How We Protect Your Data

Trusted by
Kyocera_logo
Bayer-G4A-white-logo
Samsung-white-logo
MAGNA-white-logo
Nestle-white-logo
Siemens-Gamesa-white-logo
Techstars-white-logo

Who We Are

StartUs Insights empowers you to access the world’s information on innovation, emerging companies, and technologies.

We achieve this through the StartUs Insights Discovery Platform, covering over 4.7 million startups & scaleups globally. Our Big Data & AI-powered SaaS platform enables you to quickly and continuously identify new startups, scaleups & technologies that matter to you.

Some of our 1.500+ corporate partners include Samsung, Nestlé, Lufthansa Cargo, KNAPP AG, Magna, CAF, Siemens Gamesa, Iberdrola, CARGOTECH, Bayer’s G4A, and Altair.

“StartUs-Insights.com” and “StartUs.cc” including all subdomains of StartUs GmbH

(1) Processing activities

Operation of career network and job exchange for (registered) customers

(2) Controller

StartUs GmbH

(3) Contact details of responsible entity for data protection

StartUs GmbH
c/o Data Protection
Mariahilfer Straße 136
1150 Vienna
Austria
info at startus-insights dot com

(4) Purposes of data processing

  • on the legal basis of performance or preparation of contracts
    • (a) Operation of an online job platform to compile the interests of potential employees and employers
    • (b) Keeping job advertisements accessible to prospective employees and employers, informing interested parties about suitable offers
    • (c) Provision of communication channels to the controller for servicing the contractual relationship
    • (d) Maintaining and enhancing customer satisfaction and customer retention through an analysis of user behavior
    • (e) Collecting user data to document reach
    • (f) Recommending jobs and candidates in the following cases:
      • show best matching candidates to a job
      • show best matching jobs to a candidate
      • show best matching jobs to a job
      • show best matching candidates to a candidate
    • (g) Enable network participants to establish and maintain networks
  • on the legal basis of the (overriding) legitimate interests of the controller: direct marketing
    • (h) Customer recovery and attracting new customers
    • (i) Dissemination/presentation of advertising for (other) goods and services of the controller by means of direct marketing (“marketing purposes”), to the extent permitted by law
    • (j) Analysis of reader behavior and personal preferences of customers for the purpose of targeted dissemination of advertising with the aim of avoiding scatter losses (using profiling, see paragraph 9)

(5) Legal basis for data processing

(1) Online use. Performance of the contract. The use of the career network and job exchange is already based on a contract as defined in Art. 6 (1) (b) GDPR; a registration relationship is established upon registration. Through the use of the social media channels of the controller the primary contractual relationship exists with the respective service provider.

(2) Additional services. Consent. The controller will obtain the customer’s express consent for specific services (e.g. social media tools, recommender tool). Such consent may be withdrawn at any time with effect for the future.

(6) Description of (overriding) legitimate interests for the purposes

Of IT security

The controller will store the IP addresses of its customers for a period of 7 days in order to protect against targeted attacks in the form of server overloads (Denial of Service attacks) or other damage to the systems. The controller has an overriding legitimate interest in such data processing for the purposes of maintaining the functionality of its online services (Recital 49 GDPR).

(7) Evaluating personal aspects of the customer (profiling)

Type: Evaluation of personal interests with regard to jobs

Description: For the purpose of compiling suitable job offers the controller processes and evaluates search and user behavior, and draws conclusions about specific personal interests. The controller uses those evaluated interests to send the customer targeted job offers.

(8) Objection to profiling

The customer may object to the use of their personal data for the purpose of profiling at any time and without having to state reasons. Upon objection, the controller will no longer use the customer’s personal data for the purposes of profiling.

(9) Obligation to provide data

The customer is under no obligation to provide data. Reasonable use of the platform is, however, inconceivable without entering any data.

(10) Automated decision-making

The customer is subject to no automated decision-making which would become legally effective vis-à-vis him.

(11) Processed types of data

Provided by the customer:

Name/Company name, academic degree
Username
Phone number
Email address
Place of residence or address
Title
Date of birth
Application text
Message contents
Password
Curriculum vitae
Photo, Video
Uploaded data
Information on the desired job
Current occupation, work experience
Languages and other skills
Training and continuing education
Contact requests
Bookmarked jobs

Additionally collected by the controller:

IP addresses (log files)
Data on the terminal equipment
Browser used
Equipment used
Communications protocol
Information on account use (e.g. date created, number of logins, date of the last request)
Information on newsletter subscription
User ID
Facebook user ID
Facebook email address
Facebook profile link
Date of the last Facebook alignment
LinkedIn user ID
LinkedIn email address
LinkedIn profile link
Date of the last LinkedIn alignment

(12) Data sources (to the extent not provided by the customer nor collected by the controller)

Source: Facebook login
Types of data: Email, name, sex, Facebook UID, Facebook link, photo

Source: Xing login
Types of data: Email, name, sex, Facebook UID, Facebook link, photo

Source: Google login
Types of data: Email, name, sex, Facebook UID, Facebook link, photo

Source: LinkedIn login
Types of data: Email, name, sex, Facebook UID, Facebook link, photo, current occupation

Source: MailChimp
Types of data: IP location, preferred email client, registration source, campaign details (receipt, open, click)

Social media channels:

Facebook
Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, https://de-de.facebook.com/about/basics

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, https://www.linkedin.com/legal/impressum

Xing
XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland, https://www.xing.com/imprint

Twitter
Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, https://twitter.com/de/tos

Google Plus
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, https://www.google.com/contact/

(13) External recipients of data:

Processor:

  • Operator of the career network and job exchange: epiqo GmbH, Mariahilfer Strasse 136, 1150 Vienna, Austria
  • Email campaign sending and sending of system emails “MailChimp” (and/or Mandrill): The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
  • Pipedrive as CRM: Pipedrive Inc, 460 Park Ave South, New York, NY 10016, USA
  • Extracting data from uploaded curricula vitae by “Textkernel”: Nieuwendammerkade 28A17, Amsterdam, Noord-holland 1022 AB

Analytics tools:

  • Google Analytics (with “anonymize IP”): Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Adsense Ad banner:

Third-party vendors, including Google, use cookies to serve ads based on a user’s prior visits to your website or other websites. Google’s use of advertising cookies enables it and its partners to serve ads to you based on your visit to our sites and/or other sites on the Internet.
You may opt-out of personalized advertising by visiting Ads Settings. (Alternatively, you can opt-out of a third-party vendor’s use of cookies for personalized advertising by visiting www.aboutads.info.)

Cloud and technical services:

  • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
  • Code Enigma, Smithfield Business Centre., 5 St John’s Lane, London, EC1M 4BH, United Kingdom
  • Google G Suite, Google LLC, Googleplex, Mountain View, California, USA
  • WP-Engine for hosting StartUs Magazine: Irongate House, 22-30 Duke’s Place, London, EC3A 7LP, United Kingdom

All external recipients can be written to and contacted via the controller with regard to questions under data protection law.

(14) Transfer to third countries

The following data will be transmitted to countries outside of the EU in connection with data processing:

Country: USA
Application: Google
Types of data:
Google Analytics: anonymized IP address, website title, browser-specific information, information about website use
Google G Suite (storage): email address, name

Country: USA
Application: Facebook
Types of data: Social plug-ins (upon consent using double click): IP address, website title, browser-specific information, information about website use

Country: USA
Application: LinkedIn
Types of data: Social plug-ins (upon consent using double click): IP address, website title, browser-specific information, information about website use

Country: USA
Application: MailChimp
Types of data: Transmission by email (newsletter): email address, name

Country: USA
Application: Mandrill
Types of data: Transmission by email (system messages): email address, name

Country: USA
Application: Pipedrive
Types of data: Online CRM (storage): email address, name, contact number

(15) Storage period

Non-registered users: Personal data (in particular the IP address) of (non-registered) visitors to the website will be stored for purposes of IT security for a period of 7 days.

Registered users: Data on registered users will be processed by the controller on the legal basis stated above for the term of the contractual relationship. Users may edit or delete such data at any time. In any case, the use agreement will end upon deletion of the account by the customer or after a period of 7 years of inactivity; this will lead to immediate deletion.

Registered employers: Generally, personal data of registered employers will be processed by the controller on the legal basis stated above for another 40 months after termination of the contract (= 36 months for potential contractual claims for damages + max. 4 months service period for a statement of claim) and then deleted (in any case, links to personal data). In any case, the use agreement will end after a period of 7 years of inactivity and will lead to immediate deletion.

(16) Rights of the data subject

Basis: Art 15 GDPR “Access”
Contents: The customer shall have the right to obtain confirmation as to whether or not their personal data is being processed.

Basis: Art 16 GDPR “Rectification”
Contents: The customer shall have the right to obtain without undue delay the rectification of inaccurate personal data or to have them completed.

Basis: Art 17 GDPR “Erasure”
Contents: The customer shall have the right to obtain the erasure of personal data without undue delay as long as the reasons stated in Art 17(1) GDPR are fulfilled.

Basis: Art 18 GDPR “Restriction”
Contents: The customer shall have the right to obtain restriction of processing of personal data as long as the reasons stated in Art 18(1) GDPR are fulfilled.

Basis: Art 21 GDPR “Objection”
Contents: Objection to profiling. The customer shall have the right to object to the processing of their personal data for the purposes of profiling at any time. Objection to direct marketing: The customer shall have the right to object to the processing of their personal data for the purposes of direct marketing at any time.

Basis: Art 20 GDPR “Data portability”
Contents: The customer shall have the right to receive the personal data concerning him in a structured, commonly used, and machine-readable format.

(17) Right to lodge a complaint

Basis: Art 77 GDPR
Contents: Each customer shall have the right to lodge a complaint with the supervisory authority if he considers that the processing of personal data relating to him infringes this Regulation.

(18) Supervisory authority

Austrian Data Protection Authority
Wickenburggasse 8-10
1080 Vienna
Phone: +43 1 52 152-0
Email: dsb at dsb dot gv dot at

Download this document.

"If you love innovation, you'll love us!"


David R. Prasser, Founder & CEO StartUs Insights


Discover startups & scaleups!




    Protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

      Protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

      Message us




        Protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.