Pitch your idea

Legal

Privacy Policy

Last updated: 19 June 2026

We take the protection of your personal data seriously. This Privacy Policy describes what data we collect, why we use it, how long we keep it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable national law.

1. Scope and who this applies to

This Privacy Policy explains how iriomote ventures GmbH (“iriomote”, “we”, “us”) processes personal data when you visit our website, contact us, or interact with us in connection with our venture engineering activities.

This policy is addressed to website visitors, prospective founders, portfolio companies, investors in our network, and other business contacts. It does not apply to third-party websites linked from our site.

2. Controller and contact

Controller
iriomote ventures GmbH, Forsmannstraße 22A, 22303 Hamburg, Germany
Represented by
Benjamin Houshmand Marvasti, Sebastian Houshmand Marvasti
General contact
contact@iriomote.vc
Privacy contact
contact@iriomote.vc
Data protection officer
No data protection officer has been appointed. For privacy enquiries, contact the managing directors at contact@iriomote.vc.

If you contact us about your personal data, we may ask for information to verify your identity before responding.

3. Categories of personal data we process

The data we process depends on how you interact with us. We do not collect more data than necessary for the purposes described below.

  • Identity and contact data: name, email address, company name, role, and communication content.
  • Application and pitch data: information you submit when pitching an idea or exploring a partnership (e.g. deck, business description, traction metrics).
  • Technical data: IP address, browser type, device information, operating system, referrer URL, and timestamps.
  • Usage data: pages viewed and interactions on our website (where analytics are enabled).
  • Display preference data: your light/dark theme choice stored locally in your browser.

4. Sources of data

  • Directly from you (email, LinkedIn, meetings, pitch materials).
  • Automatically when you use our website (server logs, local storage for display preferences, analytics where enabled).
  • From professional contacts, portfolio companies, or investors in our network where relevant and lawful.
  • From publicly available business sources (e.g. company registers, professional profiles) for legitimate business outreach.

5. Purposes and legal bases (GDPR Art. 6)

Website operation and security
To deliver the site, prevent abuse, and maintain security. Legal basis: legitimate interests (Art. 6(1)(f) GDPR) or, where strictly necessary, performance of steps prior to a contract (Art. 6(1)(b)).
Responding to enquiries and pitches
To evaluate opportunities, communicate with you, and manage our relationship. Legal basis: steps prior to a contract (Art. 6(1)(b)) and/or legitimate interests (Art. 6(1)(f)).
Portfolio and ecosystem management
To support companies we back and coordinate with partners in our ecosystem. Legal basis: contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)).
Analytics and website improvement
To understand how our website is used and improve content and UX via Vercel Web Analytics. This tool is cookieless and does not use cross-site tracking. Legal basis: legitimate interests (Art. 6(1)(f) GDPR), in line with audience-measurement exemptions recognised for privacy-oriented analytics where no consent is required under the ePrivacy rules.
Display preferences
To remember your light/dark theme choice in your browser. Legal basis: legitimate interests (Art. 6(1)(f) GDPR) — providing a consistent viewing experience you initiate.
Legal compliance
To meet statutory obligations, respond to authorities, and establish, exercise, or defend legal claims. Legal basis: legal obligation (Art. 6(1)(c)) and legitimate interests (Art. 6(1)(f)).

6. Cookies and similar technologies

Our website does not use marketing or advertising cookies. We do not operate a separate cookie consent banner because we do not set non-essential cookies on your device.

The following technologies are used:

  • Strictly necessary server processing: our hosting provider processes connection data (including IP address) in server logs to deliver the site and protect it against abuse. No cookies are set for this purpose.
  • Local storage (theme preference): when you choose a light or dark theme, the site stores your preference in browser local storage under the key “theme” (provider: iriomote, purpose: display preference, duration: until you clear site data, consent: not required — functional preference you initiate).
  • Vercel Web Analytics: measures page views and basic usage metrics without setting cookies or using fingerprinting (provider: Vercel Inc., purpose: audience measurement and site improvement, duration: session-level hashed identifiers up to 24 hours on Vercel’s side, consent: not required under ePrivacy where no information is stored on your device by the analytics script).

You can clear local storage and other site data in your browser settings at any time. Blocking local storage may reset your theme preference.

7. Recipients and processors

We share personal data only when necessary, under appropriate safeguards, and in line with this policy.

  • Hosting and infrastructure: Vercel Inc., 440 N Barranca Avenue #4133, Covina, CA 91723, United States — https://vercel.com (hosting and content delivery).
  • Analytics: Vercel Web Analytics (Vercel Inc.) — cookieless audience measurement.
  • Email communication: messages you send to contact@iriomote.vc are processed through our email infrastructure.
  • Professional advisers (lawyers, accountants) where needed under confidentiality.
  • Authorities or courts when required by law.

We maintain a record of processors. A current list is available on request at contact@iriomote.vc.

8. International data transfers

Our hosting and analytics provider Vercel Inc. is based in the United States. Where personal data is transferred outside the European Union or European Economic Area, we ensure an appropriate safeguard under GDPR Chapter V — in particular the EU Standard Contractual Clauses (2021/914) under Vercel’s Data Processing Addendum and applicable supplementary measures.

Transfers are limited to what is necessary to operate and improve our website. Vercel Web Analytics is designed to minimise personal data and does not set cookies on your device.

9. Retention periods

We retain personal data only as long as needed for the purposes above, then delete or anonymise it unless longer retention is required by law.

  • Website server logs: up to 90 days, unless needed longer for security incidents or legal claims.
  • Analytics data (Vercel): according to Vercel’s retention settings for Web Analytics, typically aggregated and minimised.
  • Enquiry and pitch records: for the duration of our evaluation and communication, then up to three years to establish, exercise, or defend legal claims unless longer retention is required by commercial or tax law.
  • Contract and portfolio data: for the relationship term plus applicable statutory retention (e.g. commercial and tax law).
  • Theme preference (local storage): until you clear it in your browser or change your preference.

10. Your rights under the GDPR

Depending on your situation, you have the following rights regarding your personal data. We will respond within one month, extendable where permitted.

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR), including to processing based on legitimate interests
  • Right to withdraw consent at any time (Art. 7(3) GDPR), without affecting prior processing — where processing is based on consent
  • Right not to be subject to solely automated decision-making with legal or similarly significant effects (Art. 22 GDPR)

To exercise your rights, contact contact@iriomote.vc. You also have the right to lodge a complaint with a supervisory authority. For us, the competent authority is the Hamburg Commissioner for Data Protection and Freedom of Information (Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit), Ludwig-Erhard-Straße 22, 7th floor, 20459 Hamburg, Germany — https://datenschutz-hamburg.de

11. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects within the meaning of Art. 22 GDPR.

12. Children’s privacy

Our website and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it promptly.

13. Security measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration — including access controls, encryption in transit (TLS), vendor assessment, and staff confidentiality obligations.

No method of transmission over the internet is completely secure; we cannot guarantee absolute security.

14. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business changes. The “Last updated” date at the top indicates the current version. Material changes will be highlighted on this page or communicated where appropriate.