English

Data protection information

HYVE Innovate GmbH appreciates your interest in our company and our services/products.

We would like to inform you by means of the following data protection information about which personal data is collected, processed and, if applicable, shared with our partners when you visit our website and for the services and offers accessible via the website, to what extent and for what purpose.

Insofar as this website refers to external pages of other providers (links), you are leaving our website via these links. The operators of these linked sites are solely responsible for compliance with data protection regulations.

Data protection principles of HYVE Innovate GmbH

The protection of your privacy and the security of all business data are very important to us, and we take this into account in our business processes. Data protection and information security are part of our corporate policy.

We attach great importance to the protection of your personal data and process it exclusively in accordance with the laws and regulations of the Federal Republic of Germany and overriding European legal requirements, including the EU General Data Protection Regulation (GDPR). Your personal data will be processed to the extent described below for the purposes explained. This means that we only use your personal data if this is expressly permitted by data protection laws or if you have given us your express prior consent.

Data security

HYVE Innovate GmbH takes technical and organizational security precautions to protect the data we manage against manipulation, loss, destruction, access by unauthorized persons or unauthorized disclosure. This includes ensuring that only authorized persons have access to your personal data, and only to the extent necessary for the purposes stated. Our security measures are regularly reviewed and constantly improved in line with technological developments.

Our employees are obliged to maintain confidentiality and receive periodic training on data protection and security issues.

HYVE Innovate GmbH operates an Information Security Management System (ISMS) and is certified for the TISAX® information security standard. TISAX is derived from the international standard ISO 27001 and uses the procedures defined therein. In addition, requirements for implementing data protection are evaluated in accordance with the provisions of the GDPR.

For details, please refer to our dedicated page on information security.

Definitions

The EU General Data Protection Regulation uses certain terms that are defined in Art. 4, e.g. personal data, processing, pseudonymization, controller, processor, recipient, third party, consent.

Here you can find out what certain terms mean in terms of the General Data Protection Regulation.

Name and contact details of the Controller

The Controller within the meaning of the GDPR is:

HYVE Innovate GmbH
Schellingstr. 45
80799 Munich
Germany

Phone: +49 89 189 081-100 (central contact)
Fax: +49 89 189 081-400
E-Mail: info@hyve.net
Website: www.hyve.net

For all questions regarding data protection and to assert your rights as a data subject, please contact our data protection team.
E-Mail: datenschutz@hyve.net

These privacy notices apply to other domains operated by the controller:
www.the-secret-source-of-innovation.net

Name and contact details of the data protection officer

The data protection officer of the controller is

Dr. Eddie Kohfeldt
Schellingstr. 45
80799 Munich
Germany
Phone: +49 89 189 081-100
E-Mail: DPO@hyve.net

General information on the processing of personal data

Scope of processing

We process personal data to provide a website with various contents and functions and for the offer or the provision and billing of our business services and products.

Purposes of the processing

The purposes of processing personal data are based on the performance of HYVE Innovate GmbH business operations and all associated ancillary businesses.

Legal basis for the processing

  • The legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is party is Article 6 para 1 lit. b GDPR. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
  • If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR is the legal basis for the processing.
  • Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (for special categories of personal data) are the legal basis.
  • If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR is the legal basis.
  • If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis.
  • If data is transferred to third countries, this is done either based on an adequacy decision of the European Union (Art. 45 GDPR), based on suitable guarantees (Art. 46 GDPR) or on the basis of Art. 49 para. 1 lit. b if this is necessary for the fulfillment of the contract.

Legal or contractual provisions for the provision of personal data

The provision of personal data by you may be required by law or contract or may be necessary for the conclusion of a contract.

You may be obliged to provide us with personal data for the conclusion of contracts. Failure to provide personal data would mean that the contract could not be concluded with you.

Disclosure of personal data

We only pass on your personal data to third parties if

  • this is necessary for the execution of an existing contractual relationship with you.
  • it is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you (the data subject) which require protection of personal data.
  • we are legally obliged to do so.
  • this is necessary to enforce our claims and rights.
  • we receive requests from official bodies (e.g. supervisory authorities or law enforcement authorities, if the disclosure is necessary to prevent threats to public safety and order and to prosecute criminal offenses).
  • if you have given us your consent to do so.

In the context of such a transfer, however, the personal data may only be used for the respective purpose.

Integration of external service providers

We are not specialists in everything. That’s why we use service providers to support us in some areas of our business activities, e.g.

  • Data centers and cloud providers for the secure operation of our services
  • IT developers in the further development of our applications
  • IT service provider for the maintenance of our infrastructure
  • IT service provider for business applications (ERP, CRM, AI-applications)
  • Service providers for specific applications used on our website
  • Agencies and print shops for sending e-mail information or printed information

We have concluded the legally required contracts for order processing, in which it is specifically defined what the service provider may do with which data. In particular, the use of the data for the service provider’s own purposes and disclosure to third parties are excluded. In these contracts, service providers are obliged to comply with the applicable data protection regulations.

Data erasure and storage duration

Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. By way of derogation, data may be stored for longer if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject (e.g. obligations to provide evidence, retention periods) or if consent has been given.

The deletion or blocking of the data takes place when a storage period prescribed by the aforementioned standards expires, unless there is a justified need for further storage of the data.

Details on the processing of personal data

Provision of the website and creation of log files
Use of cookies
Processing of business contacts / Central CRM system of the Qvest Group
Contact via contact form, e-mail and telephone
Subscription to our newsletter
Registration/creating a login
Registration and participation in the HYVE Crowd
Use of third-party extensions
When you apply
Social Media

Your rights as a data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right to information
You can request confirmation as to whether and which personal data concerning you is being processed by us.

Right to rectification  
You have a right to rectification and/or completion if the processed personal data concerning you is incorrect or incomplete.

Right to erasure (“right to be forgotten”)
You can request that the personal data concerning you be deleted immediately, and the controller is obliged to delete this data immediately, if certain reasons apply.  

Right to restriction of processing
Under certain circumstances, you may request the restriction of the processing of personal data concerning you (e.g. blocking of use or temporary removal from the website if it was published there.

Right to notification  
If it has been determined that you have the right to rectification, erasure or restriction of processing, the controller is obliged to notify all recipients to whom the personal data concerning you have disclosed of this rectification or erasure of the data or restriction of processing to inform them to act accordingly.

Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to have it transmitted directly to another controller where it is technically feasible and does not adversely affect the rights and freedoms of others.

Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you if the processing is based on legitimate interests.
à This includes the objection to direct advertising for example.

Right to revoke the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority.

How to exercise your rights:

You can exercise these rights by contacting us by email at datenschutz@hyve.net or by post to the controller.

If necessary, we may request additional information required to confirm your identity, e.g. a photocopy of an identity card.

Your requests will be processed immediately, usually within one month of receipt of the request. If circumstances require it, the processing time may be extended by a further two months.

Changes to the data protection information

We reserve the right to adapt this data protection notice when introducing or changing new services so that it always complies with current legal requirements. The current version will apply when you visit our website again.

Munich, March 2025