Privacy Policy for the Typeform Integration
March 2024
This privacy policy applies to data processing by Hatched UG, c/o Grace, Hardenbergstraße 32, 10623 Berlin ("Controller", "we" or "us") when using the Hatched Typeform Integration ("App").
​
Hatched provides a Software-as-a-Service solution to connect the world’s entrepreneurial talent ("Service").
When you use our App, we process your personal data. Personal data is any information relating to an identified or identifiable natural person. When we process personal data, this means that we collect, store, transmit, delete or otherwise use this data. When processing your personal data, we comply with the applicable data protection laws, in particular the General Data Protection Regulation ("GDPR") and the German Federal Data Protection Act ("BDSG").
​
With the following data protection information, we inform you about the type, scope and purposes of the collection, use and other processing of personal data when using our App or our App.
​
If there are changes with regard to the data processing carried out by us, we will adapt our privacy policy. We therefore ask you to regularly inform yourself about the content of our privacy policy. If the change requires an act of cooperation on your part, such as consent, or other individual notification, we will inform you.
1. Data Controller
Data Controller is Hatched UG;
address: c/o Grace, Hardenbergstraße 32, 10623 Berlin
email: hello@hatched.team
​
2. Data Protection Officer
For all questions on the subject of data protection or to exercise your rights in accordance with Section 8 of this privacy policy in connection with the use of our App, you can contact us at any time:
Email address: dpo@hatched.team
3. Collection and storage of personal data as well as the nature and purpose of their processing and the relevant legal basis
In the following, we inform you about which personal data we process when you use our App and/or make use of our Services. We will also explain the purpose for which we process your data and the legal basis on which we do so. To the extent that the processing of personal data is based on Art. 6 para. 1 sentence 1 lit. f) GDPR, the aforementioned purposes also represent our legitimate interests.
3.1​Using our App
When you use our App, we collect, store and process personal data.
This applies to:
-
First Name and Last Name
-
Email ID
-
Name of the community you use our App from
-
Date and time when you use our App
The processing is carried in order to fulfil the contract with you for the services offered GDPR The legal basis of the data processing is therefore Art. 6 para. 1 lit. b) GDPR.
​
3.2 Participating in the Matching Pool
If you wish to use our Matching Pool, we will collect the following data from you:
-
If you have an idea to execute or looking to join somebody else’s idea
-
Description of your idea
-
Your areas of Interest to build a business in
-
Your skillset
-
Your preference for your cofounder’s skillset
-
Your commitment level
-
Your location
-
Your preference for your cofounder’s location
-
Your language
-
Your preference for your cofounder’s language
-
Your personal tagline
-
Your motivation to found a business
​
We will add you to our pool / database, to ensure future participants being able to match with you.
Furthermore, we will share your data with potential matches (potential Co-Founders also being part of the Matching Pool), to facilitate the matching process.
We process the aforementioned data in order to fulfil the contract with you for the services offered. The legal basis of the data processing is therefore Art. 6 para. 1 lit. b) GDPR regarding necessary data and Art. 6 para 1 lit. a) GDPR regarding additional voluntary data.
​
4. Data recipients
In order to process your personal data, we also use the services of external service providers (IT providers). In part, these third parties act as our own data protection controllers, in part they act in the function of a processor on our behalf and in accordance with our instructions pursuant to Art. 28 GDPR. For a detailed overview of service providers you can contact hello@hatched.team.
​
To facilitate the matching process, we will also transfer the data to your matches. We do this in order to fulfil the contract with you for the services offered. The legal basis of the data processing is therefore Art. 6 para. 1 lit. b) GDPR.
​
5. App security
5.1 We use appropriate technical and organisational security measures to protect stored personal data against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. In particular, we ensure that sensitive personal data is stored exclusively on servers hosted in the EU that are certified in accordance with DIN ISO/IEC 27001 (as amended).
5.2 We use various service providers to maintain a high level of system security on our platform and to prevent and remedy faults. It is our legitimate interest to continuously monitor and maintain the security and performance of our platform. This is also in the interest of our customers. The legal basis for data processing for this purpose is Art. 6 para. 1 subpara. 1 lit. f GDPR.
6. Will your data be transferred to third countries or international organisations?
6.1 In the course of our business relationships, your personal data may be passed on or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. This applies to the use of the following services:
-
Docker: El Camino Real 1052, Palo Alto, 3790, United States
-
GitHub Inc.: Colin P. Kelly Jr. St. 88, San Francisco 94107, United States
​​
6.2 In the context of the transfer of personal data to a third country, we will regularly ensure through appropriate guarantees, for example by concluding the standard contractual clauses of the European Commission, that a transfer of data to a third country only takes place on the basis of a level of protection that complies with the GDPR. For the above-mentioned service providers an adequacy decision of the european commission exists.
6.3 To the extent that, when using the data mentioned in section 6.1, data is transferred to a third country, for which there is no adequacy decision by the Commission, this is done on the basis of standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in conjunction with appropriate technical and organisational measures to protect your data.
6.4 A copy of the standard contractual clauses or further information on the standard contractual clauses used can be downloaded from the respective websites of the service providers we use:
7. When do we delete your data?
We delete your data when it is no longer needed for the purposes for which it was originally collected.
Irrespective of this, we store your data processed until the expiry of the statutory or possible contractual warranty rights or until you ask us to delete it. After expiry of this period, we retain the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period, the data will be processed again solely in the event of an audit by the tax authorities.
​
8. Your rights
In relation to our processing of your personal data, you have the following rights free of charge:
8.1 Right to information pursuant to Art. 15 GDPR
You have the right to receive information from us about whether and what data we process about you. This includes information on how long and for what purpose we process the data, the source of the data and the recipients or categories of recipients to whom we pass on the data. We can also provide you with a copy of this data.
​
8.2 Right to rectification pursuant to Art. 16 GDPR
You have the right to request that we correct information about you that is not or no longer accurate without delay. In addition, you can request that we complete your incomplete personal data. If required by law, we will also inform third parties of this correction if we have disclosed your personal data to them.
​
8.3 Right to erasure pursuant to Art. 17 GDPR
You have the right to request that we delete your personal data without delay in one of the following cases:
-
your data is no longer necessary for the purposes for which it was collected or otherwise processed or the purpose has been achieved;
-
you withdraw your consent and there is no other legal basis for the processing;
-
you object to the processing and there are no overriding legitimate grounds for the processing; where personal data is used for direct marketing, a mere objection by you to the processing is sufficient;
-
your personal data have been processed unlawfully;
-
the erasure of your personal data is necessary for compliance with a legal obligation under European Union law or the law of a member state to which we are subject.
Your right to erasure may be restricted on the basis of statutory provisions. This includes in particular the restrictions listed in Art. 17 GDPR and section 35 BDSG.
​
8.4 Right to restriction of processing pursuant to Art. 18 GDPR
You have the right to request us to restrict the processing of your personal data if one of the following reasons applies:
-
you contest the correctness of your personal data for a period of time which allows us to verify the correctness of the personal data;
-
the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of your personal data;
-
we no longer need your personal data for the purposes of processing; however, you need it for the assertion, exercise or defence of legal claims; or
-
You have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh yours.
If you have obtained a restriction on processing under the above list, we will inform you before the restriction is lifted.
​
8.5 Right to data portability pursuant to Art. 20 GDPR
You have the right to obtain personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to others. The exercise of this right does not affect your right to erasure.
​
8.6 Right to object pursuant to Art. 21 GDPR
According to Art. 21 GDPR, you have in particular the right to object to the processing of your data at any time for reasons arising from your particular situation, if we base this processing on legitimate interests pursuant to Art. 6 para. 1 lit. (f) GDPR. If you object, we will no longer process your personal data, except in two cases:
-
we can prove compelling legitimate reasons for the processing which override your interests, rights and freedoms, or
-
the processing serves the assertion, exercise or defence of legal claims.
​
8.7 In particular, if we process your personal data for direct marketing, you have the right to object at any time to the processing of your data for the purpose of such marketing. If you object to the processing of your data for direct marketing purposes, we will no longer use your personal data for this purpose.
8.8 Right to revoke consent pursuant to Art. 7 GDPR
You can revoke your consent given to us at any time with effect for the future. This revocation can be made in the form of an informal communication to the above contact addresses. If you revoke your consent, the legality of the data processing carried out up to that point will not be affected.
​
8.9 Right to complain to the supervisory authority
If you believe that the processing of your data by us violates applicable data protection law, you have the right to lodge a complaint with one of the competent supervisory authorities. The supervisory authority responsible for us is:
Berlin Commissioner for Data Protection and Freedom of Information (“Berliner Beauftragte für Datenschutz und Informationsfreiheit”)
email: mailbox@datenschutz-berlin.de
website: https://www.datenschutz-berlin.de/
In addition, you can complain to the data protection supervisory authority responsible for you at your place of residence. You can find an overview of data protection supervisory authorities at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
9. Automated decisions in individual cases including profiling pursuant to Art. 22 GDPR
We do not process your data for automated decisions in individual cases, including profiling within the meaning of Art. 22 GDPR.