Skip to main content

Processing of (personal) data by the entity in charge of the online application process

10x Founders GmbH (hereinafter "we" “us” “our”) is pleased that you are visiting our Website https://www.10xfounders.com (hereinafter "Website"). Data protection and data security when using our Website are very important to us. We would therefore like to take this opportunity to inform you about the personal data we collect from you when you visit our Website and the purposes for which it is used.

Our guiding principle is to collect only what we need and that we will solely process this information to provide you with the service you signed up for. This is also the reason why we do not set a single cookie on our Website.

1. Responsible / Controller

The controller within the meaning of the General Data Protection Regulation (hereinafter "GDPR") for the data processing of personal data on our Website is

10x Founders GmbH

Brienner Str. 21

80333 Munich

 Germany

E-Mail: info@10xfounders.com

Website: https://www.10xfounders.com

2. Data Protection Officer

Our appointed data protection officer is:

Kertos GmbH

Dr. Kilian Schmidt

Nymphenburger Str. 86

80636 München

Deutschland

E-Mail: dsb@kertos.io

3. What is personal data?

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address or IP address. Information for which we cannot (or can only with disproportionate effort) establish a link to your person, e.g. by anonymising the information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis such as your consent.

4. Data processing on our Website

1) Provision and use of the Website

a) Scope and purpose of data processing

We collect and use our users' personal data only insofar as this is technically necessary to provide a functional Website and our content and services or information.

When you access and use our Website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.

The following information is collected without any action on your part and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which the access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process the aforementioned data for the following purposes:

  • Ensuring a smooth connection to the Website
  • Ensuring the convenient use of our Website
  • For IT-Security purposes

b) Legal basis

Art. 6 para. 1 lit. f GDPR serves as the legal basis. The processing of the aforementioned data is necessary for the provision of a Website and to enable secure and convenient use and thus serves to safeguard a legitimate interest of    our company.

c) Storage period and data erasure

As soon as the aforementioned data is no longer required to display the Website, it is deleted (latest within 30 days). The collection of data for the provision of the Website and the storage of data in log files is absolutely necessary for the operation of the Website. Consequently, the user has no option to object. Further storage will take place in individual cases if this is required by law.

d) Third Parties

For the hosting of the Website we use an external service provider, Webflow, Inc.. Your personal data will be passed on to Webflow in order to provide the services. Webflow’s servers are based in the United States, therefore it is posbbile that the personal data collected is transferred to the United States. Webflow is certified according to the EU-U.S. Privacy Framework, which is why such transfers are based on the legal basis according to Article 45 GDPR. For more information, please refer to Webflow’s Privacy Policy (https://webflow.com/legal/eu-privacy-policy) or ask us about the DPA that has been concluded.

2) Contact by E-Mail

a) Scope and purpose of data processing

On our Website, we offer you the opportunity to contact us by E-Mail. When you contact us, the personal data you provide such as title, name, content of the e-mail and your e-mail address, will be processed.

This data is processed by us for the purpose of enabling us to process your enquiry properly. If you contact us by e-mail, your personal data will not be passed on to third parties.

b) Legal basis

The data processing described above for the purpose of establishing contact is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests in being able to process your enquiry. If your enquiry serves to prepare the conclusion of a contract, Art. 6 para. 1 lit. b GDPR is an additional legal basis.

c) Storage period and data erasure

As soon as your enquiry has been dealt with and the matter in question has been conclusively clarified, your personal data processed via the contact form will be deleted. Further storage may take place in individual cases if this is required by law or is necessary for the fulfilment of the contract.

3) Newsletter

a) Scope and purpose of data processing

On our Website, we offer you the opportunity to subscribe to your newsletter. If you choose to subscribe, the personal data you provide (Name, Surname and E-Mail Address), will be processed. The newsletter will only be sent with your express consent. After entering your personal data, you will receive a confirmation E-Mail to the E-Mail address provided. The newsletter will only be sent after explicit confirmation by clicking on a link in the confirmation E-mail (so-called double opt-in).

This data is processed by us for the purpose to send you regular updates and news of our Branche.

b) Legal basis

The data processing described above for the purpose of sending our newsletter is carried out in accordance with Art. 6 para. 1 lit. a GDPR.  If you are already an existing customer, we rely on the legal basis of legitimate interest according to Art. 6 para. 1 lit. f GDPR, specifically our interest in providing you with updates on our products.

c) Storage period and data erasure

Your personal data will be stored until you unsubscribe from the newsletter.

d) Third Parties

For the provision of the newsletter we use an external service provider, rapidmail GmbH. Your personal data will be passed on to rapidmail so that rapidmail can provide the services. For more information, please refer to rapidmail's privacy policy (https://www.rapidmail.de/datenschutz-kundenbereich) or ask us about the DPA that has been concluded.

4) Application form

a) Type and scope of data processing

On our website, we offer you the opportunity to apply for vacancies using an application form. If you contact us via this form, the following personal data will be processed:
  • Name
  • E-mail address
  • Telephone number
  • Start date
  • Desired salary
  • LinkedIn (Optional)
  • CV
  • Certificates
This data is processed by us for the purpose of enabling us to process your application properly.
When using the form, your personal data will not be passed on to third parties.

b) Legal basis

The data processing described above for the purpose of processing applications is carried out in accordance with Art. 6 para. 1 lit. b GDPR in conjunction with § 26 (1) 1 BDSG on the basis of contract initiation.

c) Storage duration

If the application leads to an employment relationship, the processed data will be stored until the end of the employment relationship. If no employment relationship is entered into, we will store your data for 6 months on the basis of the General Equal Treatment Act and then delete it.

d) Third Parties

For the provision of the application form we use an external service provider, Personio GmbH. Your personal data will be passed on to Personio GmbH so that they can provide the services. For more information, please refer to Personio’s privacy policy (https://www.personio.de/datenschutzerklärung) or ask us about the DPA that has been concluded.

5. Cookies

The privacy of our Website visitors is important to us, so we do not track any individual people and don’t use Cookies on our Website. Therefore we don’t have implemented a Cookie Banner, because there is no need for that.

6. Analytics

We use an external service provider (Plausible Analytics) to analyze the behavior of our website visitors. In that sense, all the site measurement is carried out 100% anonymously, there are no persistent identifiers and no cross-site or cross-device tracking either. For further information, visit the privacy policy of Plausible Analytics: https://plausible.io/privacy.

7. Plugins

a) Scope and purpose of data processing

Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. Therefore, a social plugin of the social network "LinkedIn" (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) is integrated on our Website. Based on the data transmitted to the respective service via the social plugin, the service may be able to assign you to your account with it.

The social plugin is integrated in such a way that no data is transferred directly to LinkedIn. Data is only transferred when you click on the button. By doing so, you leave our Website and establish a direct connection between your browser and the Facebook servers. Information on the data that is subsequently collected by LinkedIn can be found here:

https://de.linkedin.com/legal/privacy-policy

b) Legal basis

The legal basis for this processing of your personal data is your consent (by clicking on the button) according to Art. 6 para. 1 lit. a GDPR.

8. Recipients of personal data

Within our company, only those persons have access to your personal data who need it for the purposes stated in each case. Your personal data will only be passed on to external recipients if we are legally authorized to do so or if we have your consent. Below you will find an overview of the relevant recipients:


  • Processors: Group companies or external service providers, for example in the areas of technical infrastructure and processing, maintenance and payment processing, which are carefully selected and checked. The processors may only use the data in accordance with our instructions.
  • Public authorities: Authorities and state institutions, such as tax authorities, public prosecutors or courts, to which we (have to) transfer personal data, e.g. to fulfil legal obligations or to protect legitimate interests

9. International data transfer

We process your data mainly within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers may be based outside the EEA in so-called "third countries". The General Data Protection Regulation places high demands on the transfer of personal data to third countries. All our data recipients must fulfil these requirements. Before we transfer your data to a service provider in a third country, each service provider is first checked for its level of data protection. A service provider is only selected if it can demonstrate an adequate level of data protection outside the EEA. Regardless of whether our service providers are based within the EEA or in third countries, each service provider must conclude an order processing agreement with us. Service providers outside the EEA must fulfil additional requirements. In accordance with Art. 44 ff. GDPR, personal data may be transferred to service providers who fulfil at least one of the following requirements:

  • The European Commission has decided that the third country guarantees an adequate level of                protection (e.g. Israel and Canada).
  • Standard contractual clauses have been included in our contract with the data recipient (including any additional measures if necessary).
  • Further appropriate safeguards pursuant to Art. 46 GDPR provided (e.g. Binding Corporate        Rules).
  • In special exceptional cases in accordance with Art. 49 GDPR

10. Data security and security measures

We undertake to treat your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress.

However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data - e.g. when sent by e-mail - may be read by third parties. We have no technical influence on this. It is your responsibility as a user to protect the data you provide against misuse by means of encryption or in any other way.

11. Storage of the data

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

12. Data subject rights

You have the following legal rights vis-à-vis us with regard to your personal data:

Right of access

You have the right to request confirmation as to whether we are processing personal data concerning  you. If this is the case, you have the right to information about this personal data and to further information, e.g. the processing purposes, the recipients and the planned duration of storage or the criteria for determining the duration.

Right to rectification

You have the right to request the rectification of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.

Right to erasure ("right to be forgotten")

You have the right to erasure if the processing is not necessary. This is the case, for example, if your data is no longer required for the original purposes, if you have revoked your declaration of consent under data protection law or if the data has been processed unlawfully.

Right to restriction of processing

You have the right to restrict processing, e.g. if you believe that the personal data is incorrect.

Right to data portability

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.

Right to object 

You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data  concerning you.  In the case of direct advertising, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

Right to withdraw your consent under data protection law

You can revoke your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the legality of the processing carried out up to the point of revocation.


Without prejudice to these rights, you have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of your personal data violates data protection regulations.



Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.