Skip to content
Legal · Datenschutz

Privacy Policy

How BeFunded collects, uses and protects your personal data under the GDPR.

1. Data protection at a glance

General information. The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information is set out below.

Who is responsible? Data processing on this website is carried out by the website operator, whose contact details are in “Information on the controller” below.

How we collect your data. Some data is collected when you provide it to us, for example in a contact form. Other data is collected automatically or with your consent when you visit the website, in particular technical data (e.g. internet browser, operating system, or time of the page request).

What we use your data for. Part of the data is collected to ensure the website is provided without errors. Other data may be used to analyse how you use the site, with your consent.

Your rights. You have the right to receive information about the origin, recipients, and purpose of your stored personal data free of charge at any time, to request its correction or deletion, to withdraw consent, and, under certain circumstances, to request restriction of processing. You also have a right to lodge a complaint with the competent supervisory authority. A full description is set out in our GDPR / Data Subject Rights notice.

2. Hosting

This website is hosted externally. The personal data collected here is stored on the servers of the host. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

External hosting takes place to fulfil our contract with potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast and efficient provision of our online services (Art. 6(1)(f) GDPR). Where consent has been requested, processing is based on Art. 6(1)(a) GDPR and Section 25(1) TDDDG; consent can be withdrawn at any time. Our host processes your data only to the extent necessary to fulfil its performance obligations and follows our instructions.

We use the following host: SiteGround, Calle de Prim 19, 28004 Madrid, Spain (CIF: B87194171). We have concluded a data processing agreement with this provider pursuant to Art. 28 GDPR.

3. General information and mandatory disclosures

Data protection. We take the protection of your personal data very seriously and treat it confidentially and in accordance with statutory data protection regulations and this privacy policy. Data transmission over the internet (e.g. email) can have security gaps; complete protection against third-party access is not possible.

Information on the controller. The controller responsible for data processing on this website is:

BeFunded — Wheels & Wings Lab GmbH
Rathausgasse 17
12529 Schönefeld, Germany
Email: services@be-funded.de

Storage period. Unless a more specific period is stated, your personal data remains with us until the purpose for processing no longer applies. On a justified deletion request or withdrawal of consent, your data is deleted unless we have other legally permissible reasons for storing it (e.g. tax or commercial-law retention periods); in that case deletion takes place once those reasons no longer apply.

Legal bases. Where you have consented, we process data on the basis of Art. 6(1)(a) or Art. 9(2)(a) GDPR. For third-country transfers with explicit consent, Art. 49(1)(a) GDPR also applies. For cookies/device access with consent, Section 25(1) TDDDG applies. For contract performance or pre-contractual measures we rely on Art. 6(1)(b) GDPR; for legal obligations on Art. 6(1)(c) GDPR; and otherwise on our legitimate interest under Art. 6(1)(f) GDPR. The applicable basis in each case is set out in the relevant section.

Recipients of personal data. We work with various external parties and in some cases transfer personal data to them, only where necessary for contract performance, where we are legally obliged (e.g. transfer to tax authorities or to the research-allowance certification body, BSFZ), where we have a legitimate interest under Art. 6(1)(f) GDPR, or where another legal basis permits. When using processors, we transfer data only on the basis of a valid data processing agreement; joint processing is covered by a joint controller agreement.

SSL / TLS encryption. For security, this site uses SSL/TLS encryption, recognisable by “https://” and the lock symbol in your browser. When activated, the data you transmit to us cannot be read by third parties.

4. Data collection on this website

Cookies. Our website uses cookies, which do no harm to your device. They are stored temporarily (session cookies) or permanently (persistent cookies) and may be first-party or third-party. Necessary cookies are stored on the basis of Art. 6(1)(f) GDPR; where consent has been requested, processing is based on Art. 6(1)(a) GDPR and Section 25(1) TDDDG and can be withdrawn at any time. You can configure your browser to manage or delete cookies; disabling them may limit functionality.

Consent management. We use a consent management tool (cookie banner) to obtain, manage and document your consent. Technologies that require consent are only loaded after you have given it. You can change or withdraw consent at any time via the cookie settings.

Server log files. The provider automatically collects and stores information your browser transmits: browser type and version, operating system, referrer URL, host name, time of the request and IP address. This data is not merged with other sources and is collected on the basis of Art. 6(1)(f) GDPR (legitimate interest in error-free presentation and optimisation).

Contact form. If you send enquiries via the contact form, your details including the contact data provided are stored for processing the enquiry and any follow-up questions. We do not pass this on without your consent. Processing is based on Art. 6(1)(b) GDPR (contract/pre-contractual), otherwise on our legitimate interest (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR). The data remains until you ask us to delete it, withdraw consent, or the purpose no longer applies; statutory retention periods remain unaffected.

Enquiry by email or fax. If you contact us by email or fax, your enquiry and all resulting personal data is stored and processed to handle your request, on the same legal bases as above and not passed on without your consent.

5. Analytics and tag management

Google Tag Manager. Provided by Google Ireland Limited, Dublin. The Tag Manager itself does not collect personal data as user profiles and sets no cookies of its own; it triggers and manages other tools, which are only loaded after consent via our cookie banner. Legal basis: Art. 6(1)(f) GDPR, or Art. 6(1)(a) GDPR and Section 25(1) TDDDG where consent is requested.

Google Analytics. A web analytics service by Google Ireland Limited, used only after your consent via our cookie banner. Legal basis: Section 25(1) TDDDG and Art. 6(1)(a) GDPR. In GA4, IP addresses are not stored persistently and location data is shortened; user and event data is retained for a maximum of 14 months. Data may be transferred to Google LLC in the USA (see section 7).

Google reCAPTCHA. Provided by Google Ireland Limited, reCAPTCHA checks whether input is made by a human or an automated program by analysing visitor behaviour (e.g. IP address, time on site, mouse movements). Legal basis: Art. 6(1)(f) GDPR (protection from abusive automated access and spam), or Art. 6(1)(a) GDPR and Section 25(1) TDDDG where consent is requested. Google is certified under the EU-U.S. Data Privacy Framework.

6. Plugins and tools

Google Fonts (local hosting). This site uses Google Fonts for a uniform display, installed locally. No connection to Google’s servers takes place when you visit our website.

7. International data transfers

Some providers we use (in particular Google and our newsletter provider Mailchimp) may process personal data in the United States. For transfers to the USA we rely on the European Commission’s adequacy decision of 10 July 2023 on the EU-U.S. Data Privacy Framework (DPF) where the recipient is certified. Google LLC and Mailchimp (via Intuit) are certified under the DPF (verifiable at www.dataprivacyframework.gov). As an additional safeguard, these providers also incorporate the Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. A transfer only takes place where the requirements of Chapter V GDPR are met.

8. Newsletter

If you wish to receive our newsletter, we require an email address and confirmation that you own it and consent to receiving the newsletter. We use this data exclusively for sending the requested information and do not pass it to third parties. We use the double opt-in procedure and log registration and confirmation. Processing is based on your consent (Art. 6(1)(a) GDPR); Section 7 UWG also applies to email advertising. You can withdraw consent at any time, for example via the “unsubscribe” link. After unsubscribing, your email address may be stored in a blacklist solely to prevent future mailings (legitimate interest, Art. 6(1)(f) GDPR).

Mailchimp. We send newsletters using Mailchimp (The Rocket Science Group LLC, an Intuit company, Atlanta, USA). The data you provide is stored on Mailchimp’s servers, which also enable campaign analysis (e.g. opens and clicks). Mailchimp processes this on our behalf under a data processing agreement pursuant to Art. 28 GDPR; the US transfer is safeguarded as described in section 7. If you do not want analysis by Mailchimp, you must unsubscribe.

9. Your rights

You have the right to information, rectification, erasure, restriction of processing, data portability and objection, as well as the right to withdraw consent and to lodge a complaint with a supervisory authority. A full description and how to exercise these rights is set out in our GDPR / Data Subject Rights notice.