SIBMaker LabPrototyping Studio in cooperation withCIC Berlin
Mandatory notice · Art. 13 GDPR

Privacy

How the SIB Maker Lab handles personal data — honestly split between what already runs in this prototype phase and what will only be added once the lab goes live.

Draft — not yet final

This text is a working draft for the prototype. Before going live it will be reviewed with the data protection team of HWR Berlin and filed as a contribution to HWR's record of processing activities under Art. 30 GDPR. Some entries are deliberately marked as open.

Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is the operator of the lab:

Startup Incubator Berlin — the startup centre of the Berlin School of Economics and Law (HWR Berlin).
SIB Maker Lab · at CIC Berlin · Lohmühlenstraße 65 · 12435 Berlin, Germany.

The full details of the operator HWR Berlin (address, representation) are in the Imprint. Lab contact: maker@startup-incubator.berlin (mailbox being set up).

Data protection officer

HWR Berlin has appointed an official data protection officer, who is also responsible for the processing carried out at the SIB Maker Lab. Contact details to be added.

Processing at a glance

The table below lists the processing of personal data. We keep it honest: in this prototype phase only the first two rows are actually active. The remaining rows are planned but not yet in operation for the later live stage — they will only run once the respective feature is switched on. Where a concrete retention period is not yet fixed, we give an honest description rather than a false-precise figure.

Processing activities at the SIB Maker Lab — status: draft, prototype phase.
Processing Purpose Legal basis Retention
Active now — Phase 1 (prototype)
Contact request via form or maker@ email Receiving, answering and organising first contact with the lab (e.g. arranging an appointment and briefing). Art. 6(1)(f) GDPR (legitimate interest in handling your request); where a request relates to a contract or usage, possibly Art. 6(1)(b). For as long as handling your request requires; afterwards deleted, unless legal retention obligations apply.
Server logs of the host Technical operation, stability and security of the website (delivering pages, preventing abuse). Art. 6(1)(f) GDPR (legitimate interest in secure, reliable operation). Short-term; log data is deleted or anonymised after a short period. The exact period depends on the hosting setup — to be added.
Planned — not yet active (only once the lab is live)
Equipment lending via the inventory system Documenting the lending and return of equipment; keeping stock and usage traceable. Art. 6(1)(b) GDPR (usage or lending agreement) or (f). For the duration of the loan and beyond, as far as needed for settlement and proof. Periods will be fixed before launch.
Safety-briefing register Proof that a person has been briefed on specific machines or briefing levels — for safe operation. Art. 6(1)(f) GDPR (safety and operational diligence); possibly (c) where legal duties apply. As long as the briefing is valid or proof obligations exist; deleted afterwards.
Project showcase (image & name) Presenting projects created in the lab (on the website or as a display). Art. 6(1)(a) GDPR (your consent) — voluntary and revocable at any time. Until you withdraw your consent; the publication is then removed.
Project reminder email (optional) Voluntary reminders and information about your project or lab dates. Art. 6(1)(a) GDPR (explicit opt-in) — only if you actively sign up; unsubscribe at any time. Until you withdraw consent or unsubscribe.
Machine booking Coordinating reservations of equipment and time slots. Art. 6(1)(b) GDPR (handling the booking) or (f). For the duration of the booking and its settlement; deleted afterwards unless proof obligations apply.

No external services, no tracking cookies

These prototype pages load no third-party content: fonts and graphics are stored locally, no external maps, analytics or advertising services are embedded, and no tracking cookies are set. The route to CIC Berlin is offered only as a clickable link to OpenStreetMap — a map loads only when you open it yourself.

Recipients & processors

To operate the website we use a hosting provider, engaged as a processor under a data processing agreement pursuant to Art. 28 GDPR. Your data is not shared for advertising purposes and not sold. No transfer to third countries is intended. The specific provider and contract details will be named and added before going live.

Your rights

Under the GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and to object to processing based on a legitimate interest (Art. 21). Where processing is based on your consent, you can withdraw it at any time with effect for the future (Art. 7(3)).

To exercise a right, a message to maker@startup-incubator.berlin or to the controller is enough. To protect your data, confirmation of your identity may be required.

Right to complain

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the Berlin Commissioner for Data Protection and Freedom of Information (BlnBDI), datenschutz-berlin.de.

Changes to this notice

As the lab is still being set up, this privacy draft will be finalised before going live and updated when new features are added. Status: draft, July 2026.

Cookie Consent Banner by Real Cookie Banner