top of page

Data Privacy Policy

This Data Protection Policy outlines how the association of Deep Tech Collective collects, processes, stores, and protects personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer") in compliance with current data protection law in Germany. This consists of General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). In the following, we provide detailed information regarding how, to what extent and for what purposes we collect and process your personal data. You can access this information at any time on our website.

​

Processing Activities

We use personal data for the purposes of managing membership, communications, event organization, volunteer coordination, team and board administration, community engagement, donor and supporter relations, and responding to contact requests in accordance with applicable data protection laws.
 

Legal Framework
 

Our data processing practices are guided by:

  • GDPR (General Data Protection Regulation)

  • BDSG (Federal Data Protection Act)
     

Data Protection Principles
 

We adhere to GDPR Article 5 principles:

  • Lawfulness, fairness, and transparency

  • Purpose limitation

  • Data minimization

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

  • Accountability
     

Lawful Bases for Processing
 

We process personal data based on:

  • Consent (Art. 6(1)(a) GDPR) 

  • Contract (Art. 6(1)(b))

  • Legal obligation (Art. 6(1)(c))

  • Legitimate interest (Art. 6(1)(f))

Link to all the above articles of GDPR: https://gdpr-info.eu/art-6-gdpr/

Special categories of data (e.g., gender identity, ethnicity) are only processed under Article 9 GDPR with explicit consent or legal necessity.
 

Data Subjects’ Rights
​

Individuals have the right to:

  • Access

  • Rectification

  • Erasure

  • Restriction

  • Objection

  • Portability

  • Lodge a complaint with the German Data Protection Authority (BfDI)
     

Data We Collect

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) DSGVO(https://dsgvo-gesetz.de/art-6-dsgvo/). The user's details may be stored in a customer relationship management system ("CRM system") or comparable inquiry organization. We delete the inquiries if they are no longer necessary. We review the necessity every two years; Furthermore, the legal archiving obligations apply.

We may collect the following data:

  • Identification data (e.g., name, date of birth)

  • Contact data (e.g., email, phone, address)

  • Content data (e.g., text input, photographs, videos)

  • Demographic data (e.g., gender, background, diversity indicators)

  • Donation/payment information

  • Event participation data

  • Usage data (e.g., web pages visited, interest in content, access times)

  • Meta/communication data (e.g., device information, IP addresses)
     

Data Sharing

We may share your personal data with trusted third parties such as service providers, partners, and public authorities when legally required. Data is only shared on the basis of consent, contract, legal obligation, or legitimate interest.
​
Third Country transfers

If we transfer personal data outside the EU/EEA, we ensure it is protected using safeguards compliant with GDPR (e.g., Standard Contractual Clauses).

​

Cookies and Website Tracking

​

We use essential cookies for website functionality. Non-essential cookies (e.g., analytics, social media) are only used with your consent. You can adjust cookie settings at any time through your browser or our cookie banner.
 

AI and Automated Tools
​

We use Artificial Intelligence (AI) tools in a limited and responsible manner to support activities such as content recommendations or event matchmaking.

  • Human Oversight: All AI-assisted tasks are reviewed or supervised by a human. We do not rely on fully automated decision-making that affects individuals' rights or legal status.

  • Transparency: Where AI is used, we clearly inform users and provide context on how it supports our services.

  • Data Minimization: In line with GDPR principles, we only provide AI systems with the minimum amount of data required to fulfill a task.

  • Privacy Protection: We avoid sharing or inputting personally identifiable information (PII) into AI tools, especially in chatbot or third-party services, unless it is strictly necessary and consent has been obtained.
     

We regularly review the use of AI tools to ensure they align with our data protection standards and ethical values.
​

Children’s Data
​

If we engage with individuals under 16:

  • Parental/guardian consent is obtained

  • Communications and activities are tailored to age-appropriate standards

 
Data Breach Protocol
​

In the event of a data breach, we follow GDPR-compliant procedures, including notifying the relevant authority (BfDI) within 72 hours when required, and informing affected individuals Data Protection Officer.

 
Board, Co-Founders, Members & Volunteer Guidelines
​

  • All team members must sign the Data Protection Agreement (DPA)

  • Access only necessary data

  • Store data securely

  • Delete unnecessary personal data promptly
     

bottom of page