We are delighted that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you about which of your personal data we collect when you visit our website and for what purposes this data is used. Personal data refers to specific details regarding the personal or factual circumstances of an identified or identifiable natural person (data subject), e.g. name, address, email addresses, user behaviour. This therefore refers to data that enables us to identify you. In addition, you will also find some information here regarding data processing activities outside this website (e.g. video conferences or newsletters).
For the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
digitalHUB Aachen e.V.
Pascalstraße 6
52076 Aachen
Phone: +49 241 89 438 5-0
Email: kontakt@hubaachen.de
exkulpa gmbh
Waldfeuchterstr. 266
52525 Heinsberg
Phone: 02452 / 99 33 11
Email: datenschutz@hubaachen.de
In addition to the data you actively provide to us on this site (e.g. via our contact form), we collect certain technical data. This so-called metadata is automatically transmitted from your computer to our servers as soon as you visit our website (including browser, operating system or timestamp). We use this data to ensure our website is displayed correctly. In addition, we may collect data via integrated third-party providers (e.g. for external media such as map services or analytics tools). We will explain the specific purposes and legal bases in the course of this privacy policy.
Unless a specific retention period is stated within this privacy policy, we will retain your personal data for as long as the purpose of the data processing remains valid. If you submit a valid request for erasure or withdraw your consent, we will delete your data. Statutory retention obligations remain unaffected.
If you have consented to data processing, the processing of your personal data is based on Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, if special categories of data are processed in accordance with Article 9(1) of the GDPR. Where you have given your express consent to the transfer of personal data to third countries, the data will also be processed in accordance with Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. through device fingerprinting), data processing will additionally take place on the basis of Section 25(1) of the TDDDG. Your consent may be withdrawn at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data in accordance with Article 6(1)(b) of the GDPR. Furthermore, we process your data where this is necessary to comply with a legal obligation, on the basis of Article 6(1)(c) of the GDPR. Data processing may also take place on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR. The following sections of this privacy policy provide information on the respective legal bases in individual cases.
Please note that we use tools from companies based in third countries with insufficient data protection standards or in the USA, which are not covered by the EU-US Data Protection Framework (DPF). When using these tools, your personal data may be transferred to and processed in these countries. Please note that in these third countries, a level of data protection comparable to that of the EU cannot be guaranteed.
We would like to clarify that the US generally offers a level of data protection comparable to that of the EU. The transfer of data to the US is permitted if the recipient holds DPF certification or provides appropriate additional safeguards. Information on data transfers to third countries, including data recipients, can be found in our privacy policy.
Your personal data is not processed for the purposes of automated decision-making.
As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:
This information is intended for customers, prospective customers, suppliers and employees. We process your personal data for the following purposes:
Within our company, only those employees who absolutely need the data to perform their duties have access to it (need-to-know principle). Individual processes and services are carried out by carefully selected service providers, commissioned in accordance with data protection regulations, who are based within the EEA. Where service providers commissioned by us gain access to personal data whilst performing their services, data processing agreements have been concluded with them in accordance with Article 28(3) of the GDPR.
The data we process is stored for the duration of the contractual relationship and its fulfilment, and in compliance with statutory retention periods. These include, in particular, commercial and tax law retention obligations under the German Commercial Code (HGB) and the German Fiscal Code (AO). The standard retention and documentation periods amount to up to ten years. If no contractual relationship arises, we process the data only for as long as the specific purpose requires.
Cookies are small text files that are stored by your browser on your device to save certain information whilst you are using the website. Cookies enable us to improve various aspects of our website and make your visit more convenient.
There are various types of cookies, each serving different purposes. Temporary cookies, also known as session cookies, are stored only for the duration of your use of the website and are automatically deleted when you close your browser. Persistent cookies, on the other hand, remain stored on your device for a longer period and enable us to recognise you and your preferences on subsequent visits to the website.
Cookies can also be divided into first-party cookies and third-party cookies. First-party cookies are set by our website, whilst third-party cookies are set by other websites or service providers whose content is integrated into our website, such as plugins or analytics tools.
Cookies are used for various purposes, such as ensuring the website functions properly, storing user settings, compiling anonymous statistics on user behaviour, or displaying personalised content and advertising. The legal basis for the use of cookies varies depending on the purpose of the cookies. In some cases, the setting of cookies is based on your legitimate interest pursuant to Article 6(1)(f) of the GDPR, in order to make our website functional and user-friendly. As the website operator, we have a legitimate interest in storing necessary cookies to ensure the technically flawless and optimised provision of our services. Where we seek your consent for the use of cookies, processing is carried out on the basis of Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG. You may withdraw your consent at any time.
Our website uses Cookiebot’s consent technology to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies, and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich (hereinafter “Cookiebot”).
When you visit our website, a connection is established with Cookiebot’s servers to obtain your consents and other declarations regarding the use of cookies. A cookie is set in your browser to enable us to record and document your consent or withdrawal of consent. This data is stored until you delete the cookie, request us to delete the data, or the purpose for data processing no longer applies. Statutory retention obligations remain unaffected.
Cookiebot is used to obtain the legally required consents for the use of cookies. The legal basis for this is Article 6(1)(c) of the GDPR.
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
Below, we provide information on the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective retention period. No automated decision-making, including profiling, takes place in individual cases.
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf for the purpose of providing the website, in accordance with Article 28 of the GDPR.
The use of the hosting provider is for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of a secure, fast and efficient provision of our online services by a professional provider (Article 6(1)(f) GDPR).
We use the following hosting provider:
Interactive Pioneers GmbH, Aachen
Server location: Dresden
When you send us enquiries (e.g. via the contact form, email or telephone), we store all data resulting from this (e.g. name, email address, subject of the enquiry, etc.). We require this data to process your enquiry and to be able to answer any follow-up questions. We will not pass on this data without your consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if you have previously given it.
The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
We collect and process the personal data of applicants. Such data processing may also take place electronically, for example, when applicants submit application documents to us by email or via a web form on our website . On our website, we offer you the option of submitting applications for advertised vacancies to us by email. Unsolicited applications can be sent to kontakt@hubaachen.de
We process applicants’ personal data in accordance with legal requirements for the purpose of establishing an employment relationship (Art. 6(1)(b) GDPR). You are not obliged to provide us with this data. However, without this data, we cannot conduct a recruitment process with you.
If the application is successful, the data you have submitted will be stored in our data processing systems on the basis of Article 6(1)(b) of the GDPR and, insofar as you provide us with special categories of personal data such as health information, on the basis of Article 9(2)(b) for the purpose of carrying out the employment relationship.
We also use the professional networking services LinkedIn and XING to contact potential applicants. In this regard, the operators of these networks act as data processors on our behalf in accordance with our instructions. The legal basis for data processing when contacting potential applicants on our behalf is Article 6(1)(f) of the GDPR (our legitimate interests). If, following such contact, you send us your application, we process your data for the purpose of establishing an employment relationship as described above on the basis of Article 6(1)(b) of the GDPR.
In the event of a rejection, your data will be stored for a period of 6 months beyond the conclusion of the application process. This is done to safeguard our legitimate interests, to assess whether we require the data to defend against any claims arising in connection with the application process. We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as so-called metadata without any direct personal reference for statistical analysis (for example, the proportion of female and male applicants, the number of applications per period, etc.).
If it becomes apparent that further storage of the data is necessary after the expiry of the 6-month period to safeguard our legitimate interests (e.g. due to an impending or pending legal dispute), deletion will only take place once the purpose for the continued storage no longer applies. The legal basis for this further data storage is our legitimate interests in the assertion, exercise or defence of civil law claims (Art. 6(1)(f) GDPR in conjunction with Section 24(1)(2) BDSG or, where special categories of personal data are stored, Art. 9(2)(f) GDPR in conjunction with Section 24(2) BDSG).
As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of 24 months on the basis of consent within the meaning of Article 6(1)(a) and Article 9(2)(a) of the GDPR. If you have provided special categories of personal data in your application, such as health information, your consent also extends to this data. You are not obliged to provide us with your application data for our talent pool. However, without this data, we cannot consider you for future vacancies unless you submit a new application.
Consent to the inclusion of application data in the talent pool is voluntary and may be withdrawn at any time with future effect. Withdrawal of consent does not affect the lawfulness of data processing carried out on the basis of consent prior to withdrawal.
Your application documents will be deleted from the talent pool at the latest upon expiry of the retention period, or in the event of a withdrawal or acceptance of a job offer from one of the companies responsible for the talent pool.
If, as part of the application process, you receive an offer of employment from us and accept it, we or that company will store the personal data collected during the application process for the purpose of managing the employment relationship. The legal basis for this data processing is Article 6(1)(b) of the GDPR or, insofar as you provide us with special categories of personal data such as health information, Article 9(2)(b).
We offer our newsletter on this website. If you wish to subscribe to it, we require your email address and further data to verify that the email address belongs to you and that you consent to receiving the newsletter. No other personal data is collected unless you provide it voluntarily (e.g. name, telephone number, place of residence, etc.).
When processing the data you provide when subscribing to the newsletter, we rely exclusively on your consent pursuant to Article 6(1)(a) of the GDPR as the legal basis. You may withdraw your consent to the processing and storage of your personal data at any time (e.g. via the ‘Unsubscribe’ link in the newsletter) with effect for the future.
We store the personal data you have provided for the purpose of receiving the newsletter until you unsubscribe from the newsletter via us or the mailing service provider. This does not apply to data we have stored about you for other purposes.
If you unsubscribe from the newsletter mailing list, your email address will be stored by us or the mailing service provider on a blacklist for an indefinite period. This is done to prevent future mailings from being sent to you. The data from the blacklist is used exclusively for this purpose and is not combined with other data. This is not only in your interest, but also in our legitimate interest pursuant to Article 6(1)(f) of the GDPR to fulfil our legal obligations regarding the sending of newsletters. You may object to the storage of your data if your personal interests override our legitimate interest.
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany.
CleverReach is a service that organises and analyses the sending of newsletters. Data that you enter to receive newsletters (e.g. your email address) is stored on CleverReach’s servers in Germany or Ireland.
CleverReach allows us to monitor the performance of our newsletter. We can determine whether a newsletter has been opened, which links have been clicked, and what further actions were taken after opening or clicking the newsletter, e.g. a purchase. This enables us to analyse and evaluate our newsletter campaigns with the help of CleverReach.
CleverReach also allows us to tailor the newsletters more effectively to our target groups by segmenting newsletter recipients into different categories, such as age, gender or place of residence. If you object to analysis by CleverReach, you can unsubscribe from the newsletter via a link. This link is available in every newsletter you receive.
Further information on data analysis by CleverReach newsletters can be found here.
Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). This consent may be withdrawn at any time. The lawfulness of data processing operations already carried out remains unaffected by this.
You can find CleverReach’s privacy policy here
Data that you provide to us for the purpose of sending the newsletter is stored by us or the newsletter service provider. This applies until you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
If you unsubscribe from our newsletter, we may store your email address in a blacklist. This ensures that we do not send newsletters to people who have unsubscribed. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves your and our interests (Art. 6(1)(f) GDPR) with regard to compliance with legal requirements for sending newsletters. The storage of your data in the blacklist is not time-limited. You have the right to object to the storage of the data, provided that your interests outweigh our legitimate interests.
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Sendinblue is a service that organises and analyses the sending of newsletters. Data that you enter to receive newsletters (e.g. your email address) is stored on Sendinblue’s servers.
Sendinblue offers the ability to view the performance of our newsletter. We can determine whether a newsletter has been opened, which links have been clicked and what further actions were taken after opening/clicking the newsletter, e.g. a purchase. This enables us to analyse and evaluate our newsletter campaigns with the help of Sendinblue.
Sendinblue also allows us to better tailor our newsletters to our target groups by segmenting newsletter recipients into different categories, such as age, gender or place of residence. If you object to analysis by Sendinblue, you can unsubscribe from the newsletter via a link. This link is available in every newsletter you receive.
You can find more information about Sendinblue here.
Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). This consent may be withdrawn at any time. The lawfulness of data processing operations already carried out remains unaffected by this.
You can find Sendinblue’s privacy policy here.
Data that you provide to us for the purpose of sending the newsletter is stored by us or the newsletter service provider. This applies until you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
If you unsubscribe from our newsletter, we may store your email address in a blacklist. This ensures that we do not send newsletters to people who have unsubscribed. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves your and our interests (Art. 6(1)(f) GDPR) with regard to compliance with legal requirements for sending newsletters. The storage of your data in the blacklist is not time-limited. You have the right to object to the storage of the data, provided that your interests outweigh our legitimate interests.
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
To use certain areas of our website, you have the option to register a user account. The information collected via the mandatory fields during registration is necessary to provide access to the user account. In addition, you may voluntarily provide further information for supplementary (convenience) features.
When registering a user account, your personal data is disclosed exclusively in accordance with this privacy policy.
We process your data for the purpose of providing a user account to fulfil a contract with you in accordance with Article 6(1)(b) of the GDPR. There is a contractual obligation to provide your data, as this information is necessary for the identification of your person and for the fulfilment of the contract on our part. There is no legal obligation to provide the data. Without the provision of this information, the registration of a user account and thus the conclusion of a contract is not possible.
Furthermore, the processing of additional information provided voluntarily takes place for the purpose of providing further (convenience) functions on the basis of your consent in accordance with Article 6(1)(a) of the GDPR. By deactivating the functions or deleting the voluntary information in your user account, you may at any time withdraw your consent with future effect in accordance with Article 7(3) of the GDPR.
We store your personal data in connection with the provision of the user account for the duration of the contractual relationship. After the end of the contract / deletion of the user account, your data will only be stored further if statutory retention obligations (e.g. tax and commercial law) apply.
Additional information that you provide to us on the basis of your consent will only be stored until you withdraw your consent by deactivating the functions or deleting the data, but at the latest until the end of the contract on which the provision of the user account is based.
We maintain public profiles on various social networks via our website. You can find more detailed information about the social networks we use in the relevant sections of our privacy policy.
Social networks such as Facebook, Twitter and others can comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. ‘Like’ buttons or advertising banners). Visiting our social media pages triggers numerous data processing operations relevant to data protection:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal may associate this visit with your user account . However, your personal data may also be collected even if you are not logged in or do not have an account with the relevant social media portal. In this case, data collection takes place, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media platforms can create user profiles containing your preferences and interests. This enables interest-based advertising to be displayed to you both on and off the respective social media platform. If you have an account with the relevant social network, interest-based advertising may be displayed on all devices on which you are logged in or have been logged in.
Please note that we cannot track all processing activities on social media platforms. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.
Our social media presence serves to ensure the most comprehensive online presence possible. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g. consent within the meaning of Article 6(1)(a) of the GDPR).
When you visit our social media pages (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by that visit. You may generally exercise your rights (right of access, rectification, erasure, restriction of processing, data portability and the right to lodge a complaint) both against us and against the operator of the relevant social media portal (e.g. against Facebook).
Despite our joint responsibility with the social media platform operators, we do not have full control over the data processing activities carried out by these platforms. Our options are largely determined by the corporate policies of the respective provider.
Data collected directly by us via our social media presence will be deleted from our systems as soon as you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence over the duration of storage of your data that is stored by the operators of social networks for their own purposes. For further details, please contact the operators of the social networks directly (e.g. via their privacy policy, see below).
Our company has a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter ‘Meta’). According to Meta, the data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement sets out which data processing operations we and Meta are responsible for when you visit our Facebook page. You can view the agreement via the following link.
You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here and here.
For further information, please refer to Facebook’s privacy policy
Our company has a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to adhere to these data protection standards.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For further information on how your personal data is handled, please refer to Instagram’s privacy policy.
Our company has a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to adhere to these data protection standards.
Data transfers to the US are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here and here.
For further information on how your personal data is handled, please refer to LinkedIn’s privacy policy
We use online conferencing tools to communicate with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conference, your personal data is collected and processed by us and the provider of the relevant tool.
The tools collect the data you provide, including your email address and telephone number. They also process the duration of the conference, when you joined the conference, the number of participants and other metadata.
In addition, the tool provider processes all technical data necessary for the conference to take place. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
When you share content via this service, it is stored on the providers’ servers. This includes cloud recordings, chat messages, voice messages, as well as photos and videos that you have shared whilst using this service.
Please note that we do not have full control over the data processing operations of the tools used. For further details on data processing by the conference tools, please refer to the privacy policies of the respective tools used.
The conference tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Article 6(1)(b) of the GDPR). Furthermore, the use of these tools serves to generally simplify and speed up communication with us or our company (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). If you have previously given your consent to data processing, the processing of your data takes place solely on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.
The data collected directly by us via the video and conferencing tools will be deleted from our systems as soon as you request us to delete it, withdraw your consent to its storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence over the storage period of your data that is stored by the operators of the conference tools for their own purposes. For further details, please contact the operators of the conference tools directly.
We use the following conference tools:
We use Zoom. The provider of this service is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s privacy policy.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on data processing, please refer to the Microsoft Teams privacy policy.
We use the weclapp CRM system. The provider is weclapp SE, Neue Mainzer Str. 66-68, 60311 Frankfurt am Main (hereinafter weclapp CRM).
A CRM enables us to manage customer data and contacts and to organise our sales processes. With weclapp CRM, we can record and analyse customer interactions across various channels (e.g. via email, social media, website or telephone). We can then use the data collected in this way to develop new marketing measures.
The use of weclapp CRM is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring that customer management and customer communication are as efficient as possible. If you have previously given your consent to data processing, the processing of your data takes place solely on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.
For further details, please refer to weclapp’s privacy policy.
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
On our website, you have the option to book tickets for various events. Tickets are booked via the Eventbrite ticketing system. The provider is Eventbrite, Inc., Delaware, 155 5th Street, Floor 7, San Francisco, CA 94103, USA.
When you use our ticket booking form, we process the data you enter, as well as your payment details, your IP address and other metadata (browser, operating system, version, device). You can view Eventbrite’s privacy policy here
The data you enter will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected.
The legal basis for data processing is Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring that the ticket booking process is as straightforward as possible. If you have previously given your consent to data processing, the processing of your data takes place solely on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here.
Further information on data processing can be found here.
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
This website integrates the anny booking system, provided by anny GmbH, Jülicher Straße 68, 52070 Aachen. With anny, you can book rooms at the digitalHub directly via our website. When you visit a page that incorporates components of the booking system, your IP address is transmitted to a server operated by the provider.
The use of anny is based on our legitimate interest in the attractive presentation and efficient booking of our rooms (Art. 6(1)(f) GDPR). If consent has been requested, the processing of data takes place exclusively on the basis of your consent in accordance with Art. 6(1)(a) GDPR. This consent may be withdrawn at any time.
This website uses Google reCAPTCHA. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to verify data entry (e.g. in a contact form) on this website. Specifically, it checks whether the entry is made by a human or by an automated programme. Google reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. The analysis begins automatically as soon as the visitor accesses the website. The data collected during the analysis, such as the IP address, the duration of the website visitor’s stay or the mouse movements made, is forwarded to Google.
Website visitors are not notified that an analysis is taking place; these processes run entirely in the background.
The storage and analysis of data is based on our legitimate interest in protecting our web services from abusive automated scanning and spam (Art. 6(1)(f) GDPR). If consent has been requested, the processing of data takes place exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. This consent may be withdrawn at any time.
Google’s privacy policy and terms of service can be found at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards. Further information is available here.
This website embeds videos from YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that no information about visitors to the website is stored before the video is viewed. However, the enhanced privacy mode does not necessarily prevent data from being shared with YouTube partners. YouTube establishes a connection to the Google DoubleClick network, regardless of whether you watch a video.
When you start a YouTube video on this website, a connection is established with their servers. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you also allow YouTube to associate your browsing behaviour with your personal profile. You can prevent this by logging out of your account. Once a video has started, YouTube may store various cookies on your device or use comparable recognition technologies, such as device fingerprinting. This allows YouTube to obtain information about visitors to this website. This information is used, amongst other things, to collect video statistics, improve user-friendliness and prevent fraud. It cannot be ruled out that further data processing operations may take place after a video has started, over which we have no control.
The use of YouTube is based on our legitimate interest in presenting our online services in an appealing manner (Art. 6(1)(f) GDPR). If consent has been requested, the processing of data takes place exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. This consent may be withdrawn at any time.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards.
Further information on data protection at YouTube can be found in the privacy policy.
On this website, we use services and features provided by Google Analytics, offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Analytics, we as the website operator can determine how our website is used. As part of the analysis, we learn how often our website is visited, how long visitors stay on the site and which devices or systems they use to access the website. We can also track your mouse movements and clicks. To do this, Google Analytics uses machine learning and other technologies to analyse and supplement your data. The collected data is usually processed on Google’s servers in the USA.
When using Google Analytics, we rely on Article 6(1)(f) of the GDPR as the legal basis for the storage and analysis of personal data, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online offering for you. If you have previously given your consent to data processing by Google Analytics on this website, the processing of your data takes place solely on the legal basis of Article 6(1)(a) of the GDPR. You may withdraw your consent at any time.
The transfer of your personal data to the USA is based on the EU Commission’s Standard Contractual Clauses. Further information on this can be found here.
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
Google stores data linked to cookies, user IDs or advertising IDs for two months; after that, it is anonymised or deleted. Further information on the retention period and the deletion of your data can be found here.
On this website, we use services and functions provided by Google Tag Manager, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to use other tools on our website. It does not create user profiles, store cookies or carry out independent analyses. However, your IP address is recorded and may be transferred to the USA. Google Tag Manager itself is used solely for the management of the tools integrated via it.
When using Google Tag Manager on this website, we rely on Article 6(1)(f) of the GDPR as the legal basis, as we have a legitimate interest in implementing and managing tracking tools on this website quickly and easily. If you have previously given your consent to data processing on this website via Google Tag Manager, the processing of your data takes place solely on the legal basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. You may withdraw your consent at any time.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards. Further information is available here.
This website embeds videos from YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that no information about visitors to the website is stored before the video is viewed. However, the enhanced privacy mode does not necessarily prevent data from being shared with YouTube partners. YouTube establishes a connection to the Google DoubleClick network, regardless of whether you watch a video.
When you start a YouTube video on this website, a connection is established with their servers. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you also allow YouTube to associate your browsing behaviour with your personal profile. You can prevent this by logging out of your account. Once a video has started, YouTube may store various cookies on your device or use comparable recognition technologies, such as device fingerprinting. This allows YouTube to obtain information about visitors to this website. This information is used, amongst other things, to collect video statistics, improve user-friendliness and prevent fraud. It cannot be ruled out that further data processing operations may take place after a video has started, over which we have no control.
The use of YouTube is based on our legitimate interest in presenting our online services in an appealing manner (Art. 6(1)(f) GDPR). If consent has been requested, the processing of data takes place exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. This consent may be withdrawn at any time.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards.
Further information on data protection at YouTube can be found in the privacy policy.
On our website, we use the services and functions of Google APIs, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google APIs allow us to access additional services and data from Google. When using these services, your IP address is transmitted to Google Ireland Limited. Please note that we provide specific information in our privacy policy for each additional Google service that we use. Further information on Google APIs and data protection can be found in Google’s privacy policy.
We use Google APIs based on our legitimate interests (i.e. the interest in optimising our online offering), in accordance with Article 6(1)(f) of the GDPR. Where we seek consent (e.g. consent to the storage of cookies), data processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR; you may withdraw this consent at any time.
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
On this website, we use functions provided by Gstatic, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Gstatic is a service provided by Google to speed up the loading of web pages. Gstatic stores website resources such as images, CSS and JavaScript files on its servers in order to deliver them to the user more quickly when the page is visited again. During this data processing, technical information, such as your IP address and technical details of your browser, is transmitted to Gstatic.
The user profiles created by Gstatic are pseudonymised and cannot be traced directly back to you as an individual.
Further information on this can be found in Google’s privacy policy
The use of Gstatic on this website is based on your consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TTDSG. You have the right to withdraw your consent at any time.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards. Further information is available here.
To ensure that personal data is processed in accordance with our guidelines and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
This website uses Google Maps. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions, it is necessary to store your IP address. As a rule, the information is transmitted to and stored on a Google server. The provider of this website has no influence over this data transmission. If Google Maps is activated, Google may use Web Fonts for the purpose of a uniform display of fonts. When you access Google Maps, your browser loads the required fonts into your browser cache so that the fonts are displayed correctly.
The use of Google Maps is based on our legitimate interest in presenting our online services in an appealing manner and in ensuring that the locations we specify are easy to find (Art. 6(1)(f) GDPR). If consent has been requested, the processing of data takes place exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. This consent may be withdrawn at any time. Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses: https://business.safety.google/gdprcontrollerterms/sccs/ and https://business.safety.google/gdprcontrollerterms/.
Google’s privacy policy can be found here.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards. Further information is available here.
This website uses web fonts to ensure consistent display of fonts provided by Google. When you visit the site, your browser loads the required web fonts into your browser cache so that text and fonts are displayed correctly. To do this, the browser you are using establishes a connection to Google’s servers. As a result, Google becomes aware of your IP address.
The use of Google Web Fonts is based on our legitimate interest in the consistent display of the typography on our website (Art. 6(1)(f) GDPR). If consent has been requested (e.g. consent to the storage of cookies), the processing of data takes place exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. This consent may be withdrawn at any time. If your browser does not support web fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found here. Google’s privacy policy can be found here.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards. Further information is available here.
We use the Meta Pixel on this website, which is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
With the help of the Meta Pixel, we can analyse the behaviour of our website visitors when they are redirected to our website by clicking on a Facebook advertisement. We use the user data to measure the success of our advertisements on Facebook and to optimise the ads. As the website operator, we only receive anonymised data for this purpose, meaning we cannot identify you as a user.
Meta, on the other hand, processes the data in such a way that it is attributed to a specific user and used for its own advertising purposes. This enables Meta to display personalised advertisements on Meta and other websites. We, as the website operator, have no influence over this. Further information on data processing can be found in Meta’s privacy policy
When using Meta Pixel, we rely on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards.
The transfer of your personal data to the USA is based on the EU Commission’s Standard Contractual Clauses. Further information on this can be found here.
If this service collects personal data on this website and passes it on to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for the processing of your personal data (Article 26 of the GDPR). However, we are only responsible for the collection of your data and its transmission to Meta, whilst Meta is responsible for what happens to the data thereafter. The obligations we impose on each other within the framework of joint responsibility are set out in a joint data processing agreement. You can find the exact text of the agreement at the following link. Accordingly, when using the Meta tool, we must provide you with information on data protection and ensure that the tool is implemented on our website in compliance with data protection regulations.
Meta itself is responsible for the security of its own products. If you wish to exercise your data subject rights and, for example, request information about your data processed by Meta, you can contact Meta directly. If you exercise your rights as a data subject with us, we are obliged to forward your request to Meta.
We have integrated OneTrust Geolocation into our website. OneTrust Geolocation is a consent solution provided by OneTrust Technology Ltd, 82 St John Street, London, EC1M 4JN, United Kingdom, which enables consent to be obtained and documented for the storage of cookies. OneTrust Geolocation uses cookies or other web technologies to recognise users and to store consent that has been given or withdrawn.
Use of the service is based on obtaining the legally required consent to the use of cookies in accordance with Article 6(1)(c) of the GDPR and Section 25(2)(2) of the TDDDG.
We have no influence over the specific storage period of the processed data; this is determined by OneTrust Technology Ltd. Further information can be found in the privacy policy for OneTrust Geolocation.
To design our website in accordance with uniform design standards, we use web fonts from Adobe Typekit. This service is provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When you visit our website, the required fonts from Adobe Typekit are loaded directly into your browser to ensure correct display on your device. During this process, your browser establishes a connection to Adobe’s servers in the USA, which means Adobe is informed that our website has been accessed via your IP address. According to Adobe, no cookies are stored during this process.
The storage and processing of data is carried out on the basis of Article 6(1)(f) of the GDPR, as we, as the website operator, have a legitimate interest in the uniform display of fonts on our website. If consent to the processing of personal data (e.g. for the storage of cookies) has been given, data processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR; this consent may be withdrawn at any time. Your personal data is transferred to the USA and is based on the EU Commission’s Standard Contractual Clauses. Further information on this can be found here.
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
Further information on Adobe Typekit and its privacy policy can be found at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html and https://www.adobe.com/de/privacy/policy.html.
We use Adobe CDN to ensure the proper delivery of our website’s content. Adobe CDN is a service provided by Adobe Inc. which acts as a Content Delivery Network (CDN) on our website to ensure the functionality of other Adobe Inc. services. A separate section in this privacy policy covers these services. This section deals solely with the use of the CDN.
A CDN helps to deliver content from our website – particularly files such as graphics or scripts – more quickly by using servers distributed across different regions or countries. When you access this content, you establish a connection to servers operated by Adobe Inc., San Jose, California, USA, whereby your IP address and, where applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of the Adobe CDN.
The use of the Content Delivery Network is based on our legitimate interests, i.e. our interest in the secure and efficient provision and optimisation of our online offering in accordance with Article 6(1)(f) of the GDPR.
We have no influence over the specific retention period of the processed data; this is determined by Adobe Inc. Further information can be found in the privacy policy for Adobe CDN.
On this website, we use services and functions provided by Unpkg CDN, a Content Delivery Network (CDN) operated by Cloudflare, Inc.
The CDN serves to deliver content from our online offering, such as graphics or scripts, quickly and efficiently. The content is stored on servers distributed regionally or globally to make it available to users more quickly. Each time this content is accessed, a connection is established with Cloudflare’s servers, during which your IP address and, where applicable, further browser data such as your user agent are collected and processed. This data processing serves exclusively to optimise and ensure the functionality of the service. Further information on this can be found in the privacy policy for Unpkg CDN.
The use of Unpkg CDN is based on our legitimate interest in the secure and efficient provision of our online services in accordance with Article 6(1)(f) of the GDPR.
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you play a Vimeo video on this website, a connection is established with their servers. The Vimeo server is informed which of our pages you have visited. Vimeo also obtains your IP address. However, we have configured the settings so that Vimeo cannot track your user activity and will not set any cookies.
The use of Vimeo is based on our legitimate interest in presenting our online services in an appealing manner (Art. 6(1)(f) GDPR). If consent has been requested, the processing of data is carried out exclusively on the basis of your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG. This consent may be withdrawn at any time. The transfer of data to the USA is based on the EU Commission’s Standard Contractual Clauses. Vimeo’s privacy policy can be found here.
The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards.
We use Cookiebot CDN to ensure the proper delivery of our website’s content. Cookiebot CDN is a service provided by Cybot A/S, which acts as a Content Delivery Network (CDN) on our website to ensure the functionality of other Cybot A/S services. A separate section in this privacy policy covers these services. This section deals solely with the use of the CDN.
A CDN helps to deliver content from our online offering, in particular files such as graphics or scripts, more quickly with the aid of servers distributed regionally or internationally. When you access this content, you establish a connection to servers belonging to Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, whereby your IP address and, where applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of the Cookiebot CDN.
The use of the Content Delivery Network is based on our legitimate interests, i.e. our interest in the secure and efficient provision and optimisation of our online offering in accordance with Article 6(1)(f) of the GDPR.
We have no influence over the specific retention period of the processed data; this is determined by Cybot A/S. Further information can be found in the privacy policy for Cookiebot CDN.
On this website, we use the services of Zoho Corporation GmbH, ll. Hagen 7, 45127 Essen, Germany, and affiliated Zoho companies as a software platform for CRM, forms, campaigns, support and other online services for managing customer relationships and communication processes. Zoho provides cloud-based applications for this purpose, through which we collect, organise and analyse contact and prospect data, and communicate with our customers via email or other channels. In this context, Zoho processes, depending on usage, master data (e.g. name, company, contact details), contract and communication data, form entries, usage and log data (e.g. time and delivery status of emails, IP address, device information) as well as other content provided by you. Processing takes place predominantly in data centres within the European Union; in individual cases, data may be accessed from third countries (in particular India) for support purposes, whereby Zoho employs standard contractual clauses and additional safeguards for this purpose.
The processing of personal data by Zoho is carried out for the purposes of customer management, handling enquiries, contract preparation and execution, planning and evaluating marketing and sales activities, and for the technical provision and optimisation of our online services. Depending on the specific process, the legal basis is the performance of a contract or pre-contractual measures pursuant to Article 6(1)(b) of the GDPR, our legitimate interest in the efficient and secure organisation of business and communication processes pursuant to Article 6(1)(f) of the GDPR, and, where necessary (in particular for promotional communications via email or tracking functions), your consent in accordance with Article 6(1)(a) of the GDPR. You may object to the processing of personal data for direct marketing purposes at any time or withdraw any consent given with effect for the future.
Personal data is stored in Zoho only for as long as is necessary for the respective purposes of the customer relationship, statutory retention periods or the fulfilment of contractual or legal obligations. Thereafter, the data is deleted or anonymised in the Zoho system in accordance with the deletion and anonymisation policies defined by us, provided that no statutory retention obligations preclude this.
Zoho processes personal data exclusively on our behalf as a data processor in accordance with Article 28 of the GDPR, based on a corresponding data processing agreement, including the EU Standard Contractual Clauses, as well as comprehensive technical and organisational security measures. To this end, Zoho engages audited sub-processors (e.g. for hosting, infrastructure and support services), with whom data protection-compliant agreements are in place. Data will only be transferred to third countries where this is necessary for support or infrastructure services and where appropriate safeguards within the meaning of Articles 44 et seq. of the GDPR (in particular standard contractual clauses and additional safeguards) are in place. Further information can be found in Zoho’s privacy policy and in the overview of sub-processors.
digitalHUB Aachen e.V. (the controller) processes the information you provide as part of your application for the digitalPIONEER 2026 award (in particular company details, contact details, application content/documents) in order to review the application, conduct the selection process and organise the award, as well as to communicate with you in this regard.
Your application details will be made available to the following recipients, insofar as this is necessary for the selection process:
In addition, the application documents will be made available to AGIT Aachener Gesellschaft für Innovation und Technologietransfer mbH, Forckenbeckstr. 66, 52074 Aachen (hereinafter “AGIT mbH”). AGIT mbH acts as the focus group spokesperson within the selection process and reviews the application documents following pre-selection by the jury.
Personal data is processed for the aforementioned purposes of conducting the selection process, organising the award and for subsequent communication. The data will not be disclosed to third parties outside the specified group of recipients.
If your application is awarded a prize or you/your company is featured as part of the award, the following information may be used for public relations purposes and published:
Publications may be made via the website, social media, press/media, newsletters and other communication channels and are accessible worldwide.
The data collected as part of the application will be stored for as long as is necessary to fulfil the respective purpose.
Further information can be found in the digitalHUB Aachen privacy policy.