I. Responsibility for data processing
Responsible for data processing is:
CISPA - Helmholtz-Zentrum für Informationssicherheit gGmbH
Phone: +49 681 87083 1521
Fax: +49 681 87083 8801
CISPA is represented by the managing directors Prof. Dr. Dr. h. c. Michael Backes and Chief Operating Officer and Member of the Executive Board Dr. Kevin Streit.
II. Data Protection Officer
You can reach our data protection officer at:
Phone: +49 681 87083 1521
If you have general questions about data privacy, you can also contact our staff unit
data protection department: email@example.com
III. General information on data processing on this website
1. Data processing
On our website, the following data are subject to processing: inventory data (e.g. names) and meta and communication data (e.g. device information, browser information, IP addresses of website users).
Persons affected by the processing of the data are all visitors and users of our website as well as project staff and communication partners. The data processing depends on this and on the user behaviour. For example, by visiting this website alone, only meta and communication data of the website users are processed. In the case of contact via e-mail, the user's personal data transmitted with the e-mail is processed.
2. Purpose of the data processing
We collect and use data of our users only to the extent necessary to provide our content and a functional and user-friendly website. In the case of contact via e-mail, the purpose of processing is to handle the communication.
3. Legal basis for data processing
Data processing is only carried out on a strictly legal basis. This is the case if the data subject has given his or her consent (Art. 6 para. 1 letter a, Art. 7 DSGVO), if we are obliged to fulfil contractual or pre-contractual obligations (Art. 6 para. 1 letter b DSGVO), if we have to fulfil legal obligations (Art. 6 para. 1 letter c DSGVO) or if we protect our legitimate interests (Art. 6 para. 1 letter f DSGVO). Special regulations such as those of the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG) may also apply.
4. Recipients of data
Your data will not be transferred to processors or other third parties for purposes other than those listed below.
We only pass on your data to third parties if:
- you have given your explicit consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO
- the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f DSGVO is necessary to protect our legitimate interests or those of a third party and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- in the event that there is a legal obligation for disclosure under Art. 6 para. 1 sentence 1 letter c DSGVO, and
- this is legally permissible and required under Art. 6 para. 1 sentence 1 lit. b DSGVO for the processing of contractual relationships with you.
We conclude contracts for commissioned data processing with contract processors in accordance with Art. 28 DSGVO, according to which these also undertake to comply with data protection.
5. Data security
In accordance with Art. 32 DSGVO and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
In addition, we take the protection of personal data into account as early as the development and selection of hardware, software and processes, in accordance with the principle of data protection by design and through data protection-friendly default settings (Art. 25 DSGVO).
6. Storage of data
The data processed by us is stored as long as it is necessary for the purpose of processing. It will be deleted as soon as the purpose for processing this data ceases to apply or consent is revoked.
Data may also be stored if this is necessary for other legally permissible purposes. Processing is then limited to these purposes. This applies, for example, to data that must be stored for reasons of commercial or tax law, or that must be stored to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. Here too, the data will be deleted as soon as the purpose no longer applies.
IV. Access data/Server log files
1. Data processing
When you access our website and the associated sub-pages, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a log file. The following information is recorded without your involvement and stored until it is automatically deleted: IP-Adresse, Timestamp, accessed URL, HTTP-Status, Webbrowser+Version.
The above-mentioned data is processed by us for the following purposes: Making our online offer available, ensuring a problem-free connection to the website, system security and stability.
3. Legal basis
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest results from the above listed purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your identity.
For security reasons (e.g. for the clarification of cases of abuse), the data is stored for a period of 7 days. If longer storage is necessary for evidence purposes, the data will be deleted after the final clarification of the matter.
V. Application process
VI. Rights of data subjects
You have the following rights in relation to the processing of your data by CISPA:
- You have the right to obtain confirmation as to whether data that concerns you is being processed and the right to obtain information on such data and to receive further information and a copy of the data in accordance with Art. 15 of the DPA.
- In accordance with Art. 16 DSGVO, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
- In accordance with Art. 17 DSGVO, you have the right to demand that data relating to you be deleted immediately, or alternatively, in accordance with Art. 18 DSGVO, to demand that the processing of the data be restricted.
- You have the right to demand that you receive the data concerning you which you have provided us with in accordance with Art. 20 DSGVO and to demand that it be passed on to other responsible parties.
- You have the right to revoke consents granted in accordance with Art. 7 Para. 3 DSGVO with effect for the future.
- Right of objection: You may object to the future processing of data concerning you in accordance with Art. 21 DSGVO at any time (see below).
- In accordance with Art. 77 DSGVO, you may lodge a complaint with the supervisory authority
responsible for data protection. As a rule, you can contact the supervisory authority of your place
of residence or the Independent Data Protection Centre Saarland for this purpose:
Unabhängiges Datenschutzzentrum Saarland
Die Landesbeauftragte für Datenschutz und Informationsfreiheit
Telefon: (0681) 94781-0
Telefax: (0681) 94781-29
Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO if there are reasons for doing so arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without indicating any special situation.
If you wish to revoke your consent or exercise your right of objection, simply send an e-mail to firstname.lastname@example.org.
It may become necessary to amend this data protection declaration as a result of the further development of our website and further offers or due to changes in legal or official requirements. You can access and print out the current data protection declaration at any time.