Learn how we process and protect your personal data
This Privacy Policy provides information on how The Delta Campus GmbH ("The Delta", "we") processes personal data in connection with the use of our website as well as on social media fan pages (Instagram, LinkedIn, Facebook, Luma), for what purposes this is done, and how you can object to certain processing activities. We take the protection of your personal data very seriously. We treat your data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy.
Controller:
The Delta Campus GmbH
Donaustraße 44
12043 Berlin, Germany
Contact: info@thedelta.io
For inquiries and suggestions regarding data protection, you can contact our data protection team at: data-protection@thedelta.io.
For any queries concerning data protection in connection with our services or the use of this website, you may contact our Data Protection Officer ("DPO").
Our data protection officer is: Lea Imschweiler, Legal Living Hub UG.
The DPO is available at the above postal address or via the email address listed above (subject: "To the Attention of the Data Protection Officer"). Kindly note that the referenced email inbox is not accessed exclusively by the DPO. If you intend to communicate confidential information, please use that address initially to request a secure, direct communication route with the DPO.
Personal data means any information relating to an identified or identifiable natural person. This includes, in particular, details that allow conclusions to be drawn about your identity, e.g., your name, telephone number, address, or email address. Certain identifiers such as your IP address or the device ID of your end device are also personal data.
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data are temporarily stored:
Processing these connection data is necessary to technically enable your visit to our website, to ensure the permanent functionality and security of our systems, and to administer the website. For this purpose, the connection data is stored in internal log files for a limited time and reduced to what is necessary. This serves, in particular, to trace the cause of repeated or abusive accesses that could impair the stability or security of our website and to take appropriate countermeasures.
The recipient of the data is Webflow Inc., a technical service provider responsible for the operation and maintenance of our website. As a processor, the service provider is obliged to process the data only within the scope of our instructions. Personal data is transferred to the USA as part of the service. The transfer is based on an adequacy decision of the EU Commission. Webflow has certified under the Data Privacy Framework that it complies with the requirements of the GDPR. The server log files are deleted after 14 days at the latest.
The legal basis is Art. 6(1)(b) GDPR where the page visit occurs in connection with initiating or performing a contract, and otherwise Art. 6(1)(f) GDPR based on our legitimate interest in enabling website access and ensuring the permanent functionality and security of our systems. The automatic transmission of connection data and the resulting log files do not constitute access to information stored on the end device within the meaning of the EU Member States' ePrivacy implementation laws (in Germany, Sec. 25 TDDDG). In any case, such access would be strictly necessary. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure website operation). Data in log files are stored for up to 7 days and then deleted, unless further statutory retention obligations apply.
If you contact us by email or via our website, we process the personal data you provide (e.g., name, email address, company name, content of your message). Processing takes place solely to handle your inquiry and communicate with you.
For scheduling appointments and managing communication, we use the software "HubSpot" provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA. As HubSpot is based in the USA, a data transfer to a third country cannot be excluded. HubSpot is certified under the EU–US Data Privacy Framework (DPF), ensuring an adequate level of data protection pursuant to Art. 45 GDPR. Further information on HubSpot's data processing can be found in HubSpot's privacy policy: https://legal.hubspot.com/privacy-policy.
If you book a consultation appointment, you will automatically receive an invitation to a virtual meeting. We use Google Workspace services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google's privacy information is available here: https://support.google.com/meet/answer/10382037.
In addition to the appointment confirmation, you will receive a voluntary survey about you and your business so we can better prepare for our conversation.
The legal basis for this processing is Art. 6(1)(b) GDPR, insofar as the inquiry relates to initiating or fulfilling a contract, as well as Art. 6(1)(f) GDPR based on our legitimate interest in responding to inquiries from customers and other individuals.
When you apply to join The Delta Mentor Network through our website, we collect and process personal data to evaluate your application, facilitate mentorship activities, and match you with appropriate ventures and founders. For this purpose, we process the following categories of personal data, depending on the information you provide:
We collect this data either directly from you (e.g. via forms on the website or application questionnaires) or, where applicable, via links you choose to share (e.g. LinkedIn profile, website of your startup).
We process this data for the following purposes:
As part of the Matching, we may share selected information about you with other participants (e.g. mentors, investors or founders) to enable a meaningful introduction. This includes, in particular, your name, role, company/startup, and relevant information on your focus areas, interests and goals.
We process mentor data based on the contractual necessity for entering into and executing the mentor agreement (Art. 6(1)(b) GDPR), and our legitimate interest in operating and improving our mentorship program (Art. 6(1)(f) GDPR).
You may withdraw from the program at any time by contacting us; we will then remove your profile from active use. Your rights under the GDPR are described in Section 11. To exercise your rights regarding mentor data, please contact us using the details provided in Section 1.
We use cookies and similar technologies on our website to recognize visitors' preferences and optimally tailor the website. This facilitates navigation and enhances user-friendliness. Cookies and other technologies also help us identify particularly popular areas of our online offering.
Cookies are small text files stored on your device's hard drive. They enable us to store information over a certain period and recognize your device. For improved user guidance and individualized performance, we use persistent cookies. We also use so-called session cookies, which are deleted automatically when you close your browser. You can set your browser to inform you when cookies are set, making the use of cookies transparent. Important: If you completely block cookies, some website functions may not be available.
Depending on their purpose, we distinguish between essential, functional, statistical, and marketing cookies.
We operate our own cookie consent banner to obtain and manage your consent to the use of cookies. On your first visit, the banner allows you to accept all cookies, reject non-essential cookies, or configure your preferences by category (Strictly Necessary, Analytics, Marketing). Your selection is stored in a "CookieConsent" cookie so that your settings are respected on subsequent visits. You can change or withdraw your consent at any time via the "Cookie settings" link in the footer.
The following data are processed in this context:
The "CookieConsent" cookie is stored for 12 months. You will then be asked for your consent again. The consent record is stored locally in your browser and is not transmitted to a third-party consent service.
The following types of cookies are used on our website:
Necessary cookies are required for the basic functionality of the website. They include only technically necessary services. These services cannot be objected to. They are used on the legal basis of Sec. 25(2) No. 2 TDDDG in conjunction with Art. 6(1)(b) (contract initiation or performance) and (f) GDPR (overriding legitimate interests). Our legitimate interests particularly include monitoring the technical performance of the website. Therefore, you as a website user cannot deactivate them via our cookie settings.
These cookies help us collect visitor numbers and sources in order to measure and improve our website's performance. They show us which pages are popular, which are less used, and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous.
Analytics cookies are set via Google Analytics, a service provided for persons from Europe, the Middle East, and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google"). These are third-party cookies. Further information on how Google Analytics handles user data can be found here: https://support.google.com/analytics/answer/6004245
Legal basis: Processing of data in connection with statistical cookies is based on your consent pursuant to Art. 6(1)(a) GDPR. You can adjust your consent for statistical cookies at any time—either on your first visit to our website or later via the corresponding link in the footer.
In addition to Google Analytics, we use other third-party services on our website to help us analyze the use of our offerings and optimize our marketing measures.
Targeting and Performance cookies are used by us and third parties to record individual user behavior, analyze the collected data, and, for example, display personalized advertising. These services enable us to track users across multiple websites.
Among other things, we use tracking technologies from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, to evaluate and target our advertising on Facebook and Instagram. Personalized ads may be displayed based on users' location data and interests. The data collected helps us measure and optimize the effectiveness of our campaigns.
Also targeting cookies are via Google Ads, a service provided for persons from Europe, the Middle East, and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google"). These are third-party cookies. Further information on how Google Analytics handles user data can be found here: https://support.google.com/adspolicy/answer/54817?hl=en
Analytics, Targeting, and performance services are used based on Sec. 25(1) TDDDG (consent for setting or reading cookies) in conjunction with Art. 6(1)(a) GDPR (consent for the resulting data processing). Data processing begins only after you have given your explicit consent (opt-in). You can withdraw your consent at any time with effect for the future by clicking on "Cookie Preferences" in the bottom of our website or here. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
We integrate videos from YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, that are not stored on our own servers. When you visit our pages containing embedded videos, the website loads content from the third-party provider YouTube, which provides the videos. This gives YouTube the technically necessary usage data. We use YouTube in enhanced privacy mode. According to YouTube, this mode means YouTube does not store information about visitors on this website before they watch the video. However, enhanced privacy mode does not necessarily exclude data sharing with YouTube partners. For example, a connection to the Google DoubleClick network is established regardless of whether a video is viewed.
The embedding of YouTube videos is based on our legitimate interest in an appealing website design, public relations, and communication pursuant to Art. 6(1)(f) GDPR in conjunction with § 25(2)(2) TDDDG.
Further information on YouTube/Google's privacy policy can be found at: https://policies.google.com/privacy
You can apply to us on our website and via email to careers@thedelta.io. In the context of applications, we process personal data such as your name, contact details, LinkedIn profile, résumé, qualifications, and any other information that you voluntarily share to conduct the selection process.
If your application is successful, the data will be used for the preparation and performance of your employment contract. If the application is unsuccessful, your data will be stored for up to six months after the completion of the application process, unless you have given explicit consent for longer storage in our talent pool (in this case, for up to 12 months).
To manage and evaluate applications and related HR processes, we use the Retool platform (Provider: Retool, Inc., 1550 Bryant Street, Suite 490, San Francisco, CA 94103, USA). Retool is a platform used internally to organize and display HR and recruitment data in a secure dashboard environment. Retool acts as a data processor within the meaning of Art. 28 GDPR and processes personal data solely on our behalf and in accordance with our instructions.
The following categories of personal data may be processed through Retool:
Personal data may be transferred to the United States. To ensure an adequate level of data protection we have a DPA with Retool in place. Retool implements the Standard Contractual Clauses (SCCs) approved by the European Commission. Further information can be found in Retool's privacy policy: https://retool.com/privacy.
Data is used solely for the application process and subsequent employment administration (if applicable) and is deleted no later than six months after completion of the application process unless you have expressly consented to longer storage.
Processing is based on Art. 6(1)(b) GDPR, as it is necessary for pre-contractual measures within the application process, and — if you have given consent — on Art. 6(1)(a) GDPR. Consent may be withdrawn at any time by emailing careers@thedelta.io.
When you register for one of our events, we process the following categories of personal data: name, email address (private or business), company, position, and business address. We use this data in particular for the following purposes: Sending confirmation of your registration, creating name badges at in-person events, supporting you before, during, and after the event, preparing participant lists, sharing participant lists with speakers for better event preparation.
We use the event management platform Luma, operated by Luma Labs Inc., 2261 Market Street #4438, San Francisco, CA 94114, USA, to organize and manage our online and in-person events (e.g. registrations, invitations, RSVPs, and communication with participants).
When you register for an event via Luma, the personal data you provide (such as name, email address, company, position, and any other information you choose to share) is processed by Luma for the purpose of managing your registration and participation.
Data may be transferred to the United States. To ensure an adequate level of data protection, Luma relies on the Standard Contractual Clauses (SCCs) approved by the European Commission.
Further information on data processing by Luma can be found in their Privacy Policy.
The use of Luma is based on Art. 6(1)(f) GDPR, as we have a legitimate interest in the efficient organization of our events, and, where you provide consent to receive communications about future events on Art. 6(1)(a) GDPR.
When you submit an enquiry for an event or event space through our website, we process the personal data you provide in the enquiry form.
We use Pxier Services, an event management system, to process event enquiries submitted through our website. The data you enter (name, contact details, event information, attendee numbers, selected services, and other information you choose to provide) is processed to handle your enquiry and organise the requested event. Pxier acts as a processor in accordance with Art. 28 GDPR. Data may be hosted in Canada (adequacy decision under Art. 45 GDPR) and, where required, additional safeguards apply. Data is retained for up to 3 years after your last enquiry. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Your personal data will only be disclosed to third parties if this is necessary to fulfill our contractual or legal obligations, a legal permission exists, or you have given consent. We conclude processing agreements under Art. 28 GDPR with all service providers we use.
Recipients of personal data:
Within the company: Access is granted only to those persons who need it to perform their tasks.
Within the Delta Group: In certain cases, we also transfer personal data to affiliated companies within The Delta Group, where this is necessary for internal administrative purposes, data analysis, financial management, or the execution of joint projects and marketing activities. These entities include in particular:
We have concluded an Intercompany Data Processing and Transfer Agreement within The Delta Group, which governs any intra-group data transfers and ensures that such transfers take place in accordance with applicable data protection laws.
Processors: Certain processing may be carried out by our service providers. In addition to the providers mentioned in this Privacy Policy, this may include, in particular, data centers that host our website and databases, software providers, IT service providers who maintain our systems, agencies, market research companies, group companies, and consulting firms. Where we transfer data to our service providers, they may use the data solely to fulfill their tasks. The service providers are carefully selected and commissioned, contractually bound to our instructions, have appropriate technical and organizational measures to protect data subjects' rights, and are regularly monitored by us.
Public authorities: Authorities and courts where we are legally obliged or to protect legitimate interests.
Private entities: Business partners, cooperation partners, or non-instructed service providers where necessary for contract performance.
For certain processing operations, we use service providers located in so-called third countries outside the European Union (EU) and the European Economic Area (EEA). In such cases, we ensure that an adequate level of data protection is maintained in accordance with Articles 44–49 GDPR.
Where service providers are based in the United States and are certified under the EU–U.S. Data Privacy Framework (DPF), the adequacy decision of the European Commission dated 10 July 2023 applies, ensuring an appropriate level of protection for personal data.
If no certification under the DPF exists, we implement suitable safeguards to protect your data, in particular by concluding the Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914/EU) with the respective service providers, and by conducting corresponding transfer impact assessments (TIAs) where necessary.
Further information on the EU–U.S. Data Privacy Framework can be found on the website of the European Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en.
We store personal data only for as long as necessary for the respective processing purposes. For example, your contact details are generally retained only for the duration of our active communication. If you have consented to the use of statistical cookies, these remain stored until you withdraw your consent.
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59–61, 10555 Berlin
Email: mailbox@datenschutz-berlin.de
Contacting us and exercising your rights: If you have questions about the processing of your personal data or about your data subject rights, you can contact us at any time free of charge. Please use the address listed under Section 1 above. Please ensure that we can clearly identify you. To withdraw your consent, you may use the same communication channel you used to give it.
We regularly update this Privacy Policy to reflect new legal requirements or changes to our services. The current version is available on our website.
Last updated: October 2025
3. Social Media
We operate fan pages on the social networks Facebook and Instagram, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, as well as a LinkedIn company page (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). We publish content on our fan pages and engage with users.
When our fan pages are used, Meta also processes visitors' personal data (e.g., through cookies and similar technologies) for its own purposes. We have no influence over this data processing; the privacy notices of Facebook and Instagram apply.
We receive "Page Insights" from Meta—statistical, anonymized evaluations of user behavior (e.g., demographic data, interests, interactions). These help us optimize our content and offerings. For this processing, we and Meta are joint controllers pursuant to Art. 26 GDPR. The corresponding agreement is available here: https://www.facebook.com/legal/terms/page_controller_addendum.
If you contact us directly on one of our fan pages or share content with us, we process your data as an independent controller to handle your inquiry (Art. 6(1)(b), (f) GDPR).
Further information about the respective data processing and your rights can be found in the providers' privacy policies: