Privacy Policy
Responsible Entity
Evolve Partners – Biofin Consulting GmbH
Freiligrathstraße 11
18055 Rostock
Germany
Data Protection Officer
Melissa Hall
Freiligrathstraße 11
18055 Rostock
Hinweis gemäß Art. 13 DSGVO
Diese Datenschutzerklärung ist derzeit in englischer Sprache verfasst.
Auf Wunsch stellen wir Ihnen gern eine deutsche Fassung zur Verfügung. Bitte wenden Sie sich dazu an privacy@evolve-finance.com.
1. An overview of data protection
General Information
The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term «personal data» comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.
Data Recording on This Website
Who is the responsible party for the recording of data on this website (i.e., the «controller»)?
The data on this website is processed by the operator of the website, whose contact information is available under section «Information about the responsible party (referred to as the «controller» in the GDPR)» in this Privacy Policy.
How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form. Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.
What are the purposes we use your data for?
A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyze your user patterns.
What rights do you have as far as your information is concerned?
You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency. Please do not hesitate to contact us at any time if you have questions about this or any other data protection related issues.
2. Hosting and Content Delivery Networks (CDN)
Cloudflare
We use the «Cloudflare» service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as «Cloudflare»). Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.
The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR). Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.
The company is certified in accordance with the «EU-US Data Privacy Framework» (DPF). For more information, see: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnZKAA0&status=Active
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
3. General information and mandatory information
Data protection
The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration. Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.
We hereby advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.
Information about the responsible party (controller in the GDPR)
The data processing controller on this website
Evolve Partners GmbH
Freiligrathstraße 11
18055 Rostock
Germany
Phone: +49 381 20270070
Email: info@evolve-partners.com
The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).
4. Storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
5. General legal basis for the processing of data
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, if special categories of data are processed according to Art. 9(1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49(1)(a) GDPR.
If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25(1) TTDSG. The consent can be revoked at any time.
If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6(1)(f) GDPR.
Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
6. Transfers to third-party countries and US companies
We use, among other technologies, tools from companies located in third-party countries that are not safe under data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF).
If these tools are enabled, your personal data may be transferred to and processed in these countries. We would like to point out that in such third countries no level of data protection comparable to that in the EU can be guaranteed.
We point out that the US, as a secure third-party country, generally has a level of data protection comparable to that of the EU. Data transfer to the US is therefore permitted if the recipient is certified under the DPF or has appropriate additional assurances.
Information on transfers to third-party countries, including the data recipients, can be found in this Privacy Policy.
7. Recipients of personal data
In the scope of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of personal data to these external parties.
We only disclose personal data to external parties if this is required as part of the fulfillment of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the disclosure of this data.
When using processors, we only disclose personal data of our customers on the basis of a valid data processing agreement (Art. 28 GDPR). In the case of joint processing, a joint processing agreement is concluded.
8. Revocation of your consent to the processing of data
A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
9. Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
IF DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION.
THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS.
If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection pursuant to Art. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THIS AT ANY TIME.
This also applies to profiling, to the extent that it is related to such direct marketing.
If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21(2) GDPR).
10. Right to log a complaint with the competent supervisory agency
In the event of violations of the GDPR, data subjects are entitled to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or the place of the alleged infringement.
The right to lodge a complaint is in effect regardless of any other administrative or judicial remedies.
11. SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as inquiries you submit to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by checking whether the address line of the browser switches from «http://» to «https://» and also by the lock icon in the browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
12. Cookies
Our websites and pages use what the industry refers to as «cookies». Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically erased by your web browser. Cookies can be issued by us (first-party cookies) or by third-party companies (third-party cookies). Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., payment services or embedded content). Many cookies are technically essential (e.g., shopping cart or video display). Others help us analyze user behavior or serve marketing purposes. Cookies necessary for electronic communication or the provision of certain functions you use (e.g., shopping cart) are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified.
If consent for cookie storage or access to information in your device is required, this is done based on § 25(1) TTDSG and Art. 6(1)(a) GDPR. This consent may be revoked at any time. You can configure your browser to inform you about cookie settings and allow them only on a case-by-case basis or generally exclude cookies. Deactivating cookies may limit website functionality. Details on all cookies used can be found in this privacy policy.
13. Server log files
The provider of this website automatically collects and stores information in so-called server log files, which your browser transmits to us automatically.
This includes:
- Browser type and version
- Operating system
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The basis for processing is Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website.
14. Contact form
If you contact us via the contact form, your information from the form including contact details will be stored to process your inquiry and in case of follow-up questions.
We do not pass on this data without your consent.
The data is processed under Art. 6(1)(b) GDPR if it is contract-related or for pre-contractual steps. Otherwise, Art. 6(1)(f) GDPR (legitimate interest in processing inquiries) or Art. 6(1)(a) GDPR (consent).
Your data remains with us until you request deletion, revoke consent, or the purpose no longer applies.
15. Request by email, telephone or fax
If you contact us by email, telephone, or fax, your inquiry including all personal data will be stored and processed to respond to your request.
We do not pass on this data without your consent.
The processing follows Art. 6(1)(b) GDPR (contractual/pre-contractual) or Art. 6(1)(f) GDPR (legitimate interest), or Art. 6(1)(a) GDPR (with consent).
16. Social Media
This site uses LinkedIn features, operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland.
When you visit a page containing LinkedIn features, a connection to LinkedIn servers is established. LinkedIn is informed about your visit with your IP address. If you’re logged in, LinkedIn can assign your visit to your profile.
This service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.
Data may be transferred to the US under SCCs. Details: https://www.linkedin.com/legal/privacy-policy
17. Analytics and Tracking Tools
Google Tag Manager
We use Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). This tool manages other tools (e.g., Google Analytics) and does not store personal data itself, but collects IP addresses.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest), or if consent is required, Art. 6(1)(a) GDPR and § 25(1) TTDSG.
Google is certified under the EU-US Data Privacy Framework (DPF).
DPF info: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Analytics
This website Google Analytics to analyze visitor behavior (Google Ireland Ltd.). This includes page views, duration, device data, and interactions. It uses cookies and similar technologies (e.g., device fingerprinting).
IP anonymization is active. Your IP is shortened within the EU before transmission to the US.
Legal basis: Art. 6(1)(a) GDPR and § 25(1) TTDSG (consent).
You can opt out via browser plugin: https://tools.google.com/dlpage/gaoptout?hl=en
More info: https://support.google.com/analytics/answer/6004245
18. Newsletter
Freshworks
We use Freshworks (Freshworks Inc., USA) to send newsletters and manage contact data. As an EU-based customer with EU hosting and a custom mailbox, data remains in the EU by default.
Legal basis: Art. 6(1)(a) GDPR (consent). Consent can be revoked at any time.
Freshworks is certified under the DPF.
Freshworks privacy: https://www.freshworks.com/privacy/
Newsletter for existing customers
If you’ve purchased services, we may send newsletters for similar offerings under Art. 6(1)(f) GDPR and § 7(3) UWG. You can unsubscribe at any time.
Send (Elementor)
We use the “Send” plugin by Elementor to deliver email and SMS campaigns, including downloads of free resources. When you provide your contact information (e.g., name, email address), the data is stored securely on EU servers.
Legal basis: Art. 6(1)(a) GDPR (consent). Consent can be revoked at any time.
Privacy policy: https://elementor.com/about/privacy/
Site Mailer (Elementor)
We use “Site Mailer” by Elementor to manage the technical delivery of emails, such as confirmation messages for resource downloads. This includes sending emails and logging delivery status. Data is processed on EU servers. No SMTP plugin is used. Email content is not evaluated beyond technical delivery purposes.
Legal basis: Art. 6(1)(a) GDPR (consent) and/or Art. 6(1)(f) GDPR
Privacy policy: https://elementor.com/about/privacy/
19. Plugins and Tools
Google Fonts (local embedding)
We use locally stored Google Fonts to ensure consistent typography. No data is transferred to Google.
More info:
https://developers.google.com/fonts/faq
https://policies.google.com/privacy
20. Online-based Audio and Video Conferences (Conference tools)
Microsoft Teams
Used for video calls. Provider: Microsoft Ireland Operations Ltd., Dublin. Personal data may be collected, e.g. IP address, device data, name, email.
Legal basis: Art. 6(1)(b) GDPR (contract) or Art. 6(1)(f) GDPR (communication efficiency). With consent: Art. 6(1)(a) GDPR.
Microsoft is DPF certified.
DPF info: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000KzNaAAK&status=Active
21. Job Applications
We process application data (e.g., contact info, CV, notes) as part of hiring procedures.
Legal basis: § 26 BDSG, Art. 6(1)(b) GDPR, and Art. 6(1)(a) GDPR (with consent).
If rejected, data may be stored up to 6 months (Art. 6(1)(f) GDPR). Extended storage only with consent or legal necessity.
Data is shared only with authorized internal staff. Paper documents are destroyed securely. You may revoke consent at any time.
The Monthly Close
Sign up to our newsletter and get monthly insights into advanced financial solutions for biotech, tech, and life science scale-ups.
