Privacy policy

The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

Stifterverband für die Deutsche Wissenschaft e.V.

Baedekerstrasse 1

45128 Essen

Phone: (+49) 201 84 01-0

E-mail: mail@stifterverband.de

Website: www.stifterverband.de

The data protection officer of the controller is:

Sebastian Kessler

TÜV Informationstechnik GmbH

Unternehmensgruppe TÜV NORD

IT Security, Business Security & Privacy

Langemarckstrasse 20

45141 Essen

Phone (+49) 201 – 8999-461

Fax (+49) 201 – 8999-666

E-mail: privacyguard@tuvit.de

Scope of the processing of personal data

As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website as well as our content and services. The collection and use of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR as the legal basis for the processing.

Data deletion and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

Description and scope of data processing

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

• Information about the browser type and version used
• The operating system of the user
• The Internet service provider of the user
• The IP address of the user
• Date and time of access
• Websites from which the user’s system accesses our website
• Websites that are called up by the user’s system via our website

The log files contain IP addresses or other data that allow an assignment to a user. This could be the case, for example, if the link to the website from which the user arrives at the Internet site or the link to the website to which the user goes contains personal data.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is revisited.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

• Language settings
• Log-in information
• Website functions

We also use cookies on our website that enable an analysis of the user’s surfing behavior. In this way, the following data can be transmitted:

• Entered search terms
• Frequency of page views
• Use of website functions

The user data collected in this way is pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users.

When calling up our website, users are informed by an info banner about the use of cookies for analysis purposes and referred to this data protection declaration. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings.

When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of personal data used in this context is obtained. In this context, a reference to this privacy policy is also made.

Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR

Purpose of data processing

If there is a use of technically necessary cookies:

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

• Adoption of language settings
• Remember search terms

The user data collected through technically necessary cookies are not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

In these purposes also lies our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.

Duration of storage, possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted by the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can also be automated. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

Description and scope of data processing

On our website there is the possibility to leave public comments. Users must enter a name and an e-mail address. The name will be published with the comment, the email address will not. Voluntary in this context is the specification of a website, which is also published.

Pseudonyms can be used for all information, so that no one has to provide correct personal data here. We recommend that when choosing a username and also with regard to the respective email address, you check whether your real name or otherwise a name or email address that allows third parties to infer your identity should be used.

For security reasons, we also store the IP address of people who post comments, in addition to the e-mail address. The IPs are automatically deleted after a maximum of seven days

Legal basis for data processing

The legal basis for the processing of data when submitting comments on hochschulforumdigitalisierung.de is Art. 6 para. 1 lit. a GDPR.

Purpose of data processing

The storage of name and e-mail address is necessary for the functionality of the comment forum.

The specification of a website is done at the user’s own request.

The internal storage of this data together with the IP address for seven days is done for security reasons, among other things to be able to ward off spam and other attacks.

Duration of storage

The publicly visible data remains on the network with the comment until a deletion is requested.

The email address remains stored with the comment. The IP address is deleted after a maximum of seven days.

Possibility of objection and elimination

A deletion of the data can be requested at any time, provided that the identity can still be assigned.

Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. We only collect the e-mail address of the user.

In addition, the following data is collected during registration:

• IP address of the calling computer
• Date and time of registration

For the processing of data, your consent is obtained during the registration process and reference is made to this privacy policy.

No data is passed on to third parties in connection with the processing of data for the dispatch of newsletters. The data will be used exclusively for sending the newsletter.

Legal basis for data processing

The legal basis for the processing of data after registration to the newsletter by the user is, if the user has given his consent, Art. 6 para. 1 lit. a GDPR.

Purpose of data processing

The collection of the user’s e-mail address is used to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user’s e-mail address is stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is usually deleted after a period of seven days.

Possibility of objection and elimination

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.

This also enables the revocation of consent to the storage of personal data collected during the registration process.

Third-party supplier

We send our newsletter “HFDbriefing” with the newsletter service CleverReach (Cleverreach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany). Cleverreach is a member of the Certified Senders Alliance. We transfer your name and email address to CleverReach solely for the purpose of sending you our newsletter. Your data is stored by CleverReach in such a way that other CleverReach customers or third parties do not have access to this data. For more information, please see CleverReach’s privacy policy at https://www.cleverreach.com/de/datenschutz/.

We send the newsletter for our HFD magazine “strategie digital” using the newsletter service GetResponse (GetResponse GmbH, Grunwaldzka 413, 80-309 Gdansk, Poland). GetResponse is GDPR compliant and a member of the Certified Senders Alliance. We transfer your name and email address to GetResponse solely for the purpose of sending you our newsletter. For more information, please see GetResponse’s privacy policy at https://www.getresponse.com/de/legal/datenschutz.

Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data will not be passed on to third parties without the consent of the respective person/institution.

The following data may be collected as part of the registration process:

• Address data
• Employer and function information
• Usernames of social media profiles and internet addresses
• In the case of applications: Data necessary for the selection of applications, such as applications, letters of motivation, resumes and other relevant information.
• In the case of events: Food preferences, main interests and other information relevant for the event organization.

The following data is also stored at the time of registration:

• The IP address of the user
• Date and time of registration

As part of the registration process, the user’s consent to the processing of this data is obtained.

Legal basis for data processing

The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 lit. a GDPR.

Purpose of data processing

User registration is required for the provision of certain content and services on our website. This includes, but is not limited to, organizing an event, expressing interest in participating in the HFD, applying for HFD programs, registering for the HFD newsletter, or participating in the HFD communication platform.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process, if the registration on our website is cancelled or modified.

Possibility of objection and elimination

As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time. Please contact info@hochschulforumdigitalisierung.org with your change or deletion requests.

Description and scope of data processing

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.

These data are:

• Name
• E-mail address
• Subject
• Message content

The following data is also stored at the time the message is sent:

• The IP address of the user
• Date and time of registration

For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

It does not pursue in this context any disclosure of data to third parties. The data will be used exclusively for the processing of the conversation.

Legal basis for data processing

The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 lit. a GDPR.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Purpose of data processing

The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Possibility of objection and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. In this case, please email info@hochschulforum.org.

All personal data stored in the course of contacting us will be deleted in this case.

Description & purpose of data processing

The Hochschulforum Digitalisierung websites use Google Analytics 4, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. IP addresses are automatically anonymized by Google Analytics 4. A collection of your full IP address does not take place. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The use of Google Analytics 4 cannot completely exclude the possibility that your personal data may be transferred to an insecure third country (namely the USA). We would like to point out that the USA does not have a level of data protection equivalent to that of the EU. It is not excluded that US authorities can gain access to your data. At the same time, we would like to point out that you can exercise your data protection rights under these circumstances. the third country will not be able to enforce effectively.

Legal basis of processing

The cookies are stored on your terminal device on the basis of your expressly given declaration of consent. The legal basis for the processing is therefore Art. 6 para. 1 p. 1 lit. a) GDPR.

Gem. Art. 49 par. 1 lit. a) GDPR, your declaration of consent also covers data processing outside the EEA, where the high European level of data protection does not exist. Art. 7 par. 3 p. 1 DSGVO can be revoked at any time without affecting the lawfulness of the processing until the time of revocation.

Anonymization of your IP

Google Analytics 4 anonymizes your IP address. Due to the shortened IP addresses, a personal reference can thus be largely excluded. Insofar as the data collected about you has a personal reference, this is therefore excluded and the personal data is deleted immediately. Nevertheless, it cannot be completely ruled out that Google can draw conclusions about your identity by linking data with other Google services. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Google.

Purpose

We use Google Analytics 4 to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.

Possibility of objection and removal

If you do not wish your data to be processed by Google Analytics 4, you have the right not to give your consent to the processing of your data (opt-in) or to subsequently revoke the consent you have given (opt-out). The subsequent revocation of a previously given consent is only effective for the future. A revoked declaration of consent has no influence on the lawfulness of processing carried out in the past.

Third-party supplier

Third Party Provider Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

User conditions: https://marketingplatform.google.com/about/analytics/terms/de/

Privacy policy and terms of use: https://policies.google.com/privacy?hl=de&gl=de

Cross-device analysis

This website also uses Google Analytics for cross-device analysis of visitor flows, which is performed via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.

Description

This website uses the Matomo component. Matomo is an open source software tool for web analysis. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to websites. Among other things, a web analysis tool collects data about the website from which a data subject has accessed a website (so-called referrer), which subpages of the website have been accessed or how often and for how long a subpage has been viewed. A web analysis is mainly used to optimize a website and to analyze the cost-benefit of internet advertising.

The software is operated on the server of the data controller, and the data protection-sensitive log files are stored exclusively on this server.

Purpose

The purpose of the Matomo component is to analyze the flow of visitors to our website. The controller uses the data and information obtained, among other things, to evaluate the use of this website in order to compile online reports showing the activities on our websites. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. Among other things, this allows us to determine which information is particularly relevant to you as a user.

Storage

Matomo sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, we are enabled to analyze the use of our website. Each time one of the individual pages of this website is called up, the Internet browser on the information technology system of the data subject is automatically caused by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical procedure, we obtain knowledge of personal data, such as the IP address of the data subject, which we use, among other things, to track the origin of visitors and clicks.

By means of the cookie, personal information is stored, for example, the time of access, the place from which access originated and the frequency of visits to our website. Each time you visit our Internet pages, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to our server. This personal data is stored by us. We do not share this personal data with third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Matomo from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Matomo can be deleted at any time via an Internet browser or other software programs.

Anonymization of your IP

This website uses Matomo with anonymized IPs. This means that IP addresses are processed in abbreviated form, which means that it is not possible to identify a specific person. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and the personal data is thus immediately deleted.

Opt-out

Furthermore, the data subject has the possibility to object to the collection of data generated by the Matomo and related to a use of this website and to prevent such a collection. For this purpose, the data subject must set an opt-out cookie. If the data subject’s information technology system is deleted, formatted or reinstalled at a later point in time, the data subject must set an opt-out cookie again.

However, with the setting of the opt-out cookie, there is the possibility that the Internet pages of the controller are no longer fully usable for the data subject.

Opposition:

Further information and the applicable privacy policy of Matomo can be found at https://matomo.org/privacy/.

The controller has integrated the Shariff component on this website. The Shariff component provides social media buttons that are privacy compliant. Shariff was developed for the German computer magazine c’t and is distributed via GitHub, Inc. published.

The developer of the component is GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA.

Usually, the button solutions provided by the social networks already transmit personal data to the respective social network when a user visits a website in which a social media button has been integrated. Through the use of the Shariff component, personal data is only transmitted to social networks when the visitor to a website actively clicks one of the social media buttons. Further information on the Shariff component is provided by the computer magazine c’t at http://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-… is available. The purpose of using the Shariff component is to protect the personal data of visitors to our website and at the same time to enable us to integrate a button solution for social networks on this website.

Further information and the applicable privacy policy of GitHub can be found at https://help.github.com/articles/github-privacy-policy/.

Description

The controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that usually allows users to communicate and interact with each other in virtual space. A social network can serve as a platform for exchanging opinions and experiences or enable the Internet community to provide personal or company-related information. Facebook allows users of the social network to create private profiles, upload photos, and network via friend requests, among other features.

Storage

By each call of one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged into Facebook at the same time, Facebook recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the person concerned. If the data subject activates one of the Facebook buttons integrated on our website, for example the “Like” button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged into Facebook at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, he or she can prevent the transmission by logging out of his or her Facebook account before accessing our website.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. It also explains the settings options Facebook offers to protect the privacy of the data subject. In addition, different applications are available that allow you to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

Third-party supplier

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller of personal data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The controller has integrated the Google+ button as a component on this website. Google+ is a so-called social network. A social network is a social meeting place operated on the Internet, an online community that usually allows users to communicate and interact with each other in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or company-related information. Google+ allows users of the social network to create private profiles, upload photos, and network via friend requests, among other features.

The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

By each call of one of the individual pages of this website, which is operated by the controller and on which a Google+ button has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google+ button to download a representation of the corresponding Google+ button from Google. Within the scope of this technical procedure, Google obtains knowledge of which specific sub-page of our website is visited by the data subject. More detailed information on Google+ is available at https://developers.google.com/+/.

If the data subject is logged into Google+ at the same time, Google recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Google+ button and assigned by Google to the respective Google+ account of the person concerned.

If the data subject activates one of the Google+ buttons integrated on our website and thus submits a Google+1 recommendation, Google assigns this information to the personal Google+ user account of the data subject and stores this personal data. Google stores the Google+1 recommendation of the data subject and makes it publicly available in accordance with the conditions accepted by the data subject in this regard. A Google+1 recommendation made by the data subject on this website will subsequently be stored and processed together with other personal data, such as the name of the Google+1 account used by the data subject and the photo stored in this account, in other Google services, for example the search engine results of the Google search engine, the Google account of the data subject or in other places, for example on websites or in connection with advertisements. Furthermore, Google is able to link the visit to this website with other personal data stored by Google. Google also records this personal information for the purpose of improving or optimizing Google’s various services.

Google always receives information via the Google+ button that the data subject has visited our website if the data subject is simultaneously logged into Google+ at the time of calling up our website; this takes place regardless of whether the data subject clicks the Google+ button or not.

If the data subject does not want personal data to be transmitted to Google, he or she can prevent such transmission by logging out of his or her Google+ account before accessing our website.

Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/. Further guidance from Google on the Google+1 button can be found at https://developers.google.com/+/web/buttons-policy.

The controller has integrated components of Twitter on this website. Twitter is a multilingual publicly accessible microblogging service on which users can publish and distribute so-called tweets, i.e. short messages limited to 140 characters. These short messages can be accessed by anyone, including people who are not logged into Twitter. However, the tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter makes it possible to address a broad audience via hashtags, links or retweets.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

By each call of one of the individual pages of this website, which is operated by the controller and on which a Twitter component (Twitter button) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Twitter component to download a representation of the corresponding Twitter component from Twitter. Further information on the Twitter buttons is available at https://about.twitter.com/de/resources/buttons. As part of this technical process, Twitter receives information about which specific subpage of our website is visited by the data subject. The purpose of integrating the Twitter component is to enable our users to further distribute the content of this website, to make this website known in the digital world and to increase our visitor numbers.

If the data subject is logged in to Twitter at the same time, Twitter recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Twitter component and assigned by Twitter to the respective Twitter account of the person concerned. If the data subject activates one of the Twitter buttons integrated on our website, the data and information thus transmitted will be assigned to the personal Twitter user account of the data subject and stored and processed by Twitter.

Twitter always receives information via the Twitter component that the data subject has visited our website if the data subject is logged into Twitter at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Twitter component or not. If the data subject does not want this information to be transmitted to Twitter, he or she can prevent the transmission by logging out of his or her Twitter account before accessing our website.

Twitter’s applicable privacy policy is available at https://twitter.com/privacy?lang=de.

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and make new business contacts. Over 400 million registered people use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For privacy matters outside the U.S., LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

With each individual call-up of our website that is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn. Further information on the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the person concerned. If the data subject activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged into LinkedIn at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.

LinkedIn offers the ability to unsubscribe from email messages, SMS messages, and targeted ads, as well as manage ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. The applicable privacy policy of LinkedIn is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

The controller has integrated components of Xing on this website. Xing is an Internet-based social network that allows users to connect with existing business contacts and make new business contacts. Individual users can create a personal profile of themselves on Xing. Companies can, for example, create company profiles or publish job offers on Xing.

The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

By each call of one of the individual pages of this website, which is operated by the controller and on which a Xing component (Xing plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins. As part of this technical process, Xing receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Xing at the same time, Xing recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the person concerned. If the data subject activates one of the Xing buttons integrated on our website, for example the “Share” button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.

Xing always receives information via the Xing component that the data subject has visited our website if the data subject is logged into Xing at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing, he or she can prevent the transmission by logging out of his or her Xing account before accessing our website.

The data protection provisions published by Xing, which can be accessed at https://www.xing.com/privacy, provide information on the collection, processing and use of personal data by Xing. Furthermore, Xing has published privacy notices for the XING Share button at https://www.xing.com/app/share?op=data_protection.

The controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all kinds of videos, which is why complete film and TV shows, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

By each call of one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the data subject is automatically caused by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google receive information about which specific subpage of our website is visited by the data subject.

If the data subject is logged into YouTube at the same time, YouTube recognizes which specific sub-page of our website the data subject is visiting when a sub-page containing a YouTube video is called up. This information is collected by YouTube and Google and assigned to the respective YouTube account of the person concerned.

YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged into YouTube at the same time as calling up our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, he or she can prevent the transmission by logging out of his or her YouTube account before accessing our website.

The privacy policy published by YouTube, which is available at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.

Plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated on this website. Each time you visit a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. Information about your visit and your IP address will be stored there. Through interactions with the Vimeo plugins (e.g. clicking the start button), this information is also transmitted to Vimeo and stored there.

If you have a Vimeo user account and do not want Vimeo to collect data about you through this website and link it to your membership data stored with Vimeo, you must log out of Vimeo before visiting this website.

The privacy policy for Vimeo with more detailed information on the collection and use of your data by Vimeo can be found at http://vimeo.com/privacy.

On this website, map sections from OpenStreetMap(https://www.openstreetmap.de/) are used to display the route to our organization for you and to make it easier for you to plan your journey.

OpenStreetMap is an open source mapping tool. In order for the map to be displayed to you, your IP address is forwarded to OpenStreetMap. You can see how OpenStreetMap stores your data on OpenStreetMap’s privacy page here https://wiki.openstreetmap.org/wiki/DE:Datenschutz and here https://wiki.openstreetmap.org/wiki/DE:Legal_FAQ.

We base the use of the aforementioned tools on Art. 6 para. 1 letter f) DSGVO: the data processing is carried out to improve the user experience on our website and is therefore in our legitimate interest.

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right to information

You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If there is such processing, you can request information from the controller about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage duration;

(5) the existence of a right to rectify or erase the personal data concerning you, a right to have the controller restrict the processing, or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information on the origin of the data, if the personal data are not collected from the data subject;

(8) the existence of automated decision making including profiling pursuant to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to. Article 46 of the GDPR in connection with the transfer.

This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes.

Right to rectification

You have a right to rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are inaccurate or incomplete. The responsible party shall make the correction without undue delay.

Your right to rectification may be limited to the extent that it is likely to make impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfillment of the research or statistical purposes.

Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims; or

(4) if you object to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Your right to restrict processing may be limited to the extent that it is likely to render impossible or seriously impede the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes.

Right to deletion

Obligation to delete

You may request the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete such data without undue delay, if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing according to. Art. 6 par. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.

(3) They shall lay down in accordance with Art. 21 par. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. Art. 21 par. 2 GDPR to object to the processing.

(4) The personal data concerning you have been processed unlawfully.

(5) The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6) The personal data concerning you have been processed in relation to information society services offered pursuant to Art. 8 para. 1 GDPR collected.

Information to third parties

If the controller has made the personal data concerning you public and is responsible pursuant to. Art. 17 par. 1 GDPR to erase them, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers processing the personal data that you, as data subject, have requested erasure of all links to or copies or replications of such personal data.

Exceptions

The right to erasure does not exist insofar as the processing is necessary to

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the field of public health pursuant to Art. 9 par. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with. Art. 89 par. 1 GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

(5) to assert, exercise or defend legal claims.

Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the data controller.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

(1) the processing is based on consent pursuant to. Art. 6 par. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to. Art. 6 par. 1 lit. b GDPR is based and

(2) the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes, or for statistical purposes pursuant to Art. Art. 89 par. 1 GDPR, to object to this.

Your right to object may be limited to the extent that it is likely to render impossible or seriously impair the realization of the research or statistical purposes and the limitation is necessary for the fulfillment of the research or statistical purposes.

Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or

(3) is done with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms of, and the legitimate interests of, the data subject, which shall include, at least, the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.