Privacy Policy

Privacy Policy

We take data privacy seriously. Our efforts are primarily aimed at protecting your privacy, with a particular emphasis on meeting the requirements of the European General Data Protection Regulation (GDPR) and the new German Data Protection Act (BDSG-neu).

Nowadays, electronic data processing systems (EDPS) are an inevitable part of modern business. We naturally make every effort to comply with legal requirements in this regard.

In principle, our website can be used without providing any personal data. However, we may have to process personal data if a data subject wishes to use particular services provided by our company via our website. If it is necessary to process personal data and there is no legal basis for such processing, we generally obtain the data subject’s consent.

We will never sell or rent your personal information to third parties for their marketing or other purposes. If you do not agree to the terms of our Privacy Policy, please do not disclose any personal data to us.

1. General/definitions

This Privacy Policy is based on the terminology used in the GDPR and is intended to be easily read and understood by all. With this in mind, we would like to start by explaining a number of terms:

a) personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject” below). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the controller.

c) processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) controller

Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) processor

Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) recipient

Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) third party

Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) consent

Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Information on the collection of personal data

(1) We have compiled information below on the personal data we collect when our website is used. Personal data are all data that can be related to you personally, e.g. name, address, email addresses, user behavior, etc.

(2) The controller pursuant to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is

Hermann von Helmholtz-Gemeinschaft Deutscher Forschungszentren e.V.

Anna-Louisa-Karsch-Straße 2, 10178 Berlin

datenschutz@helmholtz.de

(3) Our Data Protection Officer is: Björn Petersen, LL.M.

(4) If you contact us via email or a contact form, we automatically store the data you provide (your email address and perhaps your name and telephone number) so that we can respond to your questions. Such personal data provided voluntarily by a data subject to the controller are stored exclusively for the purposes of processing or for contacting the data subject. We erase the data thus obtained once their storage is no longer necessary or restrict their processing if there is a legal requirement to retain the data.

(5) If we commission service providers for certain functions on our website or wish to use your data for advertising purposes, we shall inform you below in detail of the respective processes. We shall also state the criteria defined for the duration of storage.

(6) As the controller, we have implemented numerous technical and organizational measures to ensure end-to-end protection of the personal data processed via this website wherever possible. Nevertheless, security vulnerabilities may arise when transmitting data via the Internet and, therefore, complete protection cannot be guaranteed. For this reason, all data subjects are welcome to use alternative means, such as the phone, to provide us with personal data.

(7) As a responsible company, we do not engage in automated decision-making or profiling.

3. Your rights

(1) You have the following rights vis-à-vis us with regard to your personal data:

– Right of access:

Every data subject has the right granted by the GDPR to obtain from the controller, at any time and free of charge, information about the personal data concerning him or her that is stored and a copy of this information. Furthermore, the European legislator has granted data subjects access to the following information:

a) the purposes of the processing

b) the categories of personal data concerned

c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations

d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

e) the existence of the right to obtain from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing

f) the right to lodge a complaint with a supervisory authority

g) where the personal data are not collected from the data subject: any available information as to their source

h) the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right to be informed as to whether personal data were transferred to a third country or to an international organization. Where that is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.

Any data subject wishing to exercise this right of access may contact an employee of the controller regarding this at any time.

– Right to withdraw data protection consent:

Every data subject has the right to withdraw their consent to the processing of personal data at any time.

Any data subject wishing to exercise this right to withdraw consent may contact an employee of the controller regarding this at any time and by any means of communication.

– Right to rectification:

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Any data subject wishing to exercise this right to rectification may contact an employee of the controller regarding this at any time.

– Right to erasure/right to be forgotten:

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

b) the data subject withdraws consent on which the processing is based according to Art. 6(1)(a), or Art. 9(2)(a), and where there is no other legal ground for the processing.

c) the data subject objects to the processing pursuant to Art. 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2).

d) the personal data have been unlawfully processed.

e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

f) the personal data have been collected in relation to the offer of information society services referred to in Art. 8(1).

Any data subject wishing to exercise this right to erasure/right to be forgotten may contact an employee of the controller regarding this at any time.

Where we have made the personal data public and are obliged pursuant to Art. 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. Our employees will take the necessary measures.

– Right to restriction of processing:

The data subject has the right to obtain from the controller restriction of processing where one of the following applies:

a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,

b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,

c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims, or

d) the data subject has objected to processing pursuant to Art. 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Any data subject wishing to exercise this right to restriction of processing may contact an employee of the controller regarding this at any time.

– Right to object to processing:

Every data subject has the right granted by the GDPR to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.

We shall then no longer process the personal data in the case of objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

Where we process personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data for such marketing. This includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to us to processing for direct marketing purposes, we shall no longer process the personal data for such purposes.

Where we process personal data for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, the data subject, on grounds relating to his or her particular situation, also has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

The data subject may contact any employee directly to exercise the right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may also exercise his or her right to object by automated means using technical specifications.

– Right to data portability:

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

a) the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) or on a contract pursuant to Art. 6(1)(b) and

b) the processing is carried out by automated means.

In exercising his or her right to data portability pursuant to Art. 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where this is technically feasible and does not adversely affect the rights and freedoms of others.

Any data subject wishing to exercise this right to data portability may contact an employee of the controller regarding this at any time.

– Automated individual decision-making, including profiling

Any data subject whose personal data are processed has the right granted by the GDPR not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This shall not apply if the decision

(1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or

(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or

(3) is based on the data subject’s explicit consent.

If the decision is necessary for entering into, or performance of, a contract between the data subject and the controller or is based on the data subject’s explicit consent, we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view, and to contest the decision.

Any data subject wishing to exercise rights with regard to automated decision-making may contact an employee of the controller regarding this at any time.

(2) In addition, you have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us.

4. Collection of personal data when you visit our website/cookies

(1) If you use our website for purely informational purposes – in other words, if you do not register or otherwise provide information to us – we only collect the personal data sent by your browser to our server. When you visit our website, we collect the following data which we require for technical reasons in order to display our website to you and to ensure its stability and security (legal basis is Art. 6(1)(1)(f) GDPR):

– IP address

– Date and time of the request

– Time zone difference from Greenwich Mean Time (GMT)

– Internet service provider of the accessing system

– Content of the request (specific page)

– Access status/HTTP status code

– Data volume transferred in each case

– Website from which the request has come (referrer)

– Browser

– Operating system and its interface

– Browser software language and version

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, associated with the browser you have used, and send certain information to the entity that sets the cookie (us, in this instance). Cookies cannot run programs or deliver viruses to your computer. They help to make our online offering more user-friendly and effective overall.

(3) Use of cookies

1. We essentially differentiate between the following cookie types/functions:

A) Transient cookies are automatically deleted when you close your browser. These include session cookies in particular. These store what is known as a session ID, which is used to assign various requests from your browser to the one session. This allows your computer to be remembered when you return to our website. Session cookies are deleted when you log out or close the browser.

B) Persistent cookies are automatically deleted after a predetermined duration, which may differ from cookie to cookie. You can delete the cookies in your browser security settings at any time.

C) Necessary cookies are those that are essential to operating a website.

D) Statistical, marketing, and personalization cookies are used, among other things, in the context of reach measurement and also, for example, to save a user’s interests or behavior to a user profile. This is also referred to as “tracking.” To the extent that we use cookies or tracking services, we shall inform you of this separately in our Privacy Policy or when obtaining your consent.

E) You may configure your browser as you wish and e.g. opt out of third-party cookies or all cookies. Please be aware that in that case you may not be able to use all features of this website.

f) We use cookies so that we can identify you when you visit us again if you have an account with us. Otherwise, you have to log in again each time you visit.

g) The Flash cookies used are not registered by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are stored on your device. These objects store the required data regardless of your browser and do not have an automatic expiration date. If you do not want Flash cookies to be processed, you will need to install a corresponding add-on, such as “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you manually delete your cookies and browser history on a regular basis.

2. In principle, the data processed with the aid of cookies are processed on the basis of our legitimate interests (Art. 6(1)(f)) or if the use of cookies is necessary in order to meet our contractual obligations (Art. 6(1)(b)). If we request your consent, the legal basis for processing the data is your declared consent (Art. 6(1)(a)).

3. Of course, you may at any time withdraw consent given or object to the processing of your data by cookie technologies (“opt-out”). You can initially indicate your objection using your browser settings. You can also opt-out from the use of cookies for the purposes of online marketing by means of a multitude of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/, the EU site http://www.youronlinechoices.com/, or generally on http://optout.aboutads.info.

5. Other functions and offerings of our website

(1) In addition to using our website solely for informational purposes, you may also be interested in various services that we offer. Normally, you will then need to disclose additional personal data that we will use to provide the respective service and to which the aforementioned principles of data processing apply.

(2) In some cases, we use external service providers to process your data. These are carefully selected and commissioned by us, are bound by our instructions, and are regularly checked.

(3) The hosting services used by us serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purposes of operating this online offering.

To this end, we and/or our hosting provider process inventory data, contact data, content data, contractual data, usage data, metadata, and communication data of customers, interested parties, and visitors to this online offering on the basis of our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR.

(4) Furthermore, we may pass your personal data to third parties if participation in promotions, competitions, contract conclusions, or similar services are offered by us together with partners. You will receive further information on this when you provide your personal data or underneath in the description of the offering.

(5) If our service providers or partners are based in a country outside of the European Economic Area (EEA), we shall inform you of the consequences of this in the description of the offering.

6. Privacy in the application process

The controller collects and processes applicants’ personal data for the purposes of administering the application process. The processing may also be carried out electronically. In particular, this is the case if an applicant uses electronic means, such as email or a contact form on our website, to submit the relevant application documents to the controller. If the controller concludes an employment contract with an applicant, the data transmitted are stored for the purposes of administering the employment contract in accordance with legal requirements. If the controller does not conclude an employment contract with the applicant, the application documents are automatically erased, provided the controller does not have other legitimate interests which would prevent erasure. Other legitimate interests in this sense might be, for example, satisfying a burden of proof in a proceeding under the German General Equal Treatment Act (AGG).

Applicant data are processed to fulfill our (pre-)contractual obligations within the context of the application process within the meaning of Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR, provided the data processing is necessary for us, e.g. within the context of a legal process (Section 26 BDSG also applies in Germany).

7. Objection to or withdrawal of consent for the processing of your data

(1) If you have given your consent to the processing of your data, you may withdraw this at any time and by any means of communication. Such a withdrawal affects the legitimacy of the processing of your personal data once you have notified us of the withdrawal.

(2) If we process your personal data on the basis of a consideration of interests, you have the right to object to the processing. In particular, this is the case if the processing is not necessary for the performance of a contract with you; more details on this are provided in the description of functions below. When you exercise such a right to object, we ask that you specify the reasons why we should not process your personal data in this way. If your objection is justified, we will examine the situation and either cease or adjust the data processing or explain to you the compelling legitimate grounds on which we will continue to process the data.

(3) Of course, you have the right to object to the processing of your personal data for purposes of advertising and data analysis at any time. You can contact us via the address given in Point 2. (2) to inform us of your objection to advertising.

8. Statutory or contractual requirements regarding the provision of personal data/necessity for contract conclusion/consequences of failure to provide data/erasure

(1) We wish to inform you that personal data may have to be provided by law in some cases. However, a data subject may also have to provide us with personal data in order for a contract to be performed, as otherwise that contract could not be concluded. Please do not hesitate to contact our employees if you have questions regarding a specific situation.

(2) The data that we process are erased or their processing is restricted in accordance with Art. 17 and 18 GDPR. If not expressly specified in this Privacy Policy, the data stored by us are erased as soon as they are no longer necessary for the intended use and there are no legal retention obligations that prevent their erasure. If data are not erased because they are needed for other legally permissible purposes, their processing is restricted. In other words, the data are blocked and are not processed for other purposes. This applies to, for example, data that must be retained under commercial or tax law.

In accordance with legal requirements, the retention period is, in particular, ten years as per Section 147 Para. 1 of the German Fiscal Code (AO), Section 257 Para. 1(1) and (4), and Para. 4 of the German Commercial Code (HGB) (accounts, records, management reports, posting documents, trading books, documents relevant to taxation, etc.) and six years as per Section 257 Para. 1(2) and (3) and Para. (4) HGB (commercial letters).

9. Registering on the website

(1) If you wish to use the registration feature on our website, you will have to enter your email address and a password and user name of your choice. There is no requirement to use your real name, pseudonyms are permitted. We use what is known as a double opt-in process for registration. This means that your registration is only complete once you confirm your registration by clicking on a link contained in a confirmation email sent to you for this purpose. The aforementioned data must be provided, but all other information can be provided voluntarily by using our portal.

(2) If you use the registration feature on our website, we save your data necessary for contract fulfillment, including payment method information, until you delete your profile. We also save the data that you provide voluntarily while using the portal, unless you erase this first. You can manage and amend all of the information in the protected customer area. The legal basis is Art. 6(1)(1)(f) GDPR.

(3) By registering on the controller’s website, the IP address assigned to the data subject by his or her Internet service provider (ISP) and the date and time of registration are also saved. These data are stored as this is the only way to prevent abuse of our services and, where necessary, enable investigation into possible criminal offences committed. In this respect, these data must be stored to protect the controller. These data are never passed on to third parties provided there is no legal obligation to do so or unless this is for law enforcement reasons.

4) The connection is encrypted using SSL/TLS technology in order to prevent unauthorized third-party access to your personal data, especially financial data.

10. Integration of Google Maps

(1) We use the Google Maps service on this website. This allows us to display interactive maps directly on the website and gives you the convenient option of using the map function.

(2) When you visit the website, Google is informed that you have accessed the corresponding page on our website. The data specified under Point 4 of this Policy are also transferred. This takes place regardless of whether or not Google provides a user account via which you are logged in or there is no user account. If you are logged into Google, your data are directly assigned to your account. If you do not wish to have these data assigned to your Google profile, you will need to log out before activating the button. Google stores your data as usage profiles and uses these for the purposes of advertising, market research, and/or demand-oriented design of its website. In particular, such analysis is conducted (even for users that are not logged in) in order to provide appropriate advertising and inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles; please contact Google if you wish to exercise this.

(3) For more information on the purpose and scope of the data collection and processing conducted by the plugin provider, please refer to its Privacy Policy. Further information on your rights in this respect and the configuration options that you can use to protect your privacy is also available there: https://www.google.de/intl/de/policies/privacy. Google processes your personal data in the US as well and complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(4) There is an opt-out option at: https://adssettings.google.com/authenticated.

11. Plugins and tools

1. Google web fonts

(1) This site uses web fonts provided by Google to display fonts uniformly. When you access a website, your browser loads the required web fonts to your browser cache in order to display text and fonts correctly. Your browser has to connect to Google’s servers for this purpose. Through this, Google is informed that our website has been accessed via your IP address. Google web fonts are used in the interest of making our online offerings uniform and appealing. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR.

(2) If your browser does not support web fonts, your computer’s standard font is used.

(3) Further information on Google web fonts is available at https://developers.google.com/fonts/faq and in the Google Privacy Policy: https://www.google.com/policies/privacy/.

2. Use of ajax.googleapis.com and jQuery

(1) We use Ajax and jQuery technologies on this site to optimize loading speeds. Program libraries are called from Google servers for this purpose. The Google Content Delivery Network (CDN) is used. If you have previously used jQuery on another Google CDN site, your browser will use the cached copy. If this is not the case, this will require downloading, whereby data will be sent from your browser to Google Inc. (“Google”). Your data are transferred to the US. You can find out more on the providers’ sites.

(2) The legal basis for the processing of your data is Art. 6(1)(1)(f) GDPR.

12. Consent

Within the context of the event, we intend to transmit the first name, surname and e-mail address of the visitor of a virtual stand to the company of the stand. This is intended to provide the possibility of establishing contact after the end of the event.

I agree that my first and last name as well as my e-mail address may be transmitted to all organizers at the virtual fair whose stand I visited and that I may be contacted by them.

This consent is voluntary. I can refuse it without giving reasons and without having to fear any disadvantages. I can also revoke this consent at any time in text form (e.g. letter, e-mail). The data would then be deleted immediately.


Imprint | Privacy Policy