Strategies for incorporating sustainability risks
(Art. 3 Disclosure Regulation (EU) 2019/2088)

Due to legal requirements
(Art. 3 Disclosure Regulation), we are obliged to provide the following information. We do not intend to advertise ecological or social features in our investment process:

• With our focus on digital healthcare, sustainability is part of our DNA. We are convinced that sustainable action creates added value – not only for society, but also for our investors.
• Environmental conditions, social upheavals and or poor corporate governance can have a negative impact on the value of an investment. We consider and evaluate sustainability risks in the context of a Due Diligence, which precedes every investment. We remain independent in our decision to abstain from an investment or to conduct an investment in spite of sustainability risks, while we may pursue measures to reduce or mitigate sustainability risks in such a case. In the context of sustainability risks, we will apply the principle of proportionality. This means that the effort required always needs to be in a reasonable relation to the volume and type of investment as well as the transactional context and the connected room for maneuver.
• The incorporation of sustainability risks is decisive for the fundamental assessment of our employees’ work performance, but has no direct influence on future salary development. However, the compensation policy is in line with our strategic objectives and is geared towards long-term and sustainable business. It does not provide incentives to take risks. To this extent, the compensation policy is in line with our strategies for incorporating sustainability risks (Art. 5 Disclosure Regulation).

Statement on the non-consideration of adverse effects on sustainability factors
(Art. 4 Disclosure Regulation)

Due to legal requirements (Art. 4 Para. 1 a Para. 2 Disclosure Regulation or Art. 4 Para. 5 a Disclosure Regulation) we are obliged to provide the following information:

• Investment decisions can have adverse effects on the environment (e.g. climate, water, biodiversity), on social and labor concerns, and can also be detrimental to the fight against corruption and bribery.
• We do not currently consider any adverse impacts of investment decisions on sustainability factors, and we currently do not use sustainability indicators. The effort connected to the consideration of adverse impacts on sustainability factors (especially in connection with the use of sustainability indicators) does not correspond in an adequate way to the very low significance which such adverse impacts could attain in the context of our investment strategy. We pursue an active Venture Capital strategy and invest in young startups in healthcare and digital healthcare, mainly domiciled in Germany and other European countries. The implementation of the optional provisions of the Disclosure Regulation (EU 2019/2088) (Sustainable Finance Disclosure Regulation „SFDR“) as well as the substantiating Regulatory Technical Standards („RTS“) would be connected to multiple uncertainties. Therefore, these provisions and their application on the strategies pursued by us are difficult and obscure. In case these provisions develop further or an actionable market- and administrative practice is established, we will consider their application at an appropriate time (Art. 4 para. 1 b) Disclosure Regulation or Art. 4 para. 5 b) Disclosure Regulation).
• However, we expressly declare that this handling does not change our willingness to contribute to a more sustainable, resource-efficient economy with the aim in particular of reducing the risks and effects of climate change and other ecological or social grievances.

Privacy Policy

The provider of this website and responsible for data processing is DHV Management GmbH, Gervinusstr. 3c, 10629 Berlin (hereinafter “provider” or “we”).

This Privacy Policy applies as well to DHV Geschäftsführungs GmbH, Gervinusstr. 3c, 10629 Berlin, and DHV Investors GmbH & Co. KG, 10629 Berlin.

In this document, we fulfill our legal obligation under Art. 13, 14 GDPR to provide you with the relevant information regarding the processing of your personal data:

The provider collects, uses and stores your personal data in accordance with the provisions of the EU General Data Protection Regulation (DSGVO), the Federal Data Protection Act and the Telemedia Act. Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person. Below we will inform you about the nature, scope and purpose of the collection and use of personal data.

Which data are processed and from which sources do they come from?

We process personal data (Article 4 No. 1 GDPR), which we receive as part of our activities as a venture capital fund. As far as this is required for our business, we also process data that we obtain from publicly available sources (e.g. from the Internet or from commercial registers) or in the form of business cards (e.g. at trade fairs or events) or by e-mail have received. Personal data includes personal data (name, address, contact details, the company that operates or owns the person, position within the company).

For what purpose is the data processed?

We process personal data in order to provide our services as a VC fund. That’s why we regularly look for start-ups with attractive business models and process personal information from start-up team members in order to decide whether to conduct an investment. We store the data in our e-mail system as well as in our CRM systems (Pipedrive) in order to be able to communicate with you. If you provide us with presentation materials on your company, which contain personal data, it cannot be avoided that this data is stored on our hard drives and our cloud storage, in order for us to be able to conduct essential internal workflows and decision processes.

On which legal basis is the data processed?

We process personal data in accordance with the following data protection regulations:

1. a) Processing of personal data with your consent (Article 6 (1) a GDPR):

If you provide us with your data about you and your company, we assume your consent to process your personal data (Art. 4 No. 2 GDPR) with your consent.

1. b) Processing of personal data in order to fulfill contractual obligations (Article 6 (1) (b) GDPR):

If we enter into a contractual relationship (including the initiation of the contractual relationship), the processing of personal data for the provision of our services as a VC fund in accordance with Art. 6 para. 1 b DSGVO.

1. c) Processing of personal data to fulfill statutory requirements (Article 6 (1) (c) GDPR):

In the event that our company is subject to a legal obligation that requires the processing of personal data, such as the fulfillment of tax obligations or under he Money Laundering Act (Geldwäschegesetz – GwG), the processing of personal data pursuant to Art. 6 para. 1 lit. c DSGVO.

1. d) Processing of personal data pursuant to Art. 6 (1) (f) (legitimate interests of the person responsible):

We process personal data from publicly available sources, as this is necessary in order to operate a VC fund.

Will data be transferred to third parties?

We may share personal data with third parties. Internally, those departments have access to your data that need it to fulfill our contractual and legal obligations. Service providers can receive data in order to fulfill our legal obligations if they maintain confidentiality in particular.

In addition, in certain individual cases we are required to collect certain personal data when initiating and performing our services due to legal obligations, and within the scope of this obligation we also use external service providers who receive and process personal data from us for this purpose. These service providers usually process personal data within the EU. If the processing takes place outside the EU, we ensure an appropriate level of data protection in order to comply with the requirements of European law. This is mainly done on the basis of the EU standard data protection clauses formulated by the European Commission.

In addition, we can, as far as legally permissible, your personal data and the personal data received or permissibly collected from you in the context of the execution of the order for the fulfillment of legal obligations or in the context of legal disputes with courts and public authorities (e.g. tax authorities or law enforcement authorities) in Send at home and abroad. The data passed on may only be used by the third party for the stated purposes.

Information about the transfer of personal data to a third country

We use various cloud services as part of our service, e.g. US based providers that also process personal information (name, email address and possibly others). Microsoft Corporation, One Microsoft Way. Redmond, WA 98052-7329, United States; (For details on the use of personal information, please visit: https://privacy.microsoft.com) and Pipedrive Inc, 460 Park Ave. South, NY, NY 10016, USA (for details on the use of personal information, see: https://www.pipedrive.com/en/privacy).

We will only transfer personal information to a US provider if such transmission is permitted under the Privacy Shield Agreement and / or the transmission is legitimized by standard privacy clauses (standard contractual clauses). The guarantees for privacy can be found here:

https://www.privacyshield.gov/EU-US-Framework

The standard contract clauses can be found here:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF

Is there an automated decision-making process?

We do not use automated decision-making processes under Art. 22 GDPR for initiating decisions on the establishment or carrying out of the business relationship, which would have legal consequences for the data subject or would have a similar significant negative impact on this person.

Server log files

We collect and store information about visiting our website in so-called server log files, which your browser automatically transmits to us. These are:

• Reduced IP address
• Browser type / version
• Used operating system
• Referrer URL (the previously visited page)
• Date and time of the server request
• Transferred amount of data
• The requesting provider

These data are collected solely for statistical purposes. A merge of this data with other data sources will not be done.

Use of cookies

Our website uses on the basis of Art. 6 para. 1 lit. f DSGVO so-called cookies. A cookie is a file that stores certain device-related information on users’ access devices (PC, tablet, smartphone, etc.). If our website is called up by the user’s device, the server of our website contains cookies. The server can evaluate the information stored in the cookie in several ways. Cookies can be used to: For example, advertisements can be adapted to the user behavior recorded with the cookie, and statistical data from website usage can be recorded. You can allow or disable cookies via the settings in your browser. However, not all features of our website may be available if you disable cookies.

Subscription to our newsletters

On the website of the DHV Management GmbH, users are given the opportunity to subscribe to our enterprise’s newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.

The DHV Management GmbH informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter shipping. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.

During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.

Newsletter-Tracking

The newsletter of the DHV Management GmbH contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the DHV Management GmbH may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.

Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. The DHV Management GmbH automatically regards a withdrawal from the receipt of the newsletter as a revocation.

Video conferencing with Zoom

We use the video conference solution Zoom to coordinate with potential cooperation partners (e.g. startups, service providers). When using Zoom, audiovisual content and metadata (identifier of the participants and communication logs) are processed. The audiovisual content is not recorded. The metadata will be deleted by us after a meeting. The processing of personal data is necessary in order to be able to communicate with you and is therefore carried out on the basis of our legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR. By using Zoom, we draw on the services of Zoom Video Communications, Inc. (“Zoom”), with whom we have signed an order processing agreement. By using Zoom, a transfer to a country outside the EEA for which there is no adequacy decision by the EU Commission according to Art. 45 GDPR cannot be completely ruled out. The order processing agreement with Zoom therefore includes the EU standard data protection clauses. If you do not agree to the use of Zoom as a conference solution, communication can also take place via other means (e.g. by telephone) or via a communication solution you have provided.

Contact possibility via the website

The website of the DHV Management GmbH contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

Data protection provisions about the application and use of Google Analytics (with anonymization function)

On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

For the web analytics through Google Analytics the controller uses the application “_gat. _anonymizeIp”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.

Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the

Duration of storage and routine deletion

We only process and store personal data for the period of time necessary to achieve the processing purpose or as provided for in laws or regulations governing the controller.

If the purpose of the storage is omitted or if a legally prescribed retention period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Rights of the persons concerned

The person concerned has pursuant to Art. 15 DSGVO the right to obtain free information on request about the personal data stored about him as well as the purpose of the data processing. The person concerned has also pursuant to Articles 16, 17 and 18 DSGVO the right to correct incorrect data and block and delete his personal data. In addition, under the conditions set out in Art. 20 DSGVO, he is entitled to receive the personal data that has been stored concerning him in a structured, common and machine-readable format and to transmit this data to another person responsible without hindrance by the provider. In addition, the person affected pursuant to Art. 21 (1) GDPR shall be entitled to refuse personal data relating to the processing of personal data which, pursuant to Art. 6 para. 1 lit. e or f DSGVO, for reasons that arise from its particular situation, object to this. The provider will fulfill the aforementioned rights of the data subject, as far as the legal requirements for the assertion of the rights are given. Any request for your personal data should be addressed to the e-mail address or address stated in the imprint of our website. Each interested party has the right to lodge a complaint with a data protection supervisory authority about the processing of data when using the website.

Data protection for applications and the application procedures

The data controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased two months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure. Other legitimate interest in this relation is, e.g. a burden of proof in a procedure under the General Equal Treatment Act (AGG).

Data protection provisions about the application and use of Facebook

On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.

A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.

The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.

Data protection provisions about the application and use of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a LinkedIn component (LinkedIn plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding LinkedIn component of LinkedIn. Further information about the LinkedIn plug-in may be accessed under https://developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on LinkedIn, LinkedIn detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, then LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores the personal data.

LinkedIn receives information via the LinkedIn component that the data subject has visited our website, provided that the data subject is logged in at LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our website is made.

LinkedIn provides under https://www.linkedin.com/psettings/guest-controls the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads, as well as the ability to manage ad settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame. The setting of such cookies may be denied under https://www.linkedin.com/legal/cookie-policy. The applicable privacy policy for LinkedIn is available under https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available under https://www.linkedin.com/legal/cookie-policy.

Data protection provisions about the application and use of Twitter

On this website, the controller has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages, which are limited to 280 characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.

The operating company of Twitter is Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.

If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data.

Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.

The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy?lang=en.