General Information

1. Name and contact data of the data controller for processing as well as the company protection officer.

This privacy information applies for data processing services carried out by:

Controller:
ECBF Management GmbH (hereinafter ECBF)
Poppelsdorfer Allee 17
53115 Bonn

Phone: +49 (0)228 28634420
E-mail: info@ecbf.vc

ECBF‘s data protection officer is available through dhpg IT-Services GmbH, Bunsenstr. 10a, 51647 Gummersbach, Email: datenschutz@dhpg.de, phone: +49 2261-8195-0.

2. Rights of data subjects

You have the right:

pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. Insofar as we process your data you may request information especially about the processing purpose, the categories of personal data, the recipients of your disclosed personal data, especially recipients in third countries, the planned storage period or the criteria of determination, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if it was not collected by us as well as the existence of an automated decision-making including profiling and, if applicable, meaningful detailed information.

pursuant to Art. 16 GDPR, to obtain the immediate rectification of incorrect or incomplete of your personal data stored with us;

pursuant to Art. 17 GDPR, to obtain the erasure of the personal data stored with us, unless the processing is required to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

pursuant to Art. 18 GDPR, to obtain the restriction of processing of your personal data, if the correctness of data is disputable, the processing is unlawful, but you refuse its erasure and we do not need the data anymore. On the other hand, you might need it to assert, exercise or defend legal claims or you have lodged an objection against the processing pursuant to art. 21 GDPR and it is not yet clear whether our legitimate reasons prevail your interests.

pursuant to Art. 20 GDPR, to obtain your personal data which you provided us, in a structured, common and machine-readable format or to demand the transfer to any other responsible person, insofar as the processing is based on your consent or a contract and the processing is made by means of automated procedures;

pursuant to Art. 7 seq. 3 GDPR, to revoke your uniquely given consent at any time. This entails that continued processing of your personal data is prohibited and

pursuant to Art. 77 GDPR, to lodge a complaint with the supervisory authority. As a rule, you can address to the supervisory authority at your usual place of residence or workplace or at our company headquarter.

3. Right of objection

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 seq. 1 sent. 1 lit. e or f GDPR, you have the right, pursuant to Art. 21 GDPR, to appeal against processing your personal data insofar as there are reasons resulting from your particular situation or which are directed against direct advertising.

In the first case, we will no longer process your data unless we can prove compelling reasons that prevail your interests, liberties, and rights or our processing serves to assert, exercise, or defend legal claims.

In the latter case, you have a general right of objection which is realized by us without indicating a particular situation. If you want to make use of your right of revocation or objection, an email to info@ecbf.vc will be sufficient.

4. Data transfer

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:

you have expressly given your consent pursuant to Art. 6 seq. 1 sent. 1 lit. a GDPR

the transfer pursuant to Art. 6 seq. 1 sent. 1 lit. f GDPR is required for the assertion, exercise, or defence of legal claims and there is no reason to assume that you have a prevailing legitimate interest in not transferring your data,

in the event that there is a legal obligation to transfer data pursuant to Art. 6 seq. 1 sent. 1 lit. c GDPR and

this is required by law and pursuant to Art. 6 seq. 1 sent. 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, your personal data are processed by our order processors in compliance with instructions, insofar as this is necessary for the fulfillment of the order. Our contract processors do not have an own right to use your data.

5. Data security

We use the common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the representation of the closed bowl or lock symbol or by the use of “https” in front of the address of our (sub)website. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties. Our security measures are continuously improved in accordance with technological development.

6. Third countries

Data will be transferred by us to third countries exclusively in accordance with the statutory requirements. In principle, this requires the existence of an adequacy decision or other appropriate safeguards pursuant to Art. 45 and 46 GDPR.

A suitable safeguard exists, for example, if the EU standard contractual clauses issued by the EU Commission have been concluded. An adequacy decision exists where the Commission has determined that a specific third country ensures an adequate level of protection.

In certain situations, data may be transferred to third countries without an adequacy decision or appropriate safeguards. This applies where the transfer is necessary for the performance of a contract with you, where you have explicitly consented to the proposed transfer (after having been informed of the possible risks of such transfers for you due to the absence of an adequacy decision and appropriate safeguards), or where the transfer is necessary for the establishment, exercise or defence of legal claims. 

Specific privacy information for data processing operations on the website

1. When visiting the website
When visiting our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
 
  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the retrieved file
  • website allowing the access (referrer-URL),
  • used browser and the operating system of the computer as well as the name of your access provider. 

The mentioned data are processed by us for the following purposes:

  • to ensure a smooth connection to our website, 
  • to ensure comfortable use of our website,
  • assessment of the system security and stability as well as for further administrative purposes.

The legal basis for data processing is laid down in Art. 6 seq. 1 sent. 1 lit. f GDPR. Our legitimate interest lies in the operation of our website and the related presentation of our company.  

Your data will be deleted as soon as they are no longer required for the stated purposes, after 6 months at the latest.

The website is hosted by Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany (hereinafter “Hosting Provider”). We have concluded a data processing agreement with the Hosting Provider. The Hosting Provider may therefore only process the data in accordance with our instructions and not for its own purposes.

2. Request by email, telephone, or fax

You can contact us by email, telephone, or fax. Depending on the selected communication type, the data required for the connection is transmitted. Further information can be provided voluntarily.

Data processing for the purpose of entering into or performing a contact with us is made pursuant to Art. 6 seq. 1 sent. 1 lit. b GDPR. We store this data for the duration of the legal retention periods.

In other cases, we process the data to answer your contact request based on your consent (Art. 6 seq. 1 sent. 1 lit. a GDPR) or our legitimate interest (Art. 6 seq. 1 sent. 1 lit. f GDPR). We store the data as long as we need it to answer your request or until your withdrawal of the consent.

3. Request via our contact form for companies (Typeform)

For companies and innovators, we provide a contact form via the service Typeform, operated by TYPEFORM S.L., Via Augusta 29 – 31, 08006 – Barcelona, Spain (“Typeform”). The form is accessed via the “pitch your company” button and embedded as an external service.

To use this form, you have to provide your first and last name, the name of your company and your email address. We require this information in order to process and respond to your request. You may also voluntarily provide additional information in your submission.

In addition, technical data (such as IP address, browser information, and device data) may be processed by Typeform in order to deliver the form and ensure its functionality.

The processing is carried out for the purpose of:

  • evaluating potential business opportunities and investment proposals,
  • establishing contact with companies and innovators, and
  • responding to inquiries submitted via the form.

The legal basis for this processing is Art. 6 seq. 1 lit. b GDPR, insofar as the processing is necessary to take steps at the request of the data subject prior to entering into a contract. In any other case, Art. 6 seq. 1 lit. f GDPR is the legal basis, since we have a legitimate interest in efficiently managing and evaluating incoming business inquiries.

Please note that the form is provided via Typeform and data may therefore be processed on servers controlled by Typeform.

4. Request via our contact form for VCs and partners

For venture capital firms and partners, we provide a separate contact form directly on our website, accessible via the “partner with us” button.

To use this form, you have to provide your first and last name and your email address. You may also voluntarily provide your company name as well as further additional information in your submission.

The processing is carried out for the purpose of:

  • establishing contact with investors, partners, or other stakeholders, and
  • responding to inquiries and collaboration requests.

The legal basis for this processing is Art. 6 seq. 1 lit. b GDPR, where the processing is necessary to respond to requests and take pre-contractual steps. In any other case, Art. 6 seq. 1 lit. f GDPR is the legal basis, since we have a legitimate interest in maintaining and developing professional relationships.

5. Dealflow monitor
ECBF processes data to evaluate young companies and, where possible, to open up investment opportunities for them. For this purpose, data is compiled in a so-called deal flow monitor and passed on to a group of potential investors. The data is primarily company data, so not personal data. If personal data are processed in individual cases, this is done on the basis of express consent (Art. 6 seq. 1, sent. 1 lit. a GDPR), for the purpose of fulfilling a contract (Art. 6 seq. 1 sent. 1 lit. b GDPR) or on the basis of our legitimate interests (Art. 6 seq. 1 sent. 1 lit. f GDPR). Our legitimate interest lies in the purpose pursued by us of bringing together investors and eligible companies for the purpose of investment. Only basic personal data such as names of the shareholders/managing directors are processed, which are also publicly accessible. The principle of data minimization is taken into account. The data will be stored for the duration of the statutory retention periods. If there are no legal retention periods, we delete the data as soon as we no longer need them for the purposes mentioned here or if the person/company concerned requests us to do so.
6. Applications via Personio (Recruitment Platform)

Our website provides the opportunity to apply for open positions via an online application form operated through the recruitment platform Personio, provided by Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany (“Personio”).

When you submit an application via this form, the following categories of personal data may be processed:

  • Identification and contact data (e.g. first and last name, email address, telephone number)
  • Application-related data (e.g. position applied for, source of application)
  • Application documents (e.g. CV/resume, cover letter, certificates, references)
  • Professional and qualification data (e.g. work experience, skills, education)
  • Communication data exchanged during the application process
  • Technical data related to the use of the application platform (e.g. IP address, browser information, timestamps)

Such data is typically required to evaluate candidates and conduct the recruitment process.

The processing is carried out for the following purposes:

  • conducting and managing the recruitment process,
  • assessing your suitability for a position,
  • communicating with you during the application process, and
  • documenting and organising hiring decisions.

The legal basis for this processing is § 26 seq. 1 BDSG, insofar as the processing is necessary to take steps prior to entering into an employment contract. Where applicable, Art. 6 seq. 1 lit. GDPR is the legal basis, since we have a legitimate interest in an efficient and structured recruitment processes and the defence of potential legal claims.

Personio acts as a data processor on our behalf within the meaning of Art. 28 GDPR. Your data is transmitted in encrypted form and stored in a database operated in connection with the Personio platform.

Your personal data will be retained for the duration of the recruitment process and, after completion of the process, for as long as necessary to comply with applicable legal obligations.

In general, your data will be stored for a period of up to six months after completion of the recruitment process, in order to fulfil our obligation to retain documentation and to be able to defend against potential legal claims, in particular under applicable equal treatment laws. Where you expressly consent, your application data may be stored for a longer period in order to consider you for future job opportunities (so‑called “talent pool”). In this case, the processing is based on Art. 6 seq. 1 lit. a GDPR and your consent may be withdrawn at any time with future effect.

If an employment relationship is established, the relevant application data will be transferred to our personnel systems and processed for the purposes of the employment relationship.

Further information on the processing of your data via the Personio application form can be found at: https://ecbf.jobs.personio.de/privacy-policy

7. Cookies, analysis tools, plugins, and other elements of third parties 

We use cookies on our site. These are small files that your browser automatically creates, and which are stored on your terminal device (laptop, tablet, smartphone, etc.). Cookies do not harm your terminal device and do not contain viruses, trojans, or other malware. The cookie is used to store information that arises in connection with the specific terminal device used. However, this does not mean that we will immediately become aware of your identity. 

Analysis tools are used to evaluate the behavior of the website visitors and enable the provider to optimize the website and adapt marketing measures.

Plugins and other elements from third parties are used to integrate the content of these providers into the website.

a) Required first-party cookies

The use of our necessary first-party cookies serves on the one hand to make the use of our range more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically erased after leaving our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain period of time. If you visit our site again in order to use our services, it automatically recognizes that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

These data will be erased after 6 months at the latest.

We process your data on the basis of our legitimate interest in the external presentation of our company via the website you have called up and to promote user-friendliness. The legal basis for the processing is Art. 6 seq. 1 sent. 1 lit. f GDPR.

Most browsers automatically accept these cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before such a cookie is generated. However, if cookies are completely deactivated, the website may not be displayed correctly, or you may not be able to use all the functions of our website.

(1) WordPress Cookies

We use the content management system WordPress to operate our website and the necessary cookies. WordPress is provided by Automattic Inc. (60 29th St # 343, San Francisco, CA 94110, USA). A cookie is set in this context, which, to the best of our knowledge, does not process any personal data.

We have concluded an agreement with the service provider for data processing. The provider may therefore only process the data according to our instructions and not for his own purposes.

For more information about WordPress, please visit https://automattic.com/privacy-notice/. 

(2) Cookie Script

We use the cookie consent tool of the provider Objectis Ltd., Laisvės pr. 60, LT-05120 Vilnius, Lithuania (hereinafter “Cookie Script”). We use this tool to obtain consent for the use of cookies that require consent. Cookies are set by the tool to store your consent or refusal regarding cookies requiring consent.

We have concluded a data processing agreement with Objectis Ltd. As the provider is established within the European Union, data processing takes place in accordance with the GDPR.

b) Third-Party-Cookies, analysis tools, plugins, and other third-party elements    

The third-party cookies, analysis tools, plugins, and other third-party elements indicated and used on our website are only activated after you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. You may withdraw your consent at any time with effect for the future. Withdrawal of consent or failure to provide consent may result in limited functionality or an incorrect display of the website.

By using third-party cookies, analysis tools, plugins, and other third-party elements, we aim to ensure a needs-based design, implement marketing measures, and continuously optimize our website. In addition, tracking measures are used to statistically record the use of our website and evaluate it for the purpose of optimizing our services.

The respective functional descriptions, possible recipients of the data, information on potential transfers to third countries, and the storage duration can be found in the following information on the individual processing activities involving third-party cookies, analysis tools, plugins, and other third-party elements.

(1) YouTube

In order to promote our company, we use social plugins provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “YouTube”) a subsidiary of Google LLC on our website. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

The plugins are marked with a YouTube logo in the form of a “YouTube camera” or a “Play” button, for example.

The integration of these plug-ins by us takes place by means of the so-called two-click method and the “youtube-nocookie” settings in order to protect visitors to our website in the best possible way. This means that your personal data (in particular your IP address) will not be transmitted to YouTube when you call up the website. Rather, you have to activate the integrated “buttons” and videos by clicking on them. With this click you give your consent for a connection to the YouTube servers. The “youtube-nocookie” settings reduce the transmitted amount of data.

Through this integration, YouTube receives the information that your browser has called up the corresponding page of our website, even if you do not have a YouTube profile or are not currently logged in to YouTube.

This information (including your IP address) is transmitted directly from your browser to a YouTube server in the USA and stored there. If you are logged in to YouTube, YouTube can assign your visit to our website directly to your YouTube account. If you interact with the plugins, for example by pressing the “YouTube” button, this information is also transmitted directly to a YouTube server and stored there. The information is also published on your YouTube account and displayed to your contacts there.

If you do not want YouTube to associate the data collected via our website directly with your YouTube account, you must log out of YouTube before activating the plugins.

Google LLC is certified under the EU–US Data Privacy Framework and is therefore regarded, on the basis of the European Commission’s adequacy decision, as a safe recipient of personal data, so that the transfer of personal data to Google LLC in the United States is permissible.

For further information on YouTube, please visit https://www.youtube.de/t/privacy.

(2) WordPress Analytics

For the purpose of designing our pages to meet your needs and continuously optimizing them, we use analytics tools integrated into our WordPress website. In this context, pseudonymised user profiles may be created and cookies may be used.

The information generated about your use of this website such as:

  • information about your browser, your network and your device,
  • websites you visited before (referrer URL),
  • host name of the accessing computer (IP address),
  • time of the server request and
  • your behaviour (e.g. clicks, internal links, visited pages, scrolling, search operations), 
 
may be processed and stored by us or by service providers commissioned by us.

The information is used to evaluate the use of the website, to compile reports on website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and the needs-based design and continuous optimization of our website.

(3) Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google Analytics uses cookies. The information generated by the cookie about your use of this website—such as browser type/version, operating system used, referrer URL (the previously visited page), the hostname of the accessing computer (IP address), or the time of the server request—is transmitted to and stored on a Google server. This enables Google to analyze the use of our website. The information collected by the cookie regarding your use of our website (including your IP address) is generally transmitted to a Google server in the USA and stored there.

On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with further services related to website and internet usage. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other Google data.

Please note that Google Analytics has been extended on this website with the code “gat._anonymizeIp();” in order to ensure the anonymized collection of IP addresses (so-called IP masking). If anonymization is activated, Google truncates IP addresses within member states of the European Union or in other states party to the Agreement on the European Economic Area, preventing any direct personal reference. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

Google is certified under the EU-U.S. Data Privacy Framework.

Further information on data protection in relation to Google Analytics can be found at:
https://support.google.com/analytics/answer/6004245?hl=en

Google’s privacy policy can be found at:
https://policies.google.com/privacy?hl=en

(4) Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”).

By using Google Tag Manager, your IP address is transmitted to Google. Google Tag Manager is used to load other components which may, in turn, collect data. Google Tag Manager itself does not access this data.

Google’s privacy policy and terms of use can be found at: https://policies.google.com/technologies/partner-sites

Google is certified under the EU-U.S. Data Privacy Framework.

(5) Google Ads / Conversion Tracking

This website uses Google Ads, an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

In connection with Google Ads, we use so-called conversion tracking. When you click on an advertisement placed by Google, a cookie for conversion tracking is set. These cookies expire after 30 days and are not used for personal identification of users.

If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

Each Google Ads customer receives a different cookie. Cookies cannot be tracked across the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page equipped with a conversion tracking tag. However, they do not receive any information that would allow users to be personally identified.

Google is certified under the EU-U.S. Data Privacy Framework.

More information about Google Ads and Google conversion tracking can be found in Google’s privacy policy at: https://www.google.de/policies/privacy/

(6) Google DoubleClick

This website uses the online marketing tool DoubleClick, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). In this context, Google acts as our processor.

DoubleClick uses cookies to display advertisements relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same advertisements multiple times. By means of a cookie ID, Google records which advertisements are displayed in which browser and can thus prevent them from being shown repeatedly. In addition, DoubleClick can use cookie IDs to record so-called conversions related to ad requests. This is the case, for example, if a user sees a DoubleClick advertisement and later visits the advertiser’s website using the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain any personal data.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool. By integrating DoubleClick, Google receives the information that you have accessed the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered with Google or are not logged in, it is possible that the provider obtains and stores your IP address.

When using DoubleClick, your data may be transferred to the USA. Google is certified under the EU-U.S. Data Privacy Framework.

Further information on DoubleClick by Google can be found at: https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090

General information on data protection at Google is available at: https://www.google.de/intl/de/policies/privacy

8. Currency and amendment of the data protection declaration

This data protection declaration is currently valid as of February 2026. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to amend this data protection declaration. You can call up and print out the current data protection declaration at any time on the website at https://www.ecbf.vc/privacy-policy.