once you have entered your email address in the registration field, we will send you a confirmation link. Only if you click this confirmation link will your email address be added to our mailing list. You may revoke your consent to this at any time by simply sending a short email to the address provided under point 2.
3.3.2 Right of objection
You may object to data processing for the aforementioned purposes at any time, free of charge. This may be done separately for each respective communication channel, and will take effect for the future (but not retrospectively). This may be done via email or letter. Please use the contact options provided for our data protection officer under point 2.
3.4 Online presence and website optimisation
3.4.1 Cookies – General information
Our website uses “cookies” based on Art. 6 Para. 1 f) GDPR. Our interest in optimising our website is thus considered justified under the aforementioned regulation. Cookies are small files automatically created by your browser and stored on your end device (laptop, tablet, Smartphone or similar) when you visit our site. Cookies do not harm your end device and do not contain any viruses, Trojans or other malware. The cookie stores information produced in relation to the specific end device used. This does not mean, however, that we automatically find out your identity. One of the reasons for using cookies is to make your visit to our website more pleasant.
3.4.2 Session cookies
When you visit our website, we use “session cookies” to identify the fact that you have already visited certain pages of our website or have already logged into your investor account. These cookies are automatically deleted once you leave our site.
If you have an investor account with MedTech Entrepreneurs Management GmbH and are logged in or have enabled your browser’s “stay logged in” function, the information stored in the cookies is [text missing] to your customer account.
Most browsers accept cookies automatically, but you can configure your browser so that it does not store cookies on your computer or always alerts you before a new cookie is created. Completely disabling cookies may, however, mean you are unable to use all the functions of our website. The duration for which cookies are stored depends on the purpose and is not the same for all cookies.
3.4.3 Google Analytics
To tailor the design and keep optimising our website, we use the Google Analytics analysis service run by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”), based on Art. 6 Para. 1 f) GDPR. This involves creating pseudonymised usage profiles and using cookies. The information generated by the cookie in relation to your use of this website, such as
• Browser type/version,
• Operating system used,
• Referrer URL (the previously visited site),
• Host name of the accessing computer (IP address),
• Time of server request,
is sent to a Google server in the USA, where it is stored. The information is used to analyse website usage, compile reports on the activities and render other services associated with use of the website and Internet for the purposes of market research and to customise this website. This information may also be sent to third parties insofar as this is stipulated by law or if third parties process this data on the company’s behalf. Under no circumstances will your IP address be combined with other Google data. IP addresses are anonymised to prevent any such linking (“IP masking”).
You may stop cookies from being installed on your computer by adjusting your browser software settings accordingly. Please note, however, that this may mean you are unable to use all the functions of our website to their full extent. You may also prevent Google from recording and processing the data generated by the cookie in relation to your website usage (incl. IP address) by downloading and installing this browser add-on. As an alternative to the browser add-on, particularly for browsers on mobile end devices, you can also stop Google Analytics from recording data by clicking this Link. This creates an opt-out cookie which prevents your data from being recorded during future visits to this website. Please note that the opt-out cookie is only valid in the browser being used, only for our website and is stored on your device. If you delete the cookies in this browser, you will have to create another opt-out cookie. Further information on privacy in relation to Google Analytics is available on the Google Analytics website.
3.4.4 Google Maps embedding
We use the Google Maps API run by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”) on our website, based on Art. 6 Para. 1 f) GDPR. This enables us to display interactive maps for you directly on our website and enables you to conveniently use the map function. A cookie may be used in this context. The information generated by the cookie in relation to your use of our website includes:
• The visit to the relevant subpage,
• Browser type/version,
• Operating system used,
• Referrer URL (the previously visited site),
• Host name of the accessing computer (IP address)
• Time of server request.
4. Recipients outside the EU
With the exception of the processing described in point 2.4, we do not share your data with recipients based outside the European Union or European Economic Area. The processing mentioned under point 2.4 involves sending data to servers run by our contracted web analysis technology provider (see above). These servers are located in the USA. The data is transmitted in accordance with the so-called Privacy Shield, and based on the EU Commission’s Standard Contractual Clauses. We can provide you with a copy of these Standard Contractual Clauses.
5. Your rights
In addition to the right to revoke consents you have given us, you are also entitled to the following rights, provided the respective legal requirements are met:
• Right to information about your personal data stored by us, as per Art. 15 GDPR,
• Right to correct incorrect data or to complete correct data, as per Art. 16 GDPR,
• Right to delete your data stored by us, as per Art. 17 GDPR,
• Right to limit the processing of your data, as per Art. 18 GDPR,
• Right to data transmissibility, as per Art. 20 GDPR.
To assert your rights, simply let us know by using one of the aforementioned contact options.
5.2 Right of objection
Under the requirements of Art. 21 Para. 1 GDPR, you can object to the processing of data for reasons relating to the affected person’s specific situation.
6. Data security
All data sent by you personally, including your payment details, is transmitted via the conventional, secure SSL (Secure Socket Layer) standard. SSL is a secure, tried-and-tested standard which is also used in areas such as online banking. One of the ways you can recognise a secure SSL connection is the extra s on the http (i.e. https://…) in your browser’s address bar or the lock symbol at the bottom of your browser.
We also use suitable technical and organisational security measures to protect your personal data stored with us from tampering, full or partial loss and unauthorised access by third parties.