Privacy Policy

In this Privacy Policy, we inform you about the processing of your personal data.

Controller responsible for the processing of your personal data is:

Heartfelt APX GmbH & Co. KG

Zimmerstraße 50

10888 Berlin

E-mail address: hello@heartfelt.capital

Phone number: + 49 30 2591 78001

Represented by the general partner (personally liable)

Heartfelt Capital GP GmbH

Zimmerstraße 50

10888 Berlin

Represented by the managing directors Dr. Henric Hungerhoff and Jörg Rheinboldt

Purposes of data processing and legal basis

We process personal data (Article 4 No. 2 GDPR) in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) and comply with the provisions of the Telecommunications Telemedia Data Protection Act (“Telekommunikation-Telemedien-Datenschutz-Gesetzes”, TTDSG) when using cookies and similar technologies.

Provision of the Website

We process your personal data in order to provide you the Website https://heartfelt.capital/ ("Website").

Logfiles

When you visit the Website, the browser used on your end device sends information automatically to our Website server. This information is temporarily stored in a so-called logfile. The following information is collected without you being involved and stored until automatic deletion: IP address of the requesting device, date and time of access, name and URL of the accessed file, Website from which the access is made ("referrer URL"), if applicable the search engine used by you, browser used and if applicable the operating system of your device as well as the name of your access provider. Logfiles serve as a source of information for error analysis in the event of a system crash, allowing lost data to be reconstructed. They can also be used to analyse user behaviour.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interests follow in particular from the following purposes:

Ensuring a functioning connection of the Website,

Ensuring a comfortable use of the Website,

Statistical evaluation using a pseudonym in order to optimise the Website as well as the quality and range of our services,

Evaluation of system security and stability, and

Fulfilment of other administrative purposes.

Cookies

We only use cookies on the Website that are technically necessary to enable you to use the Website. Cookies are small text files that are placed in the memory of your browser or device when you visit the Website. Cookies contain information about your visit of our Website, such as login information, browser information and your chosen language.

These cookies are placed by the provider Bubble Group, Inc., 900 Broadway, Suite 504, New York, NY 10003, USA ("Bubble"), which hosts the Website for us. The cookies are required for the operation of the Website. We use these cookies to allow you to access our Website and to effectively provide you the Website´s functionalities, to identify you as being logged into the Website or to authenticate you, and to prevent fraud and improve the security of the Website. The cookies will only be stored on your device as long as your browser is active ("session cookies"). We will not combine the data with other personal data and will not use the data for advertising purposes.

Via the cookies, Bubble collects information on your use of the Website. This includes:

Information about your browser, network and device;

Web pages you visited before coming to the Website;

Web pages you access on this Website;

Date and time of your visit; and

Your IP address.

As these cookies are necessary to provide you with the Website and the services offered via the Website, you cannot refuse them. Our legitimate interest in data processing lies in this purpose. The legal basis for the use of cookies is Art. 6 para. 1 p. 1 lit. f GDPR, Section 25 para. 2 number 2 TTDSG.

As a host provider of the Website Bubble as US-based entity has access to the data. Further Bubble uses the services of Amazon Web Services to host Websites built on Bubble. Your data may be transferred to and stored on servers in the USA, a third country outside the European Union (EU) and the European Economic Area (EEA) not recognized under EU Data Protection Law as providing an adequate level of protection for your personal data. If the data is transferred to the US, according to the data protection authorities, there is nevertheless a risk that your data will be processed by authorities, for control and for monitoring purposes, without you being informed or having the right to appeal. Bubble may also use sub-processors in such countries.

For this reason, we have concluded a data processing agreement within the meaning of Art. 28 GDPR with Bubble including the EU Standard Contractual Clauses (SCC) to make sure that the processing of your data is covered by appropriate guarantees within the meaning of Art. 46 para. 2 p. 1 lit. c GDPR. Please refer to our general information on the data processing outside the EU (see Sec. 7 of this Privacy Policy) or contact us using the contact details provided in this Privacy Policy.

For more information on the purpose and scope of the data collection and processing by Bubble, please visit https://bubble.io/dpa and https://bubble.io/privacy.

Simple links to our Social Media Fanpages

Our Website also contains simple links to our profiles on Social Media (Instagram, Twitter etc., “Social Media Fanpages”). If you click on the link, you will leave our Website. The data processing on these Social Media Fanpages is governed by the data protection provisions available there.

Funding applications

Application process

When you apply for funding from us, we collect the personal data you provide us with when contacting us, e.g., when filling out our online application form, contacting us via e-mail and sending us your pitch deck. Your application data can be any personal data that you provide us with that could help us to make an investment decision. We may also obtain and review such information from third parties or from publicly accessible sources in order to come to a well-founded investment decision.

This data usually includes, without limitation, your pitch deck itself, identification and contact details (e.g. first name, last name, e-mail address, telephone number), data about your company (e.g. company name and website, the information whether you are incorporated, number of founders and members and financial information about the company), data about your general business (e.g. your business model, your branch of industry, product information) and information about your motivation (e.g. how you found us).

We process your application data for the evaluation of your pitch, for carrying out the selection process and making the decision on our investment. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, as these are pre-contractual measures that precede a potential investment agreement with you or our legitimate interest according to Art. 6 para. 1 lit. f GDPR to come to a well-founded investment decision. If you provide us with data that is not absolutely necessary for the application, the processing of this voluntary data is based on your consent; the legal basis is then Art. 6 para. 1 lit. a GDPR or Art. 9 para 2 lit. a GDPR insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are affected in the individual case.

You can ask us to delete your data at any time by sending an e-mail to (hello@heartfelt.capital). Please note that this will mean that if you have an application process that is still ongoing, you will withdraw your application.

Video interviews

As part of our funding application process, we conduct video interviews with some of our applicants.

We use the video conferencing system of the provider Google Ireland Limited ("Google Meet") to conduct the video interviews. We offer you the opportunity to take part in the video call as a "guest". Guest access is possible via the browser and via the Google Meet app. As far as you access the website of Google, Google Ireland Limited is responsible for the data processing. If you decide to download the Google Meet app, you must accept the terms of use and data protection of Google as part of running the Google Meet app. Your data may be transferred to and stored on servers in the USA, a third country outside the European Union (EU) and the European Economic Area (EEA) not recognized under EU Data Protection Law as providing an adequate level of protection for your personal data. Please refer to our general information on the data processing outside the EU (see Sec. 7 of this Privacy Policy) or contact us using the contact details provided in this Privacy Policy.

For more information on the purpose and scope of the data collection and processing by Google, please visit https://cloud.google.com/terms/data-processing-addendum and https://cloud.google.com/privacy.

We process personal data that is collected by us in the course of your participation in video interview or that we receive from you on the occasion of you participation in the interview. These are in particular the following data:

Participant details: first name, last name, telephone (optional), e-mail address, profile picture (optional).

Participation information: topic and description of the call, traffic data such as times of dial-in, use of camera, microphone and chat, end of participation.

When dialling in with the telephone: information on the incoming and outgoing call number, country name, start and end time.

Text, audio and video data: You have the opportunity to use the chat, question or survey functions during the video call. We process the text entries made by you in order to log them. If you use the audio and/or video function during the video interview, we process the data collected by the microphone and/or video camera of your terminal device. You can switch off the microphone and/or camera yourself at any time via the Google Meet app or the Google website.

We process this application data for carrying out the selection process and making the decision on our investment. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, i.e., the application process as pre-contractual measure.

Only if you have given your consent (Art. 6 para. 1 p. 1 lit. a GDPR and Art. 9 para 2 lit. a GDPR if special categories of personal data are affected, e.g., ethnic origin, religious beliefs, biometric data) we will record the video interview, in order to evaluate the application process internally and to forward it to those involved in the funding process, e.g., members of our investment team and investment committee. We will inform you of the recording when inviting you to the interview session via email as well as in the video call before we start recording. Consent is voluntary and will be logged by us. If you do not agree to this, we will conduct the interview without recording. This will not cause you any disadvantages. If we do proceed to record the interview, we will store and use the recording only to evaluate and process your application for funding. You can withdraw your consent at any time. Google will not store videos, audios, or chat data unless we start to record the video interviews. Please note that the withdrawal is only effective for the future. Processing that took place before the revocation is not affected.

Funding

We further process your personal data to make investment decisions and to carry out our investments. We process your data in particular for the purpose of concluding and processing the investment agreement with you, for the rendering of our services, in particular for the provision of access to all our extensive online and offline resources, network, curated mentors and campus, to communicate with you in connection with the provision of the funding and our services and to answer enquiries in connection with our business relationship, also using the communication channels of our Website.

For this purpose, we process the personal information that you provide to us during application for the funding (see Sec. above), for contractual purposes or in the context of enquiries, including payment data (e.g. IBAN and BIC, or account number and bank code), data about your use of our services, messages and conversation content (e.g. for answering enquiries), and other data that we are legally obliged or entitled to collect and process.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. b GDPR, i.e., the investment agreement that we conclude with you and fulfil by granting the investment and providing our services.

Cooperation with business partners

We further process personal data for the conclusion and implementation of contracts with business partners, including the implementation of pre-contractual measures, the processing of payments, and the answering of enquiries in connection with our business relationship. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR. The purposes and further details of the data processing are defined in the respective contract.

Protection of legitimate interests

In addition, we process your data to protect the legitimate interests of ours or of third parties, such as:

Responding to your enquiries outside of a contract or a pre-contractual measure (in particular if provided via the Website’s contact form),

Assertion of legal claims and defence in legal disputes,

Ensuring IT security and IT operations,

Prevention and investigation of criminal offences, and

Measures for business management and further development of our services.

The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is to further develop our services or to protect ourselves against impairments and dangers and to enforce our claims.

Based on your consent

If you have given us your consent to process personal data for certain purposes (e.g., passing on data), this processing is lawful based on your consent (Art. 6 para. 1 p. 1 lit. a GDPR). You can withdraw your consent at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the revocation is not affected.

Compliance with legal requirements

In addition, we are subject to various legal obligations, i.e., legal requirements (e.g., tax laws), which require the processing of data. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. c GDPR.

No obligation to provide personal data

If we ask you to provide personal data, you can of course refuse to do so. However, we may then not be able to provide certain functions of the Website or to process your application for funding or to answer your enquiries. This applies, in particular, if data is necessary for our application process, for the establishment, negotiation, execution, implementation and termination of the investment agreement and the newsletter service, or if we are legally obliged to collect data.

Categories of recipients

Within our company, those departments of individuals get access to your data that need it to provide the Website and the services offered via the Website or to fulfil our contractual and legal obligations.

We will share your data with the Heartfelt Capital Services GmbH, Zimmerstraße 50, 10888 Berlin that provides us with operational services to the entities pertaining to the Heartfelt company group, if it is necessary for the fulfilment of a contractual relationship existing between you and us or for the implementation of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b GDPR) or if this is necessary to protect legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).

We pass on your data to the recipients expressly named in this data protection declaration. In doing so, we observe the legal requirements and, if necessary, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Furthermore, we might share your data with the following categories of recipients if this is necessary for the fulfilment of a contractual relationship existing between you and us or for the implementation of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b GDPR) or if this is necessary to protect legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).

Third parties involved in the funding process, e.g., experts, mentors and (follow-on) investors as well as our advisors (e.g., legal, tax and accounting);

IT service provider;

Marketing and advertising service providers, especially in the area of email marketing;

Third parties involved in legal proceedings, provided they provide us with a legal order, court order or equivalent legal order.

Where processing is necessary to protect legitimate interests, such as when using IT services, our legitimate interest is to outsource functions. In addition, your personal data will be disclosed or transferred if required by law (Art. 6 para. 1 sentence 1 lit. c DSGVO) or if you have given your consent (Art. 6 para. 1 sentence 1 lit. a DSGVO).

Social Media Fanpages

We operate Social Media Fanpages. There we publish and share recommendations, content, competitions and offers.

When you visit the Social Media Fanpages, the Social Media provider processes information about you. You can find more detailed information on data processing in the privacy policy of the respective Social Media provider listed below. Some Social Media providers also offer the option to object to certain data processing. Please note that according to the Social Media providers, user data is also processed in the USA or other third countries.

Platform

Postal address

Link to the privacy policy

Facebook

Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland