Data Protection Policy

CIO Ventures GmbH ("we", "us", or "our") is the data controller responsible for processing your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

Contact:
CIO Ventures GmbH
Musterstraße 123
60311 Frankfurt am Main, Germany
Email: privacy@cio-ventures.com

We collect and process the following categories of personal data:

• Identity Data: Name, professional title, organization, and profile photo
• Contact Data: Email address, phone number, and business address
• Professional Data: LinkedIn profile (if provided), areas of expertise, and industry experience
• Event Data: Event registrations, attendance history, and preferences
• Technical Data: IP address, browser type, and usage data for website optimization

We process your personal data for the following purposes:

• Managing membership and event registrations
• Facilitating peer-to-peer networking within our community
• Sending event invitations and community updates (with your consent)
• Creating anonymized post-event summaries following Chatham House Rule
• Improving our services and user experience
• Complying with legal obligations

Legal Basis: We process your data based on contractual necessity (membership services), legitimate interest (community operations), and consent (marketing communications).

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interest
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at privacy@cio-ventures.com. You also have the right to lodge a complaint with a supervisory authority.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Staff training on data protection

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, typically for the duration of your membership plus 3 years for legal compliance purposes.