HubClub Logo

Privacy Policy.

I. Scope of this Privacy Policy

This Privacy Policy provides information about the processing of personal data (hereinafter also referred to as "data") in connection with the use of the "Hub Club" app operated by taliox GmbH, hereinafter referred to as the "Operator".

II. Data Controller

The data controller responsible for data processing is:

taliox GmbH
Am Lindbruch 75
41470 Neuss
Germany
Management: Philipp Bischof, Tjark Dönni, Robert Kamuda
Phone: +49 151 20788566

Where responsibility for specific data processing activities differs, this is indicated in this Privacy Policy. We are not required to appoint a data protection officer. We have not appointed a data protection officer.

III. Quick Summary

For a quick overview, the most important information about our processing activities is briefly summarized below. For more detailed information, please refer to Section IV.

1. Categories of Data Subjects

Data processing concerns the following categories of data subjects:

Public Users: We refer to public users as users who exclusively use the publicly accessible area of our app. This can be anyone who downloads our app from one of the common app stores.

Authorized Users: We refer to authorized users as users who use both the publicly accessible area and the non-public area. Access to the non-public area is exclusively available to startups, corporate partners, and their employees.

2. Categories of Personal Data

Data processing concerns the following categories of personal data:

Technical Usage Data: This refers to personal information that is automatically transmitted from the accessing device to a server when retrieving content via the Internet. This information includes, for example, the IP address of the accessing device.

For authorized users, the following additional categories of personal data are processed:

3. Transfer to Data Processors and Third Parties

For certain processing activities, we rely on the technical service providers (so-called data processors) specified in more detail in Section IV. To ensure secure and GDPR-compliant processing of personal data, we conclude data processing agreements with our technical service providers in accordance with Art. 28 GDPR. Transfer of data to other recipients only occurs to the extent specified in Section IV.

4. Transfer to Third Countries

The app and web application are hosted on a server in Germany. Transfer of personal data to countries outside the European Economic Area (EEA) is not intended. However, we cannot exclude processing of a pseudonymized device ID outside the EEA for the Firebase service used for push notifications (see Section IV.1.). The integration of the Firebase service is based on a data processing agreement in accordance with Art. 28 GDPR, including EU Standard Contractual Clauses. EU Standard Contractual Clauses are standardized contractual terms prescribed by the EU Commission for transfers to third countries where an adequate level of data protection does not exist.

IV. Processing Activities

1. Technical Usage Data

a) Retrieval of Content

The app is provided and maintained by taliox GmbH as the operator. For the retrieval of content, technical usage data is automatically transmitted from the user's device to the app server. This includes:

This data is processed to correctly deliver the requested content. Transmission is encrypted via the HTTPS Internet protocol. Processing and storage takes place to the extent and as long as necessary to enable correct delivery and display of content. The legal basis is Art. 6(1)(b) GDPR.

Further processing of technical usage data occurs exclusively for the following purposes:

b) Crash Logs

In the event of malfunctions, technical usage data and information about the error are stored as so-called crash logs. This helps us fix errors and improve the security and stability of the app. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the security and stability of the app.

c) Push Notifications

Push notifications are displayed directly through the device's operating system, so that messages can be received even when the app is closed. For sending push notifications, we use the technical service Firebase Cloud Messaging ("Firebase") from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA ("Google"). Push notifications are sent based on an individual pseudonymized device identifier generated by the app and transmitted to Google. We use push notifications to notify our users in real-time about new messages. The message itself is delivered exclusively via the app server, without the involvement of Firebase.

The integration of Firebase is based on a data processing agreement in accordance with Art. 28 GDPR. We cannot exclude that data processing by Google also takes place in countries outside the EEA, particularly the USA. For this case, the validity of EU Standard Contractual Clauses has been agreed.

If push notifications are not desired, the function can be deactivated in the device's operating system settings.

The legal basis is Art. 6(1)(b) GDPR.

d) Statistics

We create usage statistics on the number of accesses to individual content within the app. For this purpose, accesses are recorded based on technical usage data and stored in pseudonymized form for a maximum of six months. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is to learn how our app is used so that we can design it functionally and in line with users' interests.

2. User Data

We process user data for the purpose of registration and storage of a user profile.

a) Registration

Registration of users for the non-public area of the app is based on the following user data:

The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is to ensure that only authorized employees of our startups and corporate partners have access to the non-public area of the app.

b) User Profile

For use of the non-public area, creation of a user profile is required. The following user data is collected for this purpose:

Optionally, the following additional user data may be provided:

The user profile is stored on the app server and is visible to all users of the non-public area. The legal basis is Art. 6(1)(b) GDPR and, regarding optional profile data, Art. 6(1)(a) GDPR.

3. Content Data

Users of the non-public area can exchange text messages in private chats or group chats. Text messages are stored in the sender's and recipient's inbox on the app server. The legal basis is Art. 6(1)(b) GDPR. How users handle text messages is subject to the respective users' data protection responsibility.

4. Check-In Data

If required due to an epidemic situation (such as in the case of SARS-CoV-2), we record the occupancy of registered premises through a mandatory check-in. The app records when and for how long the user uses the premises. The data is stored for 30 days. This enables the operators of the premises to take measures to prevent infection and trace infection chains if necessary. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in avoiding infection of our customers as much as possible and keeping the co-working spaces usable for our customers. In case of corresponding legal obligations, Art. 6(1)(c) GDPR also applies.

V. Data Storage Period

User profiles including all user data and the associated inboxes including all content data (text messages) contained therein are deleted when the user deletes their profile or the user's right of use expires in accordance with the terms of use. Message content that the user sent to other users before deletion remains stored in the inboxes of the other users, but without the name or any other reference to the deleted user. Where no storage period is specified for the respective data processing activities in Section IV, the following applies: Your data will be stored as long as the purpose or legal basis for processing ceases to exist and no commercial or tax retention periods require storage beyond that.

VI. Your Rights

To exercise the rights listed below, you can simply contact us (contact details: see Section II). To ensure that you are actually the person you claim to be, we may request information that allows us to confirm your identity.

1. Right of Access

You can request confirmation as to whether we process personal data concerning you. If this is the case, you have a right to access this data (including a copy of this data) as well as information about the circumstances of processing in accordance with Art. 15 GDPR.

2. Right to Rectification

You have the right to request the rectification of your personal data if it has been recorded incorrectly. If personal data is incomplete, you can request completion.

3. Right to Erasure

You have the right to request the erasure of your personal data if one or more reasons in accordance with Art. 17(1)(a) to (f) GDPR apply and none of the exceptions in Art. 17(2) GDPR applies.

4. Restriction of Processing

Under the conditions of Art. 18 GDPR, particularly in connection with disagreements about the lawfulness of processing, you can request a restriction of processing.

5. Complaint to the Supervisory Authority

If you believe that the processing of personal data concerning you is unlawful, you have the right to lodge a complaint with the competent supervisory authority, particularly in the country of your habitual residence, your place of work, or the place of the alleged infringement (Art. 77 GDPR). This right exists without prejudice to any other administrative or judicial remedy.

6. Withdrawal of Consent

If your personal data is processed based on your consent pursuant to Art. 6(1)(a) GDPR or transferred to a third country based on your consent pursuant to Art. 49(1)(1) GDPR, you can withdraw your consent at any time. If there is no other legal basis for processing, the affected data will be deleted immediately in the event of withdrawal. The lawfulness of processing based on consent up to the time of withdrawal is not affected by the withdrawal.

7. Right to Object in Case of Balancing of Interests and Direct Marketing

a) Objection in Case of Balancing of Interests

You have the right to object to data processing that is carried out based on a balancing of interests in accordance with Art. 6(1)(f) GDPR if this is justified for reasons arising from your particular situation. If such reasons exist, the relevant data processing will be discontinued. This does not apply if compelling legitimate interests can be demonstrated that override the discontinuation of processing, or if the processing serves the assertion, exercise, or defense of legal claims.

b) Objection to Direct Marketing

You can object to any processing of personal data carried out for the purpose of direct marketing. The personal data will then no longer be used for direct marketing purposes.

8. No Automated Decision-Making

Our data processing does not involve automated decision-making within the meaning of Art. 22 GDPR.

VII. Changes to this Privacy Policy

This Privacy Policy is subject to occasional changes. You will always find the most current version of the Privacy Policy on this page.

Effective Date: April 4, 2022

Hub Club | taliox GmbH © 2025 | Terms and Conditions · Privacy Policy