Skip to main content

Privacy Policy

Privacy Notice

In the following, we inform you how the House of Finance and Tech Berlin GmbH (hereinafter “HoFT” or “we”) processes your personal data, what rights you are entitled to and who you can contact if you have any questions about data protection.
In most cases, you can decide which personal data you wish to provide to us. In case you do not wish to provide certain information, we may not be able to offer you certain services. We have marked mandatory information that we require for the provision of our services accordingly.

This information was last updated in February 2025. From time to time, we must make adjustments to reflect actual circumstances or legal or regulatory requirements; please take a look at the data protection information the next time you visit our website to ensure that you are up to date.

Name and contact details of the controller

House of Finance and Tech Berlin GmbH

c/o Spielfeld Digital Hub GmbH
Skalitzer Str. 85-86
10997 Berlin

Tel: +49 (0)30 43974287-0

E-Mail: info@hoft.berlin

  1. Data processing on our website

We process your personal data when you visit our website and when you contact us.

  • Your visit to our website

Each time you visit our website, your browser automatically transmits data to our server where it is stored. Such data includes IP address, type and version of the browser used, time and date of the visit. The IP address is stored anonymously. A personal reference cannot be established.

Legal basis: We process the aforementioned data to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is to ensure the convenient use and the assessment of the system security and stability of our website.

Storage period: The aforementioned data will be stored in a log file until it is automatically deleted after seven days. Backups are stored for 14 days in encrypted form. The storage period may be longer in individual cases, e.g. if this is necessary for legal prosecution.

  • Your contact

If you contact us electronically, for example by sending us an e-mail, using the contact form on our website or by calling us, we process your e-mail address, your name and your other contact details as well as the information you provide in the inquiry. In order to be able to answer your written request, we need at least your e-mail address.

Legal basis: We process the aforementioned data to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is to respond to general inquiries.

Storage period: Your data will only be processed to answer your enquiry and will be deleted immediately after answering, unless there is a contractual relationship, a legal obligation to retain data or a legitimate interest on our part in further storage.

  • Integration of external media

We include videos of events on our website. For this purpose, we upload our content to the external platform Wistia. When you play the videos, personal data (e.g. language settings, meta, communication and procedural data such as IP addresses, time information, identification numbers) is processed and transmitted to the external media provider.

Legal basis: We process the data on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

  • Forms

On our website, we use the reCAPTCHA service in entry forms such as the contact form to assess whether an entry is made by a human or abusively by automated machine processing. reCAPTCHA uses various characteristics to analyze the behavior of the website visitor. This analysis begins automatically as soon as the website visitor calls up a form with integrated reCAPTCHA. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website or mouse movements made by the user).

Legal basis: We process the aforementioned data to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is to detect abusive automated access and spam.

  • Cookies

We use cookies on our website. Cookies are small text files that contain a randomly generated user ID with which you can be recognized on future website visits. We use cookies to design our website and our offers for you accordingly and to make it more accessible for you. On the one hand, we use cookies that are necessary for the technical functionality of our website. With your consent, we also use cookies that serve to analyze your interaction with our website and our offers.

  • Cookie management platform

This website uses the consent management tool Borlabs to obtain consent for data processing and the use of cookies or similar functions and to provide visitors to the website with further information on the use of cookies. In the course of using the tool, information from the end devices used, such as the IP address, is processed.

Legal basis: We process the aforementioned data to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest lies in the fulfillment of our legal documentation obligations.

  • Website analysis

If you give us your consent, we analyze the use of our website by using the Google Analytics 4 service. During your website visit, data is collected in particular on the subpages you visit, your behavior on the pages, your approximate location (country and city), your IP address in abbreviated form (so that no clear assignment is possible), technical information (such as browser, Internet provider, end device and screen resolution), and the source of your visit.

Legal basis: We process the data on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

  1. Data processing on our social media channels

We maintain a publicly accessible profile on the social media platform LinkedIn. If you use our LinkedIn profile to interact with us (e.g. by liking or sharing a post, following us, writing a comment or sending us a direct message), we process the data you provide to us for the purpose of contacting you. If we like, share or comment on your posts, the data you have freely published on LinkedIn will be made available to our followers on our profile. All information you provide in your profile is publicly visible, i.e. members who log into the network and LinkedIn customers can view it. This also applies to your activities within the service, such as: comments on posts; “Like” marks and the “Follow” function.

Group memberships are also publicly visible. If you share posts, this is set to public by default. You can restrict the visibility of these posts to your contacts in the options.

Legal basis: The legal basis for this data processing is Art. 6 (1) (f) GDPR. Our legitimate interest is to stay in contact with our business partners and interested parties and to keep them informed, as well as to conduct modern public relations work and to perform market research. If you contact us via social media because you are interested in our offer, the request also serves to carry out pre-contractual measures in response to your request; the legal basis is then Art. 6 (1) (b) GDPR.

Recipient: The social network LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; the operator of the network is therefore the recipient of your data.

LinkedIn may also process some of the information outside the European Union in the USA. The provider is certified in accordance with the EU-U.S. Data Privacy Framework.

  1. Registration of visitors

We are happy to welcome you personally on our premises. To register for a visit, we collect your name, e-mail address, the date and time of your visit and other information that you provide to us voluntarily.

Legal basis: We process the aforementioned data to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is to ensure the security of our premises and to carry out visitor management.

Storage period: We store your data for up to 30 days after your visit to our premises.

  1. Data processing when concluding other contractual relationships

We process personal data in the context of supplier relationships, (cooperation) contracts, other business relationships and for the provision of services to members of the Förderverein House of Finance and Tech Berlin e.V.

If HoFT accepts you or your employer as a partner company in the HoFT network, for example, or if a similar contractual relationship is initiated, or for the purpose of contacting you, we process the following information: master data (e.g. title, first name, surname, gender, your position in the company); (publicly accessible) data about your company/ your employer; communication data (e.g. business telephone number, e-mail address, business postal address);

This data is processed in order to be able to identify you or your company/ your employer as our supplier, service provider or partner company; to fulfill legal obligations; to initiate, conclude and fulfill a contractual relationship with you/ your company/ your employer; for correspondence with you, insofar as this serves to initiate or fulfill a contract or to provide member services.

Legal basis: The legal basis for this data processing is Art. 6 (1) (b) GDPR (if you personally are or are to become a contractual partner) or Art. 6 (1) (f) GDPR (if your employer is or is to become a contractual partner or services are provided to members of the Förderverein House of Finance and Tech Berlin e.V.).

In the event of a legal obligation to process data, the legal basis arises from national or Union law in conjunction with Art. 6 (1) (c) GDPR.

We may need to process your personal data for the establishment of claims or for the defense against claims; the legal basis is our legitimate interest under Art. 6 (1) (f) GDPR in an efficient legal defense and enforcement of claims.

Storage period: The personal data collected by us will be stored until the above-mentioned purposes cease to apply and then deleted, unless we are obliged to store it for a longer period of time in accordance with Art. 6 (1) (c) GDPR due to legal retention and documentation obligations (e.g. under commercial, criminal or tax law).

The provision of your personal data is required if you or your employer wish to enter into a contractual relationship with us. If you do not provide your personal data, it will not be possible to establish and implement the contractual relationship.

  1. Marketing and information for existing customers
  • Newsletter

You can, for example, subscribe to our newsletter on our website. To do this, you have to enter your e-mail address, your first and last name and the company in the fields provided on our website. You will then receive a notification e-mail. By clicking on the link contained in this e-mail, you confirm that you wish to receive our newsletter (double opt-in). If you do not click on this confirmation link, you will not receive a newsletter going forward. In order to continuously improve content, data on user behavior (e.g. opening rates of the e-mail and links contained therein) is also processed using web beacons and similar technologies.

Legal basis: The legal basis for this data processing is Art. 6 (1) (a) GDPR. You can revoke your consent to the processing as part of the newsletter subscription at any time with effect for the future. For this purpose, you will find an unsubscribe link in every newsletter.

Storage period: Your data for sending the newsletter will be stored for as long as you have subscribed to it. This data will then be deleted.

  • Information for existing customers

In addition, we send promotional emails to registered customers and event participants with information about our events, products and services.

Legal basis: The legal basis for processing this data is Art. 6 (1) (f) GDPR. Our legitimate interest is to advertise to existing customers.

We would like to inform you that you can object to receiving this information and to the processing for the purpose of providing this information at any time without incurring any costs other than the transmission costs according to the basic rates. You have a general right to object without providing reasons in accordance with Art. 21 (2) GDPR. You can declare your objection by sending us a message (see the contact details in the section “Name and contact details of the controller”). We will delete your data at the latest after your objection.

  1. Data processing in the context of events

If you register for one of our events on our website, by e-mail or via an invitation link that we send you, we process your personal data to the extent necessary for the organization, implementation and follow-up of the event. We collect the following data for this purpose: First and last name, title, company, address, e-mail address and, in the case of chargeable events, invoice data.

Legal basis: For events that are not subject to a fee, the legal basis is Art. 6 (1) (f) GDPR, our legitimate interests in the efficient administration of participants, the smooth running of the event and for the purpose of access control and to grant admission to invited guests only in order to enable the registration data to be compared with the actual participants. For chargeable events, the legal basis is Art. 6 (1) (b) GDPR, the corresponding contract.

The provision of your data is necessary for participation in the event and you are contractually obliged to provide your data. If you do not provide your data, it will not be possible to conclude and/or execute the contract.

Storage period: We store your data for the duration of the organization (including corresponding preparation and follow-up) of the respective event. Any existing statutory retention obligations remain unaffected by this. We will delete the participant data within four weeks of the end of the event.

We take photos and video recordings at events and publish them afterwards. The recordings are used for advertising on our website, on LinkedIn, in press releases and to document the event online and offline.

Legal basis: We process the aforementioned data to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is to document the event and to increase the visibility of the HoFT in public and to publicize the activities and services of the HoFT.

  1. Data processing in the application process

We process the data that you provide to us yourself when you apply for a job (e.g. with your cover letter, CV and references).

During the application process, we process the following types of data: master data (e.g. title, first name, surname, date of birth, place of residence); documents (e.g. certificates, references, CV, cover letter); in the event that you have had reimbursable expenses, the data relevant for billing, e.g. your bank details and communication data (e.g. telephone numbers, e-mail, postal address).

Legal basis: The legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. Processing of this data is necessary for the decision on the establishment of a contractual relationship. Insofar as special categories of personal data are processed (e.g. health data), we process these for reasons of employment law, social security law or social protection pursuant to Art. 6 (1) (b) in conjunction with Art. 9 (2) (b) GDPR.

Upon completion of the application process, data processing may either be based on your consent or may be necessary for law enforcement purposes, in which case the legal basis will be Art. 6 (1) (f) GDPR, our legitimate interest in asserting or defending against claims.

Storage period: The data collected by us will be stored until the above-mentioned purposes cease to apply and then deleted, unless we are obliged to store it for a longer period of time in accordance with Art. 6 (1) (c) GDPR due to legal retention and documentation obligations (e.g. under commercial, criminal or tax law).

In the event that you have consented to further storage of your application data, we will transfer your data to our applicant pool. There the data will be deleted after two years.

If the application is unsuccessful, the data will generally be deleted six months after completion of the procedure, unless longer retention obligations exist in individual cases (e.g. for any receipts for reimbursement of travel expenses) or retention beyond this is necessary for the defense against legal claims.

  1. Disclosure of your personal data

We will only transfer your data if we are legally permitted to do so. If we transfer your data to a country that is neither part of the EU nor the EEA and for which there is no adequacy decision by the EU Commission, we will take all necessary measures to secure the respective data processing. This includes, for example, standard contractual clauses of the EU Commission.

We may pass on your data as follows, unless already mentioned separately above:

  • We use a hosting service provider as a processor for the operation of this website. The processor is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
  • To embed videos on our website, we use the service provider Wistia, Inc, 120 Brookline Street, Cambridge, Massachusetts, 02139 USA. The provider is certified in accordance with the EU-U.S. Data Privacy Framework.
  • We use the service provider Eventbrite DE GmbH, Oranienstr. 25, 10999 Berlin, Germany as a processor for participant management. The provider is certified in accordance with the EU-U.S. Data Privacy Framework.
  • We use the service provider AddEvent, Inc, 848 Folsom Street, San Francisco, CA 94017, USA as a processor for participant management. Corresponding EU standard contractual clauses have been concluded with AddEvent, Inc. for the transfer of personal data to recipients in third countries (as an appropriate guarantee for data processing in non-European countries). You can view the EU standard contractual clauses used via the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914.
  • We use the service provider HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA to send our newsletter and information to existing customers. The provider is certified in accordance with the EU-U.S. Data Privacy Framework.
  • For web analytics, we use the Google Analytics 4 service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider is certified in accordance with the EU-U.S. Data Privacy Framework.
  • To protect our forms from misuse, we use the reCAPTCHA service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider is certified in accordance with the EU-U.S. Data Privacy Framework.
  • For the secure and high-performance delivery of our website, we use the Cloudflare service provided by Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA. The provider is certified in accordance with the EU-U.S. Data Privacy Framework.
  • To provide the cookie banner on our website, we use the Borlabs service from the service provider Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany.
  • To manage applications, we use the personnel management software Personio from the service provider Personio SE & Co KG, Seidlstraße 3, 80335 Munich, Germany.
  • Public bodies/authorities, in particular tax authorities, may receive data if this is necessary to fulfill a legal obligation. The legal basis for the transfer is Art. 6 (1) (c) GDPR.
  1. Storage and retention periods

Unless already mentioned separately above, we store your personal data for as long as is necessary to achieve the respective purpose, in particular for the fulfillment of our legal and contractual obligations. Once the purpose has ceased, this data will be deleted unless the law allows us to continue storing it for specific purposes, including the defense of legal claims. In addition, we may need to store your data for billing purposes. We are subject to statutory retention and documentation obligations to retain documents for between two and ten years.

  1. Your rights

As a data subject, you are entitled to the following rights if the applicable requirements are met:

  • Right to information (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)

You also have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority of your choice about our data processing. Our registered office is in Berlin. The supervisory authority responsible for us is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin, Germany.

Furthermore, you have the right to object (Art. 21 GDPR) if we process data on the basis of Art. 6 (1) (f) GDPR. Please note that in the case of data processing for purposes other than direct marketing, reasons must be given that arise from your particular situation. You can declare your objection by sending us a message (see the contact details in the section “Name and contact details of the controller”).

If we process your personal data on the basis of your consent, you can withdraw your consent with effect for the future. You can declare your revocation by sending us a message (see the contact details in the section “Name and contact details of the controller”).

© Copyright 2025 House of Finance and Tech Berlin GmbH

Close Menu

Imprint
Privacy Policy