Privacy Policy

Effective Date: 20/06/2025 Last Updated: 20/06/2025

This Privacy Policy sets forth how DAX Innovation Hub ("DAX | HUB", "we", "our", or "us") processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable data protection laws in the European Union.

1. Identity of the Controller

DAX | HUB operates as a joint initiative between NewsAvia, with its registered address at R. da Ponte Nova 3, 1 Andar, Sala B, 9050-440 Funchal, Portugal, and the Foundation of Innovative European Economy (FIEE), with its registered office at Smulikowskiego 1/3, 00-389 Warsaw, Poland.

For the purposes of this Privacy Policy, the Data Controller for personal data collected through our website (www.dax-hub.com), application systems, and physical or virtual events is FIEE.

If you have any questions about how your data is processed, or wish to exercise your rights under the GDPR, please contact us at:
Email: info@dax-hub.com

DAX | HUB processes personal data to deliver and manage events, innovation programs, and ecosystem engagement activities. This includes data submitted via registration forms, startup applications, partnership requests, and digital platforms. Typical data includes names, contact details, affiliations, project summaries, and correspondence records.

All processing is carried out lawfully, fairly, and transparently. We apply appropriate technical and organizational safeguards to protect your data, including where data is stored or processed outside the European Economic Area. In such cases, we ensure that standard contractual clauses or other legally recognized safeguards are in place.

Where activities are carried out jointly with partner organizations—such as co-hosted events or shared application platforms—DAX | HUB may act as a joint controller with the respective partner. In such cases, the parties agree in writing how data protection responsibilities are allocated, in accordance with Article 26 GDPR. A summary of this arrangement is available upon request.

Each party remains responsible for complying with its respective data protection obligations and agrees to cooperate in good faith on matters such as data subject rights, regulatory inquiries, and incident response. Any actual or suspected personal data breach that may impact individual rights will be communicated without undue delay to the other party and, where required, to supervisory authorities and affected data subjects.

2. Categories of Personal Data Processed

We collect and process the following categories of personal data in connection with your engagement with DAX | HUB:

Identification Data, such as your name, title, institutional affiliation, and nationality;
Contact Information, including your email address, telephone number, and postal address;
Professional Details, including your organization, job role, domain expertise, and publicly available professional profiles such as LinkedIn;
Application Content, which may include information submitted in connection with event applications, pitch decks, startup descriptions, project overviews, technology readiness level (TRL) assessments, and intellectual property details;
Communication Data, such as correspondence history, feedback submissions, and responses to contact forms or program inquiries;
Event Participation Data, including confirmation of attendance, session and panel involvement, contributions during live or recorded formats (whether in-person or virtual), and photo or video material captured during public-facing event programming for archival, documentation, or promotional purposes, subject to appropriate opt-out procedures;
Technical and Usage Data, collected automatically through cookies and analytics tools, which may include your device type, browser configuration, IP address, session duration, user interactions, and other metrics used to improve platform functionality and user experience, as further detailed.

We do not intentionally collect or process any special categories of personal data as defined in Article 9(1) of the GDPR—such as those relating to health status, religious beliefs, political opinions, or biometric identifiers—unless explicitly required for limited and specific purposes (e.g., dietary requirements or accessibility needs for physical event attendance), and only with your informed, affirmative consent.

3. Purpose and Legal Basis of Processing

We process personal data only when there is a clear and lawful basis to do so, in accordance with the General Data Protection Regulation (GDPR).

When you engage with DAX | HUB—either directly or through one of our events or programs co-organized with partner institutions—your data may be processed for purposes such as: registering and managing your participation in events; evaluating startup applications and research proposals; coordinating communications with you or your organization; distributing newsletters and event materials; capturing and sharing event recordings and media; ensuring secure and effective platform use; and meeting legal or funding-related obligations.

The legal bases for these activities may include:

• Performance of a contract (Article 6(1)(b)), for example, when you register for an event or submit an application;
• Legitimate interests (Article 6(1)(f)), such as developing innovation networks, facilitating partnerships, or operating secure digital platforms;
• Consent (Article 6(1)(a)), especially for email marketing, photography, or optional data fields; and
• Legal obligation (Article 6(1)(c)), when we are required to retain data for compliance or reporting purposes.

If DAX | HUB and another organization jointly determine how and why personal data is used—such as during co-hosted programs or shared application processes—both parties may act as joint controllers under Article 26 GDPR. In such cases, a formal agreement will define respective responsibilities for data protection compliance, and a summary of this arrangement is available upon request.

We do not collect sensitive personal data unless it is strictly necessary (for example, dietary or accessibility information for physical events) and only with your explicit consent under Article 9(2)(a) GDPR.

4. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was originally collected, or as required to comply with applicable legal, contractual, or operational obligations.

In most cases, the following retention periods apply:

Event participant data is retained for up to 18 months following the conclusion of the event, to support follow-up communication, impact analysis, and re-engagement for future initiatives.

Application data submitted by startups, mentors, or institutional partners may be retained for up to five (5) years in order to support program continuity, alumni engagement, future collaboration and investment opportunities, and reporting obligations to public funding bodies, European institutions, or oversight authorities. Where appropriate, such data may be pseudonymized or archived with limited access controls and used for statistical or longitudinal program evaluation.

Communication records and feedback data are retained for up to 24 months to improve service delivery, maintain dialogue continuity, and document interactions with stakeholders.

Financial, legal, and compliance-related records are retained in accordance with the relevant statutory retention periods under national and EU law, including public procurement, taxation, and grant reporting regulations.

We may also retain anonymized or aggregated data beyond these periods for legitimate archiving purposes, long-term ecosystem analysis, research activities, and internal reporting, provided that such data can no longer be used to identify individuals.

All retention periods are reviewed periodically, and data is securely deleted, archived, or anonymized when it is no longer required.

5. Recipients and Data Sharing

We may share your data with:

Trusted processors (e.g., Mailchimp, HubSpot, Eventbrite, Notion, Google Workspace)

Public authorities or funding bodies (e.g., European Commission, EUDIS, EDF, NATO DIANA) when legally required

Co-organizers, mentors, or juries during acceleration and event processes

Strategic investors or OEMs in the context of match-making or demo day activities (with appropriate consent or NDA)

All third-party processors are subject to binding contractual obligations under Art. 28 GDPR.

6. International Data Transfers

In certain cases, personal data may be transferred to and processed by service providers or partners located outside the European Economic Area (EEA). Where such transfers occur, we take all necessary steps to ensure that your personal data continues to be protected in accordance with applicable data protection laws.

All international transfers are made in compliance with Chapter V of the General Data Protection Regulation (GDPR). Specifically, we rely on one or more of the following legal mechanisms:

The use of Standard Contractual Clauses (SCCs) adopted by the European Commission, which ensure that recipients outside the EEA commit to uphold EU-level data protection standards;

Transfers to countries or entities subject to an adequacy decision issued by the European Commission, confirming that their legal framework offers an adequate level of data protection;

Transfers to organizations in the United States that are certified under the EU–U.S. Data Privacy Framework, where applicable and recognized.

We assess the legal and technical risks associated with each transfer and, where necessary, implement additional safeguards such as encryption, access controls, or data minimization practices.

You may request further information about the safeguards in place for specific transfers or obtain a copy of the relevant contractual protections by contacting us at info@dax-hub.com.

7. Your Rights under the GDPR
As a data subject within the scope of the General Data Protection Regulation (GDPR), you have a number of rights in relation to the personal data we process about you. These rights include:

• The right of access (Article 15), which allows you to request confirmation as to whether we process your personal data and to obtain a copy of that data along with related information;
• The right to rectification (Article 16), enabling you to request correction of inaccurate or incomplete personal data;
• The right to erasure (Article 17), also known as the “right to be forgotten,” allowing you to request deletion of your personal data in certain circumstances;
• The right to restrict processing (Article 18), which allows you to request a temporary or permanent limitation on how we process your personal data;
• The right to data portability (Article 20), entitling you to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible;
• The right to object to processing (Article 21), particularly where the data is processed on the basis of our legitimate interests or for direct marketing purposes;
• The right to withdraw consent (Article 7(3)), where processing is based on your consent, without affecting the lawfulness of processing carried out before withdrawal;
• The right to lodge a complaint with a competent supervisory authority (Article 77), particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that your data has been processed in violation of the GDPR.

To exercise any of these rights, or if you have any questions about how your data is handled, you may contact us at:
Email: info@dax-hub.com
We will respond to all valid requests in accordance with applicable data protection laws, and typically within one month of receipt.

8. Cookies and Tracking Technologies

Our websites use cookies and similar tracking technologies to enhance functionality, analyze user engagement, and support outreach activities. Cookies are small data files stored on your device when you visit a website. They help us deliver a better user experience and improve our services.

We use cookies for the following purposes:

• Site performance and session management, including navigation support, load balancing, and access to secure areas of the site;
• Usage analytics, such as those provided by Google Analytics, to understand how visitors interact with our website, identify popular content, and assess the effectiveness of information delivery;
• Marketing and outreach, including cookies used for audience segmentation, newsletter optimization, and retargeting, but only where you have provided prior, informed consent.

In accordance with the ePrivacy Directive (Directive 2002/58/EC) and the General Data Protection Regulation (GDPR), non-essential cookies (including analytics and marketing cookies) are only activated after you have provided explicit consent via our cookie banner or consent management tool.

9. Automated Processing and Profiling

We do not engage in fully automated decision-making that produces legal effects. Any automated elements (e.g., scoring for pitch evaluation or investor matching) are subject to human review and oversight, and participants may request manual reassessment.

10. Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with the processing of personal data, in accordance with Article 32 of the General Data Protection Regulation (GDPR).

These measures are designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, whether in transmission, storage, or otherwise.

Our current security framework includes, but is not limited to:

• Role-based access control, ensuring that only authorized personnel can access personal data relevant to their responsibilities;
• Encryption of data, both in transit and at rest, to protect the confidentiality and integrity of personal data stored on our systems or communicated over public networks;
• Multi-factor authentication (MFA) for administrator-level and back-office access, adding an additional layer of protection to critical systems;
• Regular staff training and awareness, ensuring that personnel involved in data processing activities are informed of their obligations under applicable data protection laws and follow internal procedures for secure handling.
• We periodically review and update our security policies and practices in response to evolving threats, regulatory expectations, and advancements in technology. Where we engage third-party processors, we require that they implement equivalent security measures contractually.

11. Third-Party Links

Our websites may include links to third-party content (e.g., partner institutions, submission forms, external events). We are not responsible for the privacy practices of those third-party sites and encourage you to review their policies.

12. Policy Updates

This policy may be updated periodically to reflect changes in legal, technical, or operational developments. Users will be notified of material updates via the website or by email, where appropriate.

Contact: DAX | HUB – Data Protection Office info@dax-hub.com