Privacy policy

Contact

mii ventures GmbH
Regerstraße 70a
22761 Hamburg
Germany

Commercial register, local court Hamburg, HRB 177268
Managing Director: Michael Schmitt

Phone number: +49 40 57309274
Email address: hello(at)mii.ventures

Introduction

Basic information on data processing and legal basis

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our online offer and the associated websites, functions, and content (hereinafter collectively referred to as "online offer" or "website"). The privacy policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) used on which the online offer is executed.

The terms used, such as "personal data" or their "processing," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

The personal data of users processed within the scope of this online offer includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of clerks, payment information), usage data (e.g., the web pages visited on our online offer, interest in our products) and content data (e.g., entries in the contact form).

The term "user" includes all categories of data subjects. They include our business partners, customers, interested parties, and other visitors to our online offer. The terms used, such as user, should be understood as gender-neutral.

We only process users' personal data in compliance with the relevant data protection regulations. This means that the users' data is only processed if legal permission exists. I.e., in particular, if the data processing is necessary for the provision of our contractual services (e.g., processing of orders) as well as online services or is required by law, consent of the user is available, as well as due to our legitimate interests (i.e., interest in the analysis, optimization and economic operation and security of our online offer in the sense of Art. 6 Par. 1 lit. f. GDPR, particularly for range measurement, creation of profiles for advertising and marketing purposes, and collection of access data and use of third-party services).

We point out that the legal basis of the consents Art. 6 Par. 1 lit. a. and Art. 7 GDPR, the legal basis for processing our services' performance and implementing contractual measures, Art. 6 Par. 1 lit. b. GDPR, the legal basis for processing to fulfill our legal obligations, Art. 6 Par. 1 lit. c. GDPR, and the legal basis for processing to protect our legitimate interests, Art. 6 Par. 1 lit. f. GDPR is.

User rights

Users have the right to obtain, upon request and free of charge, information about the personal data that we have stored about them.

In addition, users have the right to correct incorrect data, restrict processing and delete their personal data, assert their rights to data portability, and, in the event of the assumption of unlawful data processing, file a complaint with the competent supervisory authority.

Likewise, users may revoke consents, in principle, with effect for the future.

Data deletion

The data stored by us will be deleted as soon as it is no longer required for its intended purpose. The deletion does not conflict with any statutory retention obligations. If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e., the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

According to legal requirements, data is stored for 6 years by § 257 Par. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years following § 147 Par. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

Right of objection

Users may object to the future processing of their personal data following the legal requirements at any time. The objection can be made particularly against the processing for direct advertising purposes.

Changes to the privacy policy

We reserve the right to change the privacy policy to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies to declarations on data processing. Insofar as user consent is required, or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the users' permission.

Users are requested to inform themselves regularly about the content of the data protection declaration.

Security measures

We take organizational, contractual, and technical security measures state of the art to ensure that the provisions of data protection laws are complied with and protect the data processed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

The security measures include, in particular, the encrypted data transmission between your browser and our server.

Data transfer

Data is only passed on to third parties within legal requirements. We only pass on users' data to third parties if necessary, for example, based on Art. 6 Par. 1 lit. b) GDPR for contractual purposes or based on legitimate interests under Art. 6 Par. 1 lit. f. GDPR in the economical and effective operation of our business.

Suppose we use subcontractors to provide our services. In that case, we take appropriate legal precautions and corresponding technical and organizational measures to protect personal data following the relevant legal provisions.

If within the scope of this data protection declaration, content, tools, or other means are used by other providers (hereinafter collectively referred to as "third-party providers"), and their named registered office is located in a third country, it is to be assumed that a transfer of data to the third-party providers' countries of domicile takes place. Third countries are countries where the GDPR is not directly applicable, i.e., countries outside the EU or the European Economic Area. Data transfer to third countries occurs with adequate data protection, user consent, or an otherwise legal permission.

Service provision

We process inventory data (e.g., names and addresses and contact data of users), and contract data (e.g., services used, names of contact persons, payment information) to fulfill our contractual obligations and services under Art. 6 Par. 1 lit b. GDPR.

Users can optionally create a user account to view their orders in particular. The required mandatory information will be provided to users as part of the registration process. The user accounts are not public and cannot be indexed by search engines. If users have canceled their user account, their data concerning the user account will be deleted, subject to their retention is necessary for commercial or tax reasons following Art. 6 Par. 1 lit. c GDPR. It is the responsibility of the users to save their data in the event of termination before the end of the contract. We are entitled to delete all user data stored during the contract term irretrievably.

Within the scope of registration and renewed registrations and the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and the user's protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation under Art. 6 Par. 1 lit. c GDPR.

We process usage data (e.g., the visited web pages of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, e.g., to display product information to the user based on their previously used services.

Communication

Contact

When contacting us (via contact form or email), the user's details are processed to handle the contact request and its processing under Art. 6 (1) lit. b) GDPR.

The user's details may be stored in our customer relationship management system ("CRM system") or comparable inquiry organization.

Comments and contributions

When users leave comments or other contributions, their IP addresses are stored based on our legitimate interests within the meaning of Art. 6 Par. 1 lit. f. GDPR is kept for 7 days.

This is done for our security if someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we can be prosecuted for the comment or post and are therefore interested in the author's identity.

The user's details may be stored in our comment system or comparable inquiry organization.

Email communication and newsletter

We inform you about the contents of our newsletter and the registration, dispatch, statistical evaluation procedure, and your objection rights with the following information. You agree to receive it and the described techniques by subscribing to our newsletter.

We send newsletters, emails, and other electronic notifications with promotional information (from now on, "newsletter") only with the recipient's consent or a legal permission. Insofar as the contents of the newsletter are specifically described in the context of a registration, they are decisive for the users' approval. In addition, our newsletters contain information about our products, offers, promotions, and our company.

The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations to the newsletter are logged to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time and the IP address. Changes to your data stored with the shipping service provider are also logged.

Furthermore, according to its information, the shipping service provider may use this data in pseudonymous form, i.e., without assigning it to a user, to optimize or improve its services, e.g., for the technical optimization of the shipping and display of the newsletter or statistical purposes to determine which countries the recipients come from. However, the dispatch service provider does not use the data of our newsletter recipients to write to them themselves or to pass them on to third parties.

To subscribe to the newsletter, it is sufficient to enter your email address.

The newsletters contain a so-called "web beacon, i.e., a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. During this retrieval, technical information, such as information about the browser, your system, your IP address, and the recovery time, are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or send different content according to the interests of our users.

The use of the dispatch service provider, performance of the statistical surveys and analyses, and logging of the registration process are based on our legitimate interests under Art. 6 (1) lit. f GDPR. Our interest is directed toward using a user-friendly and secure newsletter system that serves our business interests and meets the users' expectations.

You can cancel the receipt of our newsletter at any time, i.e., revoke your consent. At the same time, your permission to dispatch the newsletter by the dispatch service provider and the statistical analyses will expire. Unfortunately, a separate dispatch cancellation by the dispatch service provider or the statistical analysis is impossible. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and canceled this subscription, their data will be deleted.

By the requirements of the Basic Data Protection Regulation (GDPR) applicable as of May 25, 2018, we inform you that the consent to sending email addresses is based on Art. 6 Par. 1 lit. a, 7 GDPR and § 7 Par. 2 No. 3, or Par. 3 UWG. The use of the dispatch service provider, performance of statistical surveys and analyses, and logging of the registration process are based on our legitimate interests under Art. 6 Par. 1 lit. f GDPR. Our interest is directed toward using a user-friendly and secure newsletter system that serves our business interests and meets the users' expectations. We would also like to point out that you can object to the future processing of your data by the legal requirements under Art. 21 GDPR at any time. The objection can be made particularly against the processing for direct advertising purposes.

Data collection

Collection of access data and log files

We collect based on our legitimate interests within the meaning of Art. 6 Par. 1 lit. f. GDPR, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Logfile information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the incident.

Cookies and reach measurement

Cookies are pieces of information that are transmitted from our web server or third-party web servers to users' web browsers, where they are stored for later retrieval. Cookies may be small files or other types of information storage.

We do not use any third-party cookies on this website, not even for pseudonymous reach measurement. We only set a cookie to store your language selection if it differs from your general browser settings.

Users who do not want cookies to be stored on their computer are asked to disable the corresponding option in their browser's system settings. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

Used services

Integration of third-party services and content

Within our online offer, we use content or service offers of third-party providers based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 Par. 1 lit. f. GDPR) to integrate content or services offered by third-party providers, such as videos or fonts (from now on uniformly referred to as "content"). This always requires that the third-party providers of this content are aware of the user's IP address since, without the IP address, they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device. It may contain, among other things, technical information about the browser and operating system, referring websites, time of the visit, and additional information about the use of our online offer, as well as be linked to such information from other sources.

The following presentation provides an overview of third-party providers and their content, along with links to their privacy statements, which contain further information on data processing and, in part, already mentioned here.

Plausible Analytics

We use Plausible Analytics, a web analytics service provided by Plausible Insights OÜ, Estonia, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 Par. 1 lit. f. GDPR).

Plausible Analytics is a fully open source web analytics provider hosted in the EU and powered by European-owned cloud infrastructure. It does not collect personal data and does not track you across devices, websites, or apps. It also does not use cookies or other persistent identifiers.

Plausible Analytics will use the collected information (page URL, HTTP referrer, browser, operating system, device type, country, region, city) on our behalf to evaluate the use of our online offer by users, compiling reports on the activities within this online offer and providing us with other services relating to the use of this online offer and internet usage. Plausible Analytics hashes your IP address and User-Agent and generates a random string of letters and numbers. This is used to calculate unique visitor numbers for the day. The raw data IP address and User-Agent are never stored in their logs, databases, or anywhere on disk at all.

By clicking on the following link, you can prevent collecting your data by Plausible Analytics. An opt-out flag will be set in your browser’s local storage, avoiding collecting your data during future visits to this website. If you delete your local storage, you must click this link again.

Please visit Plausible’s website for more information about Plausible’s data usage, settings, and opt-out options.

ConvertKit

We use ConvertKit on our website, a service for our email marketing. The service provider is the American company ConvertKit LLC, 750 W Bannock Street 761, Boise, ID 83702, USA.

ConvertKit also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union) or a data transfer there, ConvertKit uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, ConvertKit undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission.

Vercel

To provide our website and web apps, we use the cloud platform Vercel, provided by Vercel Inc., 340 S Lemon Ave #4133 Walnut, CA 91789, under a data processing agreement (Art. 28 GDPR). Each visit to our website will be handled or delivered through Vercel, which processes information, including IP addresses, system configuration information, and other information about traffic to and from our website, to operate, maintain and improve service. This data can help detect new threats, identify malicious third parties, and provide more robust security protection.

The processing of this data is technically necessary to enable the use of our website (Art. 6 (1) lit. b GDPR).

Last updated: 17 December 2022