General Privacy and Personal Data Protection Policy – D-HUB

LAST UPDATED: MARCH 2, 2024

Your privacy is of utmost importance to D-HUB. This privacy policy outlines the various kinds of personal information we collect and how we utilize it. The policy is applicable to everyone who engages with us online, especially via our website www.dhub.org, and any other websites we manage, as well as individuals whose personal data we collect in other ways.

1.  INTRODUCTION

This Privacy Policy sets out the principles for the collection and processing of personal data of current and potential wards/contractors of the D-HUB’s activities. (hereinafter: “D-HUB”, “we”, “us” and “our”), including visitors to the website (hereinafter collectively “Users”). D-HUB respects your privacy. Regardless of whether you are acting in your relationship with us, as a ward/contractor, consumer, person interested in our services and products, etc., you have the right to the protection of your Personal Data. This data may refer to your name, telephone number, e-mail address, but also other data,) etc.

This General Privacy and Data Protection Policy (hereinafter, the “Policy”) describes how we collect your Personal Data and why we collect it, what we do with your Personal Data, who we share it with, how we protect it, and the choices you can make about your Personal Data.

This Policy applies to the processing of Personal Data within the various services, tools, applications, websites, portals, sales promotions (online), marketing campaigns, sponsored social media platforms, etc. that are provided or operated by us or on our behalf. This Policy contains general principles and explanations. It is supplemented by separate duty of information clauses relating to the aforementioned specific services, tools, applications, websites, portals, sales promotions (online), marketing activities, sponsored social media platforms, etc., which are provided or operated by us or on our behalf. These information obligation clauses will be provided to you when your Personal Data is processed as part of the aforementioned activities (for example, through websites, portals, individual communication services, newsletters, reminders, surveys, offers, events, etc.).

This Policy applies to all Personal Data collected and used by (or on behalf of) D-HUB.

If you accept the provisions of this Policy, you also consent to the processing of your Personal Data as set out in this Policy.

At the end of this Policy you will find definitions of key terms used in this Policy with capital letters (e.g. Personal Data, Processing, Data Controller).

2.  WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

The entities responsible for the Processing of your Personal Data are: D-HUB is represented by New Venture Fund. For individuals in the European Economic Area (“EEA”), D-HUB represented by New Venture Fund is considered to be the “controller” of your personal data.

3.  WHO CAN YOU CONTACT IF YOU HAVE QUESTIONS OR REQUESTS? DATA PROTECTION CONTACT POINT

D-HUB has established a Data Protection Contact Point to answer your questions and requests related to this Policy, the information obligation clauses, your Personal Data (and their Processing).

If you have any questions, complaints relating to the application of this Policy and the Processing of Personal Data or requests relating to your rights, you may contact via the Data Protection Point of Contact:

by letter using the address:

D-HUB
New Venture Fund
1828 L Street NW
Suite 300 – A
Washington, DC 20036

by e-mail at:

privacy@newventurefund.org and complains@dhub.org.

4.  KEY PRINCIPLES

We care about the Personal Data entrusted to us and are committed to processing it in a fair, transparent and secure manner. To this end, the D-HUB applies the following principles:

    • Lawfulness: we will only collect and process your Personal Data in a lawful, fair and transparent manner.

    • Data Minimisation: we will limit the collection of your Personal Data to what is adequate and necessary to achieve the purposes for which it was collected.

    • Purpose limitation: we will only collect your Personal Data for specific, explicit and legitimate purposes and will not process your Personal Data in a manner incompatible with those purposes.

    • Correctness: we ensure that the Personal Data held is correct and up to date.

    • Data security and protection: in order to ensure data security and protection at an appropriate level, we implement technical and organisational measures, taking into account, among other things, the nature of the Personal Data to be protected. Such measures are designed to prevent unauthorised disclosure or access, unlawful destruction or accidental loss of data, alteration or any other unlawful form of Processing.

    • Access and rectification: we will process your Personal Data in such a way as to ensure that you can confirm whether or not your Personal Data is being processed, and that you can access your Personal Data and obtain the information you have requested, together with a request to rectify your Personal Data in accordance with your rights.

    • Limited retention period: we will retain your Personal Data in a manner consistent with applicable data protection laws and regulations and for no longer than is necessary to achieve the purposes for which it was collected or when required by law.

    • Protection in case of international transfer: we will ensure adequate protection of your Personal Data in case of transfer, in particular the transfer of the personal data collected from countries of the EEA to countries outside the EEA.

    • Third Party Safeguards: we will ensure that access to Personal Data by third parties (and transfer of Personal Data to them) is carried out in accordance with applicable law and appropriate contractual safeguards.

    • Legality of direct marketing and the use of cookies: we ensure that the sending of promotional material and the placing of cookies on your computer is carried out in accordance with applicable law.

5.  PROCESSING OF YOUR PERSONAL DATA: WHAT PERSONAL DATA WE COLLECT AND ON WHAT LEGAL BASIS

Whenever you are asked to provide your Personal Data, you will be clearly informed which of your Personal Data is being collected. This information will be communicated to you in the form of an appropriate information obligation clause included with certain services (including communication services), web portals, electronic newsletters, reminders, surveys, offers, etc.

Please note that we only collect your Personal Data if

    1. you have given your consent to the Processing (as described in the disclosure clause relating to that particular Processing), or

    2. it is necessary for the performance of a contract to which you are a party, when you entered into a contract with us.or

    3. in the case of a specific Processing, we act on the basis of our legitimate interest, provided that your interests or fundamental rights and freedoms do not override it. The existence of such legitimate interest will be duly communicated to you in the form of an information obligation clause relating to that specific Processing; this is required by law.

You always have the right to withdraw your consent at any time without giving any reasons for doing so: in this case we delete your personal data immediately.

6.  FOR WHICH PURPOSES WE PROCESS YOUR PERSONAL DATA

We will only process your Personal Data for specific, explicit and legitimate purposes and will not further process your Personal Data in a manner incompatible with those purposes.

Such purpose may be, to improve the quality of our services based on your feedback on your visit to one of our websites or portals, to improve the quality of our products or services in general, to offer services or applications, communication and marketing activities, etc. The purpose of each Processing of your Personal Data is set out in the specific information obligation clause relating to that particular Processing. Information on specific Duty of Information clauses is made available, for example, through websites or portals, in applications, electronic newsletters, etc.

7.  PROCESSING OF PERSONAL DATA IN SUCH A WAY AS TO ENSURE THAT THEY ARE ACCURATE AND UP-TO-DATE

Keeping your data accurate and up-to-date is very important to us. We ask that you inform us of any changes or errors in your Personal Data as soon as possible by contacting us via the Data Protection Point of Contact (see section 3 “Who can you contact with questions or requests?” for details). We will take appropriate steps to ensure that any incorrect or outdated Personal Data is deleted or adjusted accordingly.

8.  ACCESS TO YOUR PERSONAL DATA

You have the right to access your Personal Data that we process and, if your Personal Data is inaccurate or incomplete, to request that we correct or delete your Personal Data. If you require further information regarding your privacy rights or would like to exercise these rights, please contact us via the Data Protection Point of Contact (see section 3 “Who can you contact with questions or requests?” for details).

9.  HOW LONG WE KEEP YOUR PERSONAL DATA

We will store your Personal Data in a manner that complies with data protection legislation. We will only retain your Personal Data for as long as necessary for the purposes for which we process your Personal Data or for compliance with the law or where retention of your data for a period of time is required by law. For information on how long specific Personal Data will be retained before it is deleted from our systems and databases, please contact us via the Data Protection Point of Contact (see section 3 “Who can you contact with questions or requests?” for details). Relevant information will also be provided in the specific information obligation clauses that will be provided to you when your Personal Data is processed.

10.  PROTECTION OF YOUR PERSONAL DATA

We have employed an appropriate set of technical and organisational measures to ensure that your Personal Data is protected against accidental or unlawful destruction, loss, modification, unauthorised disclosure or unauthorised access to your Personal Data. These have been specifically designed taking into account our IT infrastructure, the potential impact on your privacy and associated costs and in accordance with current industry standards and practice.

Your Personal Data may be subject to processing by a Third Party Data Processor only if that Data Processor undertakes to apply these technical and organisational data security measures.

Maintaining data security means protecting the confidentiality, integrity and availability of personal data:

    • Confidentiality: we will protect your Personal Data from unwanted disclosure to third parties.

    • Integrity: we will protect your Personal Data from modification by unauthorised third parties.

    • Accessibility: we will ensure that authorised parties are able to access Personal Data when required.

Our data security procedures include: access security, backup systems, monitoring, review and maintenance of systems, security incident management and business continuity assurance, etc.

11.  USE OF COOKIES OR SIMILAR TOOLS

We use cookies on our website. This enables us to make your browsing experience more comfortable and allows us to make improvements to our website.

12.  DISCLOSURE OF PERSONAL DATA

Depending on the purposes for which we collect your Personal Data, we may disclose your Personal Data to the following categories of recipients who will then, solely for the purposes indicated, process your Personal Data:.

1.  As part of our activities:

Our authorised employees;

2.  External business partners:

D-HUB Service Providers: companies that provide services to or on behalf of D-HUB for the purpose of providing such services (for example, D-HUB may disclose your Personal Data to third-party IT-related service providers). For individuals in the EEA, D-HUB Service Providers are considered to be the “processors” of your personal data.

3.  (c) Other third parties:

where this is required by law or is legally necessary to protect the D-HUB:

    • for compliance with the law, requests from state authorities, court orders, legal procedures, obligations to report and provide information to authorities, etc

Please note that the third party recipients listed in (b) above – particularly service providers who may offer products and services through services or applications or through their own channels – may collect Personal Data from you separately. In such case, these entities are solely responsible for the processing and control of such Personal Data, and your interactions with them will be subject to their terms and conditions.

13.  USE OF SOCIAL MEDIA AND THIRD-PARTY SERVICES

If, when using a D-HUB tool and/or (website, portal…) you use a specific social media login (for example, Zoom account, Google, or Facebook account etc.), the D-HUB will register your Personal Data available on such social media and the use of such social media means that you have expressly consented to the transfer of the Personal Data registered by the D-HUB through the tools of that social media.

D-HUB sometimes facilitates the publication of Personal Data via social media such as Twitter and Facebook. Social media have their own privacy policies, which you must take into account if you use such social media. We would like to remind you that publishing content on social media may have certain consequences, including for your privacy or the privacy of the persons whose Personal Data you provide, e.g. the impossibility to withdraw the published content within a short period of time. You are fully responsible for what is published by you. The D-HUB assumes no liability in this respect.

14.  TRANSFER TO COUNTRIES OUTSIDE THE EEA

Your Personal Data may be transferred to recipients who are located outside the EEA and may be Processed by us and recipients outside the EEA. In relation to any transfer of your Personal Data to countries outside the EEA, D-HUB will put in place appropriate measures to ensure an adequate level of protection for your Personal Data. These measures may, for example, consist of agreeing binding contractual clauses with recipients that guarantee an adequate level of protection.

We will always clearly inform you when your Personal Data is transferred outside the EEA. This information will be provided to you via a separate information obligation clause, which will, for example, be included in certain services (including communication services), electronic newsletters, reminders, surveys, offers, invitations to events, etc.

15.  YOUR RIGHTS CONCERNING YOUR PERSONAL DATA

We want to make our operations as transparent as possible to you so that you can make reasonable choices about how we are to use your Personal Information.

Your Personal Data

You can always contact us via the Data Protection Point of Contact (see section 3 “Who can you contact with questions or requests?” for details) to find out what Personal Data we have about you and its origin. In certain circumstances, you have the right to receive a copy of the Personal Data you have provided to us in a commonly used, structured machine-readable format or to request a transfer of your Personal Data to any third party of your choice.

Your amendments

If you find an error in your Personal Data or if you consider it to be incomplete, outdated or incorrect, you may request us to correct or complete it.

Your request to restrict

You have the right to request the restriction of the Processing of your Personal Data (e.g. if the accuracy of your Personal Data is contested, if your Personal Data is not needed for the purposes of the Processing).

Your objections

You may object to the use of your Personal Data on the basis of a legitimate interest of the Controller (we will cease processing for this purpose unless there are legitimate grounds for processing set out in law, or where processing is necessary for the establishment, investigation or defence of claims).

You may also object to the use of your Personal Data for direct marketing purposes or to the sharing of your Personal Data with third parties for the same purpose.

Your right to withdraw your consent

At any time you have the possibility to withdraw your consent to further Processing of Personal Data that you have given us without disclosing why you do so. You can withdraw your consent by contacting the Data Protection Point of Contact (see section 3 “Who can you contact with questions or requests?” for details).

Your right to be forgotten

In addition, you may request us to delete Personal Data relating to you (except in certain cases, for example, to prove a transaction, to assert or defend a claim or when required by law).

Your right to complain

Please also note that you also have the right to lodge a complaint against the D-HUB as Data Controller with the relevant data protection authority (“President of the Data Protection Authority”).

16.  LEGAL INFORMATION

The requirements of this Policy are in addition to and do not replace any other requirements existing under data protection law. In the event of a conflict between the content of this Policy and the requirements of data protection law, data protection law shall prevail.

D-HUB may amend this Policy at any time, e.g. to comply with current data protection legislation, due to decisions or other acts of state authorities or in connection with the need to improve the provision of our services.

17.  DEFINITIONS

In this Policy, the following terms have the following meanings:

    • Data Controller means the organisation that determines the purposes of the processing and the means by which your Personal Data is processed. Unless we inform you otherwise, the Data Controller is: D-HUB is represented by New Venture Fund: D-HUB, New Venture Fund, 1828 L Street NW, Suite 300 – A, Washington, DC 20036. Further information may be provided to you via a separate information obligation clause, which will, for example, be included in certain services (including communication services), electronic newsletters, reminders, surveys, offers, invitations to events, etc.

    • Data Processor means the person or organisation processing your Personal Data on behalf of the Data Controller.

    • Data Protection Contact Point means the person designated by D-HUB, as Data Controller, where you have the opportunity to address your questions or requests regarding this Policy and/or the Processing of your Personal Data and who will deal with such questions and requests. If you are not informed otherwise, you may contact the Data Protection Contact Point as described in Section 3 “Who can you contact with questions or requests?”.

    • EEA stands for European Economic Area (= Member States of the European Union + Iceland, Norway and Liechtenstein).

    • Personal Data is any information about an identified or identifiable natural person, e.g. you, or which indirectly identifies you, such as, for example, your name, telephone number, e-mail address, etc.

    • Processing means an operation or set of operations which is performed upon your Personal Data or sets of such Data by automated or non-automated means, such as collecting, recording, organising, structuring, storing, adapting or modifying, retrieving, accessing and any form of use of Personal Data.

Information on D-HUB Newsletter:

If you subscribe to D-HUB Newsletter, we only collect and use your e-mail address and we do not and can not connect it with any other personal data that we collect from you for other purposes. The legal basis for collecting your e-mail address in this case is your consent, while the purpose of the data procession is to share up-to-date information with you on the activities of D-HUB and on the causes we invite you to support. You can withdraw your consent for this data procession also by simply choosing the unsubscribe option at the end of the newsletters.

Information about cookies:

This website uses its own cookies to optimise the use of the website and for statistical purposes. Cookies are IT data, in particular text files, which are stored on the website user’s terminal device (computer, phone, etc.). Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.

Please be informed that this website also uses so-called external cookies for the following purposes:

    • the collection of general and anonymous statistical data via the analytical tools Google Analytics;

    • publicize our website via social media;

    • For more information on the cookies of these entities, please refer to their privacy policies

When you use our website, we use cookies that make it possible to identify your browser or device – cookies collect various types of information that, in principle, do not constitute personal data (they do not allow you to be identified). However, some information, depending on its content and the way it is used, may be linked to a specific person and thus be considered personal data. The data will be processed by the Data Controller for the purposes indicated above, on the basis of Article 6(1)(f) of the General Data Protection Regulation (GDPR) – i.e. on the basis of the legitimate interest of the Data Controller.

The user has the possibility to manage cookies in the settings of their web browser. In particular, the user can prevent cookies from being stored on their terminal device.