Privacy policy

1 Data protection, Controller and Data ProtectionOfficer

In this privacy policy we inform you about the collection of personaldata when using our website. Personal data are all data that can be related toyou personally, e.g. name, address, e-mail addresses, user behavior.

This privacy policy explains which kind of data we collect and what weuse it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission in the Internet (e.g.when communicating by e-mail) can have security gaps. Complete protection ofdata against access by third parties is not possible.

Unless a more specific storage period is specified within this privacypolicy, your personal data will remain with us until the purpose for the dataprocessing doesn’t apply anymore. If you assert a legitimate request fordeletion or revoke your consent to data processing, your data will be deletedunless we have other legally permissible reasons for storing your personal data(e.g. retention periods under tax or commercial law); in the latter case, thedata will be deleted after these reasons cease to apply.

The Controller for the processing of your personal data through thiswebsite is the

Jung von Matt START

An offer of JvM Havel GmbH

Brunnenstr. 10
10119 Berlin
Germany

Chief Executive Officers: JonasBailly, Lukas Liske, Daniel Schweinzner

Tel: +49 30 700 108 50 100

E-mail: start@jvm.com

You can reach our data protection officer atthe e-mail datenschutz@jvm.com.

‍

2 Generalnotes and mandatory information

a) SSLor TLS encryption

For security reasons and to protect the transmission of confidentialcontent, such as orders or requests that you send to us as the websiteoperator, this website uses SSL or TLS encryption. You can recognize anencrypted connection by the fact that the address line of the browser changesfrom "http://" to "https://" and by the lock symbol in yourbrowser line.

If SSL or TLS encryption is activated, the data you transmit to uscannot be read by third parties.

b) External hosting

This website is hosted by an external service provider (hoster). Thepersonal data collected on this website are stored on the hoster's servers.This may include e.g. IP addresses, contact requests, meta and communicationdata, contract data, contact details, names, website accesses and other datagenerated via a website.

This website ishosted by an external service provider (host). The personal data collected onthis website is stored on the host's servers.

We host thecontent of our website with the following provider:

Webflow, Inc. 39811th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter Webflow).When you visit our website, Webflow collects various log files, including yourIP addresses.

Webflow is a toolfor creating and hosting websites. Webflow stores cookies or other recognitiontechnologies that are necessary for the display of the page, for the provisionof certain website functions, and to ensure security (necessary cookies).

For details,please refer to Webflow's privacy policy:https://webflow.com/legal/eu-privacy-policy.

The use ofWebflow is based on Art. 6 para.1 lit. f GDPR. We have a legitimate interest inensuring that our website is displayed as reliably as possible. If consent hasbeen requested, processing is carried out exclusively on the basis of Art. 6para.1 lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes thestorage of cookies or access to information on the user's terminal device(e.g., device fingerprinting) within the meaning of the TDDDG. Consent can berevoked at any time.

Data transfer tothe USA is based on the standard contractual clauses of the EU Commission.Details can be found here: https://webflow.com/legal/eu-privacy-policy.

The company iscertified under the EU-US Data Privacy Framework (DPF), an agreement betweenthe European Union and the US to ensure compliance with European dataprotection standards when processing data in the US. Further information onthis can be obtained from the provider at the following link:https://www.dataprivacyframework.gov/participant/6365.

In addition, wehave concluded a data processing agreement (DPA) for the use of the services.This binds the provider to process your personal data only on our instructionsand not for its own purposes.

c) Content Delivery Network

We use the "Cloudflare" service. The provider isCloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter"Cloudflare").

Cloudflare offers a globally distributed content delivery networkwith DNS. Technically, this means that the transfer of information between yourbrowser and this website is routed through the Cloudflare network. This enablesCloudflare to analyze the data traffic between your browser and the website andto serve as a filter between our servers and potentially malicious data trafficfrom the Internet. In doing so, Cloudflare may also use cookies or othertechnologies to recognize Internet users, but these are used solely for thepurpose described here.

The use of Cloudflare is based on our legitimate interest inproviding our website as error-free and secure as possible (Art. 6 para.1 lit.f GDPR).

Data transfer to the USA is based on the standard contractualclauses of the EU Commission.

Details and further information on security and data protection atCloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

The company is certified under the EU-US Data Privacy Framework(DPF).

The company is certified under the EU-US Data Privacy Framework(DPF), an agreement between the European Union and the US to ensure compliancewith European data protection standards when processing data in the US. Furtherinformation on this can be obtained from the provider at the following link:https://www.dataprivacyframework.gov/participant/6365.

In addition, we have concluded a data processing agreement (DPA) forthe use of the services. This binds the provider to process your personal dataonly on our instructions and not for its own purposes.

‍

3 Datacollection on our website

a) Cookies

Our websites and pages use what the industry refers to as “cookies.”Cookies are small data packages that do not cause any damage to your device.They are either stored temporarily for the duration of a session (sessioncookies) or they are permanently archived on your device (permanent cookies).Session cookies are automatically deleted once you terminate your visit.Permanent cookies remain archived on your device until you actively deletethem, or they are automatically eradicated by your web browser.

Cookies can be issued by us (first-party cookies) or by third-partycompanies (so-called third-party cookies). Third-party cookies enable theintegration of certain services of third-party companies into websites (e.g.,cookies for handling payment services).

Cookies have a variety of functions. Many cookies are technicallyessential since certain website functions would not work in the absence ofthese cookies (e.g., the shopping cart function or the display of videos).Other cookies may be used to analyze user behavior or for promotional purposes.

Cookies, which are required for the performance of electroniccommunication transactions, for the provision of certain functions you want touse (e.g., for the shopping cart function) or those that are necessary for theoptimization (required cookies) of the website (e.g., cookies that providemeasurable insights into the web audience), shall be stored on the basis ofArt. 6para.1lit. f GDPR, unless a different legal basis is cited. The operatorof the website has a legitimate interest in the storage of required cookies toensure the technically error-free and optimized provision of the operator’sservices. If your consent to the storage of the cookies and similar recognitiontechnologies has been requested, the processing occurs exclusively on the basisof the consent obtained (Art. 6 para.1lit. a GDPR and § 25 para.1 TDDDG); thisconsent may be revoked at any time.

You have the option to set up your browser in such a manner that youwill be notified any time cookies are placed and to permit the acceptance ofcookies only in specific cases. You may also exclude the acceptance of cookiesin certain cases or in general or activate the delete-function for theautomatic eradication of cookies when the browser closes. If cookies aredeactivated, the functions of this website may be limited.

Which cookies and services are used on this website can be found in thisprivacy policy.

‍

b) Consent with Cookiebot

Our website uses Cookiebot's consent technology to obtain yourconsent to the storage of certain cookies on your device or to the use ofcertain technologies and to document this in accordance with data protectionregulations. The provider of this technology is Usercentrics A/S, Havnegade 39,1058 Copenhagen, Denmark (hereinafter "Cookiebot").

When you visit our website, a connection is established toCookiebot's servers to obtain your consent and other declarations regarding theuse of cookies. Cookiebot then stores a cookie in your browser in order to beable to assign the consents you have given or their revocation. The datacollected in this way is stored until you request us to delete it, delete theCookiebot cookie yourself, or the purpose for data storage no longer applies.Mandatory legal retention obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for theuse of cookies. The legal basis for this is Art. 6 para.1 lit. c GDPR.

We have concluded a contract for order processing (AVV) for the useof the services. This binds the provider to process your personal data only onour instructions and not for its own purposes.

‍

c) Serverlog files

The provider of thiswebsite and its pages automatically collects and stores information inso-called server log files, which your browser communicates to usautomatically. The information comprises:

· The type and version ofbrowser used

· The used operating system

· Referrer URL

· The hostname of theaccessing computer

· The time of the serverinquiry

· The IP address

This data is not mergedwith other data sources.

This data is recorded onthe basis of Art. 6 para.1 lit.f GDPR. The operator of the website has alegitimate interest in the technically error free depiction and theoptimization of the operator’s website. In order to achieve this, server logfiles must be recorded.

‍

d) Inquiryby e-mail or telephone

If you contact us by e-mail or phone, yourrequest including all resulting personal data (name, request, e-mail address)will be stored and processed by us for the purpose of processing your request.We do not pass on this data without your consent.

The processing of this data is based on Art. 6para.1 lit. b GDPR, if your request is related to the performance of a contractor is necessary for the implementation of pre-contractual measures (e.g.booking tickets on account). In all other cases, the processing is based on ourlegitimate interest in the effective processing of the requests sent to us(Art. 6 para.1 lit. f GDPR) or on your consent (Art. 6 para.1 lit. a GDPR) ifthis was requested; the consent can be revoked at any time.

The data you send us via contact requests willremain with us until you ask us to delete it, revoke your consent to store it,or the purpose for storing the data no longer applies (e.g. after your requesthas been processed). Mandatory legal provisions - in particular legal retentionperiods - remain unaffected.

‍

e) Contact form

If you send us inquiries via the contact form, your detailsfrom the inquiry form, including the contact details you provided there, willbe stored by us for the purpose of processing the inquiry and in case offollow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para.1 lit. bGDPR, provided that your request is related to the performance of a contract oris necessary for the implementation of pre-contractual measures. In all other cases,processing is based on our legitimate interest in the effective processing ofinquiries addressed to us (Art. 6 para.1 lit. f GDPR) or on your consent (Art.6 para.1 lit. a GDPR) if this has been requested; consent can be revoked at anytime.

The data you enter in the contact form will remain with us untilyou request us to delete it, revoke your consent to its storage, or the purposefor data storage no longer applies (e.g., after your inquiry has beenprocessed). Mandatory legal provisions—in particular retention periods—remainunaffected.

‍

f) Typeform

We have integrated Typeform into this website. The provider isTYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain (hereinafterTypeform).

Typeform enables us to create online forms and integrate them intoour website. The data you enter into our Typeform forms is stored on Typeform'sservers until you request us to delete it, revoke your consent to its storage,or the purpose for storing the data no longer applies (e.g., after your requesthas been processed).

Mandatory legal provisions—in particular retention periods—remainunaffected.

The use of Typeform is based on Art. 6 para.1 lit. f GDPR. Thewebsite operator has a legitimate interest in functioning online forms. Ifconsent has been requested, processing is carried out exclusively on the basisof Art. 6 para.1 lit. a GDPR and § 25 (1) TDDDG, insofar as the consentincludes the storage of cookies or access to information on the user's terminaldevice (e.g., device fingerprinting) within the meaning of the TDDDG. Consentcan be revoked at any time.

We have concluded a contract for order processing (AVV) for theuse of the services. This binds the provider to process your personal data onlyon our instructions and not for its own purposes.

‍

g) Customer relationship management (CRM)

We use Brevo (formerly Sendinblue) as our CRM system to processyour inquiries, manage contacts, and make our communication efficient.

Personal data such as name, email address,telephone number, and contact history may be processed in this process.

The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179Berlin, Germany. (hereinafter "Brevo"), whose privacy policy can beviewed here:https://www.brevo.com/de/legal/privacypolicy/.

Processing may be carried out on the basis of Art. 6 para.1 lit. band f GDPR and, if applicable, on the basis of your consent (Art. 6 para.1 lit.a GDPR). Our legitimate interest lies in efficient customer service and orderlybusiness operations. The rights and freedoms of the data subjects are takeninto account appropriately.

The data you enter will remain with us until you request us todelete it, revoke your consent to its storage, or the purpose for data storageno longer applies.

Here, too, we have concluded a contract for order processing (AVV)for the use of the services. This binds the provider to process your personaldata only on our instructions and not for its own purposes.

‍

4 Analysistools

a) Trackingtools

The tracking measures listed below and used by us are carried out on thebasis of your consent pursuant to Art. 6 para.1 lit. a GDPR. With the trackingmeasures used, we want to ensure a needs-based design and continuousoptimization of our website. On the other hand, we use the analysis measures tostatistically record the use of our website and evaluate it for the purpose ofoptimizing our offer for you.

The respective data processing purposes and data categories can be foundin the following explanations of the corresponding tracking tools.

‍

b) Google Analytics

This website uses functions of the web analysis service GoogleAnalytics. The provider is Google Ireland Limited ("Google"), GordonHouse, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze thebehavior of website visitors. The website operator receives various usage data,such as page views, length of stay, operating systems used, and the origin ofthe user. This data is assigned to the user's respective end device. It is notassigned to a user ID.

Furthermore, we can use Google Analytics to record your mouse andscroll movements and clicks, among other things. Google Analytics also usesvarious modeling approaches to supplement the collected data sets and usesmachine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognitionfor the purpose of analyzing user behavior (e.g., cookies or devicefingerprinting). The information collected by Google about the use of thiswebsite is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordancewith Art. 6 para.1 lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked atany time.

Data transfer to the USA is based on the standard contractualclauses of the EU Commission. Details can be found here:https://business.safety.google/adscontrollerterms/sccs/.

Data transfer to the USA is based on the standard contractualclauses of the EU Commission.

The company is certified under the EU-US Data Privacy Framework(DPF), an agreement between the European Union and the US to ensure compliancewith European data protection standards when processing data in the US. Furtherinformation on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6365.

Google Analytics IP anonymization is activated. This means thatyour IP address will be truncated by Google within member states of theEuropean Union or in other signatory states to the Agreement on the EuropeanEconomic Area before being transmitted to the USA. Only in exceptional caseswill the full IP address be transmitted to a Google server in the USA andtruncated there. On behalf of the operator of this website, Google will usethis information to evaluate your use of the website, to compile reports on website activity and to provide otherservices related to website activity and internet usage to the websiteoperator. The IP address transmitted by your browser as part of GoogleAnalytics will not be merged with other Google data.

You can prevent Googlefrom collecting and processing your data by downloading and installing thebrowser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how Google Analytics handles user data, pleaserefer to Google's privacy policy:

https://support.google.com/analytics/answer/6004245?hl=de

We have concluded a contract with Google for order processing andfully implement the strict requirements of the German data protectionauthorities when using Google Analytics.

‍

5 Transferof personal data

a) Legalbasis

We will only pass on your personal data to third parties if this isnecessary to achieve our purposes and at least one of the following legal basesexists:

· you have expressly givenyour consent to this in accordance with Art. 6 Para. 1 lit. a GDPR,

· this is legallypermissible and necessary for the processing of contractual relationshipsaccording to Art. 6 Para. 1 lit. b GDPR,

· in the event that a legalobligation exists for the disclosure pursuant to Art. 6 para.1 lit. c GDPR, aswell as

· the transfer according toArt. 6 para.1 lit. f GDPR is necessary to protect our legitimate interests,unless your interests, fundamental rights and freedoms, which require theprotection of your personal data, prevail.

b) Datatransfer to the USA

Among other things, we use tools from companies based in the USA. Ifthese tools are active, your personal data may be transferred to these thirdcountries and processed there. We note that the European Commission has adoptedan adequacy decision for the EU-U.S. Data Privacy Framework (successor to the"Privacy Shield"). The decision states that the United States willensure an adequate level of protection - comparable to that of the EuropeanUnion - for personal data transferred from the EU to U.S. companies within thenew framework. Based on this sectoral adequacy decision, personal data can betransferred securely from the EU to U.S. companies participating in theframework ("Data Privacy Framework") without having to implementadditional data protection safeguards. To participate, companies must havecertified themselves with the U.S. Department of Commerce. If they have notdone so, the adequacy decision does not serve as a basis for secure datatransmission. In these cases, we enter into Standard Contractual Clauses (SCC)with the service providers. By concluding standard contractual clauses withinthe meaning of Art. 46para.1lit. c GDPR, we provide guarantees for theprotection of your data.

In addition, we encrypt or pseudonymize personal data beforetransferring it to a service provider in a third country, if this istechnically possible and appropriate.

‍

6 Datasubject rights

You have the right to,

· to request informationabout your personal data processed by us in accordance with Art. 15 GDPR. Inparticular, you can request information about the processing purposes, thecategory of personal data, the categories of recipients to whom your data has beenor will be disclosed, the planned storage period, the existence of a right torectification, erasure, restriction of processing or objection, the existenceof a right of complaint, the origin of your data if it has not been collectedby us, as well as the existence of automated decision-making, includingprofiling and, if applicable, meaningful information about its details;

· in accordance with Art.16 GDPR, to immediately request the correction of incorrect or completion ofyour personal data stored by us;

· pursuant to Art. 17 GDPR,to request the erasure of your personal data stored by us, unless theprocessing is necessary for the exercise of the right to freedom of expressionand information, for compliance with a legal obligation, for reasons of public interestor for the establishment, exercise or defense of legal claims;

· in accordance with Art.18 GDPR to request the restriction of the processing of your personal data,insofar as the accuracy of the data is disputed by you, the processing isunlawful, but you object to its erasure and we no longer require the data, butyou need it for the assertion, exercise or defense of legal claims or you haveobjected to the processing in accordance with Art. 21 GDPR;

· pursuant to Art. 20 GDPR,to receive your personal data that you have provided to us in a structured,common and machine-readable format or to request that it be transferred toanother controller;

· in accordance with Art. 7para.3 GDPR, to revoke your consent given to us at any time. This has theconsequence that we may no longer continue the data processing based on thisconsent in the future; and

· complain to a supervisoryauthority in accordance with Art. 77 GDPR. Usually you can contact thesupervisory authority of your usual place of residence or workplace or ourcompany headquarters for this purpose.

7 Rightof objection

If your personal data is processed on the basis of legitimate interestspursuant to Art. 6 para.1 f GDPR, you have the right to object to theprocessing of your personal data pursuant to Art. 21 GDPR, provided that thereare grounds for doing so that arise from your particular situation or theobjection is directed against direct marketing. In the latter case, you have ageneral right to object, which will be implemented by us without specifying aparticular situation.

If you wish to exercise your right to object, an email to start@jvm.com will suffice.

‍

8 Datasecurity

We use the widespread SSL procedure (Secure Socket Layer) in connectionwith the highest encryption level supported by your browser when visiting thewebsite. Usually this is a 256-bit encryption. If your browser does not support256-bit encryption, we use 128-bit v3 technology instead. You can tell whetheran individual page of our website is encrypted by the closed key or lock symbolin the lower status bar of your browser.

We also use appropriate technical and organizational security measuresto protect your data against accidental or intentional manipulation, partial orcomplete loss, destruction or against unauthorized access by third parties. Oursecurity measures are continuously improved in line with technologicaldevelopments.

‍

9 Actualityand change of this privacy policy

This privacy policy is currently valid and has the status of December2025.

Due to the further development of our website and offers on it or due tochanged legal or official requirements, it may become necessary to change thisprivacy policy. The current privacy policy can be accessed at any time on ourwebsite at https://www.start.jvm.com/data-privacy.