Privacy policy - Smart Region Application

Privacy policy for the application process of the Scaleup4EuropeSmart Region Lab program, led by XPRENEURS Incubator at UnternehmerTUM GmbH

We are very pleased about your interest in Scaleup4Europe. In the course of your participation in our program and beforehand, we ask for some personal data, which we naturally protect. Your personal data will always be processed in accordance with the General Data Protection Regulation (GDPR) and in compliance with the data protection provisions applicable to UnternehmerTUM GmbH.

By means of this data protection declaration, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us and the tools used.


The data controller for data processing directly related to the conduct of "Smart Region Application Process" is:

UnternehmerTUM GmbH
Lichtenbergstr. 6
85748 Garching

Note: If you access the "AcceleratorApp" website, the provider of the "AcceleratorApp" is responsible for data processing. Use of this website is necessary for submitting your application for the Smart Region Lab & for participating in the evaluation process.

2. Data protection officer

The data protection officer of the controller is:

Alexander Stolberg-Stolberg
SVF Lawyers
Oberanger 30
80331 Munich
Tel.: +49 (0) 89 210 25 120

Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

3. Personal data of the Participant related to the Program

Within the scope of the Scaleup4Europeprogram, UnternehmerTUM will process the following personal data of the Participant:

  • a) Salutation (gender)
  • b) First name
  • c) Last name
  • d) E-mail address(es)
  • e) Address(es)
  • f) Telephone number(s)
  • g) information and documents (as a rule, in co-pieces, i.e. only in exceptional cases in oral form), insofar as they are necessary for the implementation of the Scaleup4Europe program.


The workshops as part of the Scaleup4Europe Program will be held by using the online video tool ZOOM. Insofar as you call up the website of "Zoom", the provider of "Zoom" is responsible for the data processing. However, calling up the website is only necessary for the use of "Zoom" in order to download the software for the use of "Zoom". Further information on the privacy policy of ZOOM can be found here:

When using "Zoom", various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting".

The following personal data are subject to processing:

  • User details: first name, last name, phone (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional)
  • Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.
  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
  • When dialing in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
  • Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Zoom" applications.
  • In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name. Information on data protection when using Zoom can be found here.

5. Purposes and legal bases of the processing

a) Art. 6(1) lit. a GDPR serves as the legal basis for processing operations of the Scaleup4Europeprogram for which we obtain consent for a specific processing purpose.

b) If the processing of personal data is necessary for the performance of a contract to which the data subject is party, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our programs.

c) Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.

d) Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. The EU commission considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

6. Deletion / blocking of personal data

We process and store your personal data only for the period of time required to achieve the purpose of storage. If the purpose of storage ceases to apply, the personal data will be routinely blocked or deleted in accordance with the statutory provisions, unless you have given us your broader consent.

7. Transfer of data and documents to third parties

Personal data and documents of the participant shall not be transferred to third parties.

8. Your rights

a) You have the following rights:

  • Right of access according to Article 15 GDPR
  • Right of rectification under Article 16 of the GDPR
  • Right to erasure according to Article 17 GDPR
  • Right to restriction of processing under Article 18 of the GDPR
  • Right of objection under Article 21 of the GDPR and
  • Right to data portability under Article 20 of the GDPR.

b) The restrictions according to §§ 34 and 35 BDSG (= Germany Data Protection Act) apply to the right of information and the right of deletion. In addition, you have the right to file a complaint with a competent data protection supervisory authority (Article 77 GDPR / § 19 BDSG).

c) You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.