The protection of your data has a particularly high priority for ruhr:HUB GmbH (in the following: our company). Already at this point we would like to inform you that we process personal data in accordance with the data protection regulations, in particular Regulation (EU) 2016/679 (General Data Protection Regulation; in the following: GDPR).

With this declaration we would like to inform you about the exact handling of data in our company in connection with the use of our Internet pages:

1. Definitions

This data protection declaration is essentially based on the terms and definitions of the GDPR. We would like to refer in particular to the definitions in art. 4 GDPR, which you can find freely accessible on the Internet (e.g. here). We would like to briefly describe the most important terms from our point of view:

"Personal data" shall mean any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data

"Recipient" means any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. Authorities which may receive personal data in the context of a specific investigation task under Union or Member State law shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in conformity with the purposes of the processing.

"The data subject's consent" shall mean any freely given specific, informed and unequivocal expression of his or her wishes in the form of a declaration or other unequivocal affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

2. Person responsible for data protection

Responsible in the sense of data protection law is:

ruhr:HUB GmbH
Lindenallee 10, 45127 Essen
represented by the managing directors
Oliver Weimann & Svenja Tietje
Phone: 0201 36537593
e-mail: info@ruhrhub.de

3. Data protection officer

In accordance with the legal requirements, we have not appointed a data protection officer. If you have any questions on the subject of data protection, please contact our management using the contact details above.

4. Which data is collected/processed?

a) Simple use of our internet pages

When you visit our website, the following data is recorded and stored by our server:

• Browser and operating system used,
• If applicable, the Internet page from which you are visiting our pages
• Date/time of your visit to our Internet pages,
• Your IP address,
• Your Internet provider

This data is required to be able to display our website at all, to improve the content of our website and to ensure the permanent functionality of our website.

It is not possible for us to identify you personally using this data only. For this purpose we would additionally need the data stored with third parties, especially the data stored with your internet provider. Your Internet provider knows which specific Internet connection was provided with the stored IP address at the time of your visit. If several persons use an Internet connection, it is not possible to determine the concrete person solely by means of the IP address. Your Internet provider is generally not authorized to provide us with the data stored by him. Only in the case of illegal behavior in connection with your IP address (e.g. attack of our systems via your IP address) would we forward the stored data to the law enforcement authorities, who may then be able to determine your identity by using the data of your Internet provider. The data of the server log files are stored separately from all personal data provided by a person concerned.

As far as these operations involve the processing of personal data, the legal basis for this is art. 6 para. 1 sentence 1 lit. f GDPR.

b) Cookies

Our website also uses so-called cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. By using cookies, we can provide more user-friendly services that would not be possible without cookies. For example, cookies offer the possibility to display goods stored in a shopping cart by you again when you visit the website again. You can deactivate the use of cookies at any time in the settings of your Internet browser. You can delete already stored cookies at any time in the settings of your Internet browser. Please note that deactivating cookies may result in limited use of our website. However, we would also like to point out that we mainly use so-called session cookies, which are automatically deleted at the end of your visit to our site.

Even cookies alone do not enable us to identify you personally, but only to recognize your browser or the terminal device you use.

As far as these operations involve the processing of personal data, the legal basis for this is art. 6 para. 1 sentence 1 lit. f) GDPR.

c) Use of our contact form

If you contact us via the contact form on our website, our company will collect and store the personal data you provide in the contact form.

This processing serves the purpose of further communication with you. The legal basis for the processing is the consent given by you by sending the contact form (art. 6 para. 1 p. 1 lit. a) GDPR). You can revoke your consent at any time (e.g. by email or letter). This also applies to the revocation of declarations of consent that were issued to us prior to the validity of the GDPR. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by your revocation.

The data will be deleted as soon as they are no longer required for the purpose of their collection. This is the case for the personal data from the input mask of the contact form when the respective communication with you has ended. The communication is terminated when it is clear from the circumstances that the matter in question has been finally clarified. If the contact is in connection with the conclusion of a contract, further retention periods may result from the law (tax code, commercial code, etc.).

d) E-mail/phone

If you contact us via email, we will process the personal data you provided in your e-mail/phone call for the purpose of further communication with you.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 sentence 1 lit. f GDPR. If the purpose of the contact is the conclusion of a contract, the additional legal basis for the processing is art. 6 para. 1 sentence 1 lit. b) GDPR.

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For personal data sent by e-mail/phone, this is the case when the respective communication with you has ended. The communication is terminated when it is clear from the circumstances that the matter in question has been finally clarified. If the contact is in connection with the conclusion of a contract, further retention periods may result from the law (tax code, commercial code, etc.).

e) Registration function

Users can create a user account by us. During the registration process, the required mandatory data will be communicated to the users again and requested by them. We process the data entered during registration for the purpose of using the offer. Users can be informed by e-mail about information relevant to the offer or registration, such as changes in the scope of the offer or technical circumstances. The legal basis for this is the consent you have given during registration (art. 6 para. 1 p. 1 lit. a) GDPR). If users have terminated their user account, their data relating to the user account will be deleted, unless it is necessary to keep them for reasons of commercial or tax law. The legal basis for the processing would then be art. 6 para. 1 lit. c) GDPR. If an order/contract is placed using the registration/login on our website, the data provided by you will be used to carry out the contractual relationship. The legal basis is then art. 6 para. 1 lit. b) GDPR.

In the context of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. As a matter of principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so. By linking your IP address with the information you provided during registration, your IP address also becomes a personal date for us.

5. Your rights

You are entitled to the following rights:

• Right to information according to article 15 GDPR
• Right of rectification under article 16 GDPR
• Right of deletion according to article 17 GDPR
• Right to restrict processing under article 18 GDPR
• Right of objection under article 21 GDPR
• Right to data transferability from article 20 GDPR
• Right of appeal to a data protection supervisory authority (e.g. State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf, Tel.: 0211/38424-0, Fax: 0211/38424-10, E-Mail: poststelle@ldi.nrw.de).

6. Transfer of data

Personal data will only be passed on to third parties with your express consent, unless otherwise stated in this privacy policy. The only exceptions to this are statutory disclosure obligations and - if necessary - disclosure to service providers commissioned by us, such as tax consultants, lawyers and/or auditors. We will always oblige service providers commissioned by us to maintain secrecy and to comply with the applicable data protection regulations, unless such an obligation already exists by law.

We store data with an external hosting provider. In doing so, we make use of the following hosting services to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services. We need all these services to operate our online offer. In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of our online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with art. 6 para. 1 lit. f GDPR in conjunction with art. 28 GDPR.

7. Third-party/social media plug-ins (Facebook, YouTube, Google analytics etc.)

a) Google Analytics

We have integrated the Google Analytics component (with anonymization function) on our website. Google Analytics is a web analysis service. Web analysis is the collection, collection and evaluation of data on the behavior of visitors to websites. Among other things, a web analysis service collects data about which website a person concerned came to a website from (so-called referrers), which sub-pages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and for cost-benefit analysis of Internet advertising. The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. We use the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By using this addition, the IP address of the Internet connection of the person concerned is shortened by Google and made anonymous if the access to our Internet pages is from a member state of the European Union or from another state that is a signatory to the Agreement on the European Economic Area. The purpose of the Google Analytics component is the analysis of visitor flows on our website. Google Analytics sets a cookie on the information technology system of the person concerned. You can read about what cookies are in section 4 above. By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website, which is operated by the data controller and on which a Google Analytics component has been integrated, is called up, the Internet browser of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. In the course of this technical procedure, Google receives knowledge of data such as the IP address of the person concerned, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements. By using the cookie, personal information such as the access time, the location from which an access originated and the frequency of visits to our website by the person concerned is stored. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

You can prevent the setting of cookies by our website, as already described above, at any time by using a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies and delete cookies already set. Furthermore, you have the possibility to object to and prevent the collection of data generated by Google Analytics and related to the use of this website and the processing of this data by Google. To do this, you must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as a contradiction. If your information technology system (PC, etc.) is deleted, formatted or reinstalled at a later date, you must reinstall the Browser Add-On to deactivate Google Analytics.

Further information and Google's applicable data protection regulations can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.

b) Google Maps

This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an attractive presentation of our online offers and to make it easy to find the places we have indicated on the website. This represents a legitimate interest in the sense of art. 6 para. 1 lit. f GDPR.

More information on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/

c) MailChimp

This website uses the services of MailChimp for sending newsletters. Provider is the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service that can be used to organize and analyze the sending of newsletters. If you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on the servers of MailChimp in the USA. MailChimp is certified according to the "EU-US-Privacy-Shield". The "Privacy-Shield" is an agreement between the European Union (EU) and the USA, which is intended to ensure compliance with European data protection standards in the USA.

With the help of MailChimp we can analyze our newsletter campaigns. When you open an e-mail sent with MailChimp, a file contained in the e-mail (so-called web-beacon) connects to the servers of MailChimp in the USA. This way it can be determined whether a newsletter message was opened and which links were clicked on, if any. Furthermore, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). We do not use this data for personalized evaluations. They are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not want to receive any analysis by MailChimp, you have to unsubscribe the newsletter. For this purpose we provide a link in every newsletter message. You can also unsubscribe directly on the website.

The data processing is based on your consent (art. 6 para. 1 lit. a) GDPR). You can revoke this consent at any time by unsubscribing the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with to subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data which is stored for other purposes (e.g. e-mail addresses for the member area) remains unaffected.

You can find more details in the privacy policy of MailChimp at: https://mailchimp.com/legal/terms/.

d) Zoom

For the purpose of conducting telephone conferences, online meetings, video conferences and/or webinars, we use the services of "Zoom". "Zoom" is a service of Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.

When using the services of "Zoom" the following personal data is processed - depending on the information provided by the user: First name, last name, telephone (optional), e-mail address, profile picture (optional), participant IP addresses, device/hardware information; you may be able to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Zoom" applications. For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

We have concluded a contract with the provider of "Zoom" that meets the requirements of art. 28 GDPR. An adequate level of data protection is guaranteed by the "Privacy Shield" certification of Zoom Video Communications, Inc. on the one hand, but also by the fact that we have agreed with "Zoom" that data processing will take place exclusively on European servers.

The legal basis for the data processing is art. 6 para. 1 lit. a) GDPR, as the use of the services on our homepage requires the corresponding consent. This consent can be informally revoked at any time with effect for the future.

We also refer to the Zoom data protection declarations at: https://zoom.us/de-de/gdpr.html

e) Matchmaker.Ruhr

We also use the service "Matchmaker.Ruhr" on our site. This is a service of Innoloft GmbH, c/o digitalHUB Aachen, Jülicher Straße 72a, 52070 Aachen. The privacy policy of Innoloft GmbH can be found here: https://innoloft.com/public/de/data-privacy/

Matchmaker.Ruhr connects start-ups with the leading industrial partners from the Ruhr area. Through the platform, start-ups gain easier access to the business ecosystem of the region with the help of the Innovation Bridges and the partners. Innovations are created through international cooperation. Through the use of Matchmaker.Ruhr the personal data provided there will be processed.

The legal basis for the processing is art. 6 para. 1 lit. a) GDPR, based on the consent given before the use of Matchmaker.Ruhr. The consent can be informally revoked at any time with effect for the future.