Privacy Policy

Name and address of the person responsible

The responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

TransMIT Gesellschaft für Technologietransfer mbH
Kerkrader Strasse 3
35394 Giessen
Deutschland
Phone: +49 641 94 36 40
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
www.transmit.de

Contact information for general inquiries regarding data protection and exercising your rights as a data subject

We are happy to answer any general questions you may have about data protection or regarding the exercise of your rights. Please use the contact information below:

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +49 641 94 36 40

When contacting us for the first time, please do not send any confidential information. We will receive your message and forward it immediately to the appropriate department.

Contact Details of the data protection officer

The data protection officer of the controller can be reached at the following contact details:

TransMIT Gesellschaft für Technologietransfer mbH

z.Hd. der Datenschutzbeauftragten
Kerkrader Strasse 3
35394 Giessen
Deutschland
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

General information on data processing

Introduction

With the following data protection information, we would like to inform you about which personal data (hereinafter "data") we process, for what purposes and to what extent.

The listed data protection information informs about all data processing carried out by us, both within the framework of our websites, external online presences (e.g. social media services) and other services provided by us, insofar as no deviating data protection information is executed within the framework of individual offers.

description and scope of our data processing

We collect and use personal data of our users only to the extent necessary for the provision of our content and services.

legal basis for our data processing

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Ordinance (GDPR) serves as the legal basis.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

data erasure and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Provision of the website and creation of log files

description and scope of data processing

For the deployment of the website, we make use of the infrastructure and platform services of one or more hosting providers. The data processed in the context of the provision and use of the website may include any information relating to the user.

The following data, among others, can be processed in the process:

Content data (e.g. text/form input, photos, videos)

Usage data (e.g., previously visited web pages, current content visited, access times)

Meta/communication data (e.g. browser type, device information, IP addresses)

Inventory data (e.g. names, addresses)

Contact data (e.g. e-mail, telephone numbers)

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems.

Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes.

Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

possibility of opposition and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

You can object to the processing of data for consent-based purposes, e.g., for the optimized provision of the website via a CDN, by deleting the relevant cookies for the future.

Service provider

We use services of the following providers to provide our website and related offers (such as forms).

CompuTech IT GmbH, Mundenheimer Weg 6, 67117 Limburgerhof, Deutschland; Website: https://www.computech-it.de/

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Deutschland; Website: https://www.hetzner.com/legal/privacy-policy

Use of cookies

description and scope of data processing

Our website uses cookies and similar technologies. Cookies are text files that are stored in or by the web browser on the user’s device. When a user visits a website, a cookie may be stored on the user’s device. This cookie contains a unique string of characters that allows the browser to be uniquely identified when the website is visited again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

Language settings

Items in a shopping cart

Log-in information

Remembering search terms

Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The purpose of using technically necessary cookies is to make it easier for users to navigate websites. Some features of our website cannot be provided without the use of cookies. For these features, it is necessary, for example, for the browser to be recognized even after the user navigates to another page.

The user data collected by technically necessary cookies are not used to create user profiles.

For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

Duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

Use of the Whistleblower System

description and scope of data processing

On our website, we offer users the opportunity to report suspected violations of laws or serious internal regulations of our organization through a confidential channel by providing personal data.

The personal information of the person making the report and the person who is the subject of the report, as well as any relevant details, may be shared with us. Reports submitted through the whistleblower system may be made anonymously.

The data provided to us is stored in a data processing system. Access to the data is restricted to a very limited group of expressly authorized individuals. If required by law or necessary under data protection regulations for the purpose of providing information, the data may be disclosed to other recipients, such as law enforcement agencies, antitrust authorities, other administrative authorities, courts, and law firms.

In certain cases, data protection laws require that the accused person be informed of the allegations made against them. In such cases, the identity of the whistleblower will not be disclosed, to the extent permitted by law. If false reports are knowingly submitted with the intent to discredit a person (denunciation), confidentiality cannot be guaranteed.

legal basis for data processing

The legal basis for the processing of this personal data is Article 6 para 1 lit. c of the GDPR in conjunction with Sections 10 and 12 of the HinSchG.

Purpose of data processing

The whistleblower system is designed to receive and process reports of (alleged) violations of the law or serious breaches of our organization’s internal policies in a confidential manner.

Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

If data is collected for the general processing of a transaction, this period is 3 years after the transaction is completed.

Distribution List: Cooperation Network

description and scope of data processing

In order to be able to inform and invite you as a member of a cooperation network on topics concerning the network, e.g. upcoming events of the cooperation network, we maintain a distribution list with your contact data (e-mail address, name).

No data will be disclosed to third parties in connection with the processing of data for the purpose of sending information on the cooperation network.

legal basis for data processing

The legal basis for the processing of data is Art. 6 (1) lit. f GDPR

Purpose of data processing

Task of the cooperation network is to inform about innovative new developments and research results. The processing of e-mail address and name of the member serves to deliver the information.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the e-mail address and name of the user will be stored as long as the membership in a cooperation network is active.

possibility of opposition and elimination

The user concerned can unsubscribe from the distribution list at any time by sending an informal e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.

Newsletter

description and scope of data processing

You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us.

In addition, the following data is collected upon registration:

Date and time of registration

The processing of your data as part of the registration process is based on your consent.

In connection with data processing for the dispatch of newsletters, no data is passed on to third parties. The data will be used exclusively for sending the newsletter.

legal basis for data processing

The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR.

Purpose of data processing

The collection of the user's e-mail address serves to send the newsletter.

Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

possibility of opposition and elimination

The subscription to the newsletter can be cancelled by the user concerned at any time.

For this purpose, you will find a corresponding link or e-mail address in each newsletter.

advertising campaign via e-mail

description and scope of data processing

As long as you have not objected to the use, we will use the e-mail address provided by you as part of the contract initiation or execution process to send you information via e-mail on similar products or services and related events.

Legal basis for data processing

The use of the e-mail address provided by you is subject to a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR

Purpose of data processing

The data is processed for the purpose of direct marketing.

Duration of storage

After you have unsubscribed, we will delete your e-mail address unless you have expressly consented to the further use of your data or unless we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

possibility of opposition and elimination

Unsubscribing from the mailing list is possible at any time and can be done either by sending a message to the reply address of the e-mail or via a (Opt-Out) link provided for this purpose in the e-mail.

On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and saved.

The data will not be passed on to third parties.

The following data is collected during the registration process:

Contact details (name, e-mail address, telephone number)

Address data (street, house number, postcode, city)

At the time of registration, the following data is also stored:

Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his or her consent.

If registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

Purpose of data processing

A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.

Registration is necessary to set up your user account, which allows you to purchase goods and/or services.

Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

This is the case for those during the registration process to fulfill a contract or to carry out pre-contractual measures when the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

possibility of opposition and elimination

As a user you have the possibility to cancel the registration at any time. You can change the data stored about you at any time.

If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

Contact

description and scope of data processing

Our website features a contact form that can be used to contact us electronically. If a user chooses to use this option, the data entered in the form will be transmitted to us and stored.

The following data is also stored at the time the message is sent:

The IP address of the user

The date and time of contact

It is also possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

In this context, depending on the subject area selected by you, the data will be passed on to project partners involved, such as partners in the cooperation network, universities or other experts.

Legal basis for data processing

The processing of the provided data is based on a legitimate interest (Art. 6 para. 1 lit f GDPR).

If you contact us to request a quote or in connection with an existing contractual relationship, the data you provide will be processed for the purpose of taking pre-contractual or contractual measures (Art. 6 para 1 lit b GDPR).

Purpose of data processing

The data you enter will be stored for the purpose of processing the request and for possible follow-up questions.

The other personal data processed during the submission process are used to prevent misuse of the functionality and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question or follow-up questions have been conclusively clarified.

possibility of opposition and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

The user has the option to send the revocation of consent and the objection to the storage of his data to us by e-mail.

All personal data stored in the course of contacting us will be deleted in this case.

Business Partners and Contact Persons in Business Relationships

description and scope of data processing

We process personal data of our contact persons (hereinafter "contact persons") at customers, sales partners, suppliers and partners (hereinafter "business partners").

The processing of this data is necessary for the performance of the (contractual) business relationship with the business partner. If the personal data mentioned are not made available or if we cannot collect them, it may not be possible to achieve the individual purposes described.

We may process the following categories of personal data:

Contact information, such as first and last names, business address, business telephone number, business mobile phone number, business fax number and business e-mail address;

Payment information, such as information necessary to process payment transactions or prevent fraud, including credit card information and card verification numbers;

Additional information whose processing is required in the context of a project or the execution of a contractual relationship with us or which is voluntarily provided by a contact person, such as orders placed, inquiries made or project details;

Information collected from publicly available sources, information databases or credit agencies;

Information on relevant legal proceedings and other legal disputes involving business partners is required as part of compliance screenings;

We transmit personal data

to other business partners, in particular traders, where appropriate, but only if this is necessary to fulfil the above purposes.

if applicable, to courts, supervisory authorities or law firms to the extent legally permissible and necessary in order to comply with applicable law or to assert, exercise or defend legal claims.

We also work with service providers (known as “data processors”), such as providers of IT maintenance services. These service providers act solely on our instructions and are contractually obligated to comply with applicable data protection requirements.

The recipients described in this section may be located in countries outside the EU/European Economic Area (“third countries”), where the applicable law does not guarantee the same level of data protection as in the EU/EEA.

In this case, we transfer the data within the framework of the GDPR Article 49 para. 1 lit. b) (exceptions for certain cases) under the following conditions:

Only the minimal personal data necessary for the current business purpose will be transmitted to the recipient.

the recipient is contractually informed of the purpose for which he may use the data

Legal basis for data processing

Unless expressly stated otherwise, the Legal basis for data processing is Art. 6 para. 1 lit. b and f of the GDPR or the express consent of our contact person pursuant to Art. 6 para. 1 lit. a GDPR.

Purpose of data processing

We process personal data for the following purposes as part of our cooperation with a business partner:

Communication with the business partner about products, services and projects, e.g. to process enquiries from the business partner;

Planning, execution and administration of the (contractual) business relationship between us and the business partner, e.g.

to process orders for products and services,

to collect payments,

for accounting, settlement and debt collection purposes

to carry out deliveries, maintenance or repairs;

Conducting customer surveys, marketing campaigns, market analyses, sweepstakes, competitions or similar actions and events;

Maintain and protect the security of our products, services and websites;

Maintain and optimize the availibility of our products, services and websites;

Prevent and detect security risks, fraud, or other criminal or malicious activity;

Compliance with

legal requirements (e.g. tax and commercial law retention obligations),

existing obligations to carry out compliance screenings (to prevent white-collar crime or money laundering) and

own guidelines and industry standards;

Settlement of litigation;

Enforcement of existing contracts;

To assert, exercise and defend legal claims;

Duration of storage

If no explicit storage period is specified at the time of collection (e.g. as part of a declaration of consent), your personal data will be deleted to the extent that it is no longer required for the purpose of storage, unless statutory storage obligations (e.g. commercial and tax law storage obligations) prevent deletion.

possibility of opposition and elimination

If our contact person has given his consent to process his personal data, the contact person has the right to revoke the consent given at any time with effect for the future, i.e. the revocation does not affect the legality of the processing carried out prior to the revocation on the basis of the consent. After revocation, we may process the personal data only to the extent that we can base the processing on another legal basis.

Data protection for applications and in the application process

description and scope of data processing

We also offer applicants the opportunity to submit their application documents electronically. This is particularly the case if an applicant submits corresponding application documents electronically, for example by e-mail or via a web form on the website.

We point out that the security of data - within the meaning of Art. 5 Para. (1) lit. f GDPR - is not guaranteed in the case of unencrypted, electronic transmission.

legal basis for data processing

The legal basis for the processing of applicant data is Art. 88 GDPR.

Purpose of data processing

The controller collects and processes the personal data of applicants for the purpose of processing the application procedure.

Duration of storage

If the controller concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted two months after notification of the decision of refusal, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

possibility of opposition and elimination

The applicant has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, an active application procedure cannot be continued.

Social Media

description and scope of data processing

We maintain online presences within the social networks listed below (hereinafter "social media service") in order to communicate with users active there or to present users with information about our organization and business activities.

If you visit one of these sites, the respective provider will collect and process the data listed below:

If you visit one of these sites, the respective provider will collect and process the data listed below:

Inventory and contact data (e.g. name, address, telephone number, e-mail address)

Content data (e.g. posts, photos, videos)

Usage data (e.g. access times, web pages clicked on)

Communication data (e.g. information about the device used, IP address)

Data from users of social networks is generally used for advertising and market research purposes and usage profiles are created about it. Data can be stored in the usage profiles regardless of the device you use.

This is particularly the case if you are a member of the respective platform and logged in to it. The usage profiles are generally used by the providers to play interest-based advertising to you.

We would like to point out that when using social networks, user data may also be processed outside the European Union. This may result in risks for the user as the level of data protection prescribed by the GDPR may not be complied with and, for example, the enforcement of a user's rights may become more difficult.

legal basis for data processing

The legal basis for the use of social networks is Art. 6 para. 1 lit f GDPR

We use the social media presences for communication, (re-) marketing, reach measurement and further analysis of user behavior.

We use the social media presences for communication, (re-) marketing, reach measurement and further analysis of user behavior.

We refer to the data protection information and opt-out options provided by the respective provider.

We have no control over the storage period of the data left or transmitted by users on the social networks.

Translated with www.DeepL.com/Translator (free version)

We refer to the data protection information and opt-out options provided by the respective provider.

Social Media Service „Google My Business“

Service provider

We maintain an online presence within the service provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Mutterkonzern: Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

possibility of opposition and elimination

We refer to the information provided by the provider, listed below, and the contact option to the data protection officer from the service provider for further questions regarding the processing of data.

Privacy policy: https://policies.google.com/privacy;

Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.

Social Media Service "Instagram"

description and scope of data processing

We maintain an online presence with the service provider

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland; Mutterkonzern: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA

possibility of opposition and elimination

Please refer to the information provided by the provider below and contact the provider’s data protection officer if you have any further questions regarding data processing.

Website: https://instagram.com/

Privacy policy: https://instagram.com/about/legal/privacy

Social Media Service „LinkedIn“

Service provider

We maintain an online presence within the service provider

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; Mutterkonzern: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

possibility of opposition and elimination

We refer to the information provided by the provider, listed below, and the contact option to the data protection officer from the service provider for further questions regarding the processing of data.

Website: https://linkedin.com

Privacy policy: https://linkedin.com/legal/privacy-policy

Social Media Service „Twitter“

Service provider

We maintain an online presence within the service provider

X International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Irland; Mutterkonzern: X Corp., 865 FM 1209, Building 2, Bastrop, TX 78602

possibility of opposition and elimination

We refer to the information provided by the provider, listed below, and the contact option to the data protection officer from the service provider for further questions regarding the processing of data.

Website: https://x.com

Privacy Policy: https://x.com/privacy

Social Media Service „XING“

Service provider

We maintain an online presence within the service provider

XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland; Mutterkonzern: New Work SE, Dammtorstraße 30, 20354 Hamburg, Deutschland

possibility of opposition and elimination

We refer to the information provided by the provider, listed below, and the contact option to the data protection officer from the service provider for further questions regarding the processing of data.

Website: https://xing.com/

Privacy Policy: https://privacy.xing.com/datenschutzerklaerung

Plugins and external Services

description and scope of data processing

For our website, we use the functional and content elements ("Service") mentioned below, which are obtained from the servers of the respective provider. The functions can be, for example, tables, graphics, videos or social media buttons (hereinafter uniformly referred to as "content").

The use of the functionality usually requires the transmission of your IP address in order to provide you with the corresponding data.

The third-party providers sometimes use "web beacons" ("pixel tags", "tracking pixels" ) for statistical purposes. Through the use of pixel tags, visitor traffic can be evaluated.

Please note that when using plugins and external services, user data may, in principle, also be processed outside the European Union. This may pose risks to users, as the level of data protection required by the GDPR may not be maintained, and it could, for example, make it more difficult to enforce a user’s rights.

Legal basis for data processing

The legal basis for the use of external services (plugins and other functions) is, unless otherwise stated below, regularly - as far as we ask you for consent - the consent according to Art. 6 para. 1 lit. a GDPR. Otherwise, we process the data on the basis of our legitimate interest according to Art. 6 (1) lit. f GDPR.

Purpose of data processing

The provision of interactive content to improve the user-friendliness of our website to increase our level of awareness and to ensure the security of our information technology systems.

Service: Google reCaptcha

description and scope of data processing

We integrate the "reCAPTCHA" function to be able to recognize whether entries (e.g. in online forms) are made by humans and not by automatically acting machines (so-called "bots").

The Service provider is

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Mutterkonzern: Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Processed data may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on web pages, previously visited web pages, interactions with reCaptcha on other web pages, possibly cookies, and results of manual recognition processes (e.g. answering questions asked or selecting objects in images)

Purpose of data processing

Google reCapture is used in the interest of ensuring the security of our information technology systems.

Duration of storage

The duration of data storage is determined by the provider.

Service provider

Privacy policy: https://policies.google.com/privacy; Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de

Service: IM hCaptcha

description and scope of data processing

We use the "hCaptcha" feature to determine whether entries (e.g., in online forms) are made by humans and not by automated machines (so-called "bots").

The Service provider is

Intuition Machines, Inc. (hCaptcha), 2261 Market Street #5039, San Francisco, CA 94114, USA

The data processed may include IP addresses, information about operating systems, devices, or browsers used, language settings, location, mouse movements, keystrokes, time spent on web pages, previously visited web pages, interactions with hCaptcha on other websites, cookies in some cases, as well as results of manual verification processes (e.g., answering questions or selecting objects in images)

Purpose of data processing

Google reCapture is used in the interest of ensuring the security of our information technology systems.

Duration of storage

v

Service provider

Privacy Policy: https://www.hcaptcha.com/privacy

Service: Cloudflare Turnstile

description and scope of data processing

We use the "Turnstile" feature to determine whether visits to our website are made by humans rather than automated machines (so-called "bots").

The Service provider is

Intuition Machines, Inc. (hCaptcha), 2261 Market Street #5039, San Francisco, CA 94114, USA

The data processed includes various functions for "live detection" of users, including "Proof-of-Work," "Proof-of-Space," checks for web APIs and browser features, behavioral analysis, and Private Access Tokens, as well as other challenges designed to detect human behavior, where applicable.

Data transmitted to Cloudflare servers includes, for example, the user’s IP address, user agent, and browser characteristics; behavioral data such as mouse movements, dwell time, and interaction patterns; and technical session data such as header information and other technical parameters required to validate the user.

Purpose of data processing

Google reCapture is used in the interest of ensuring the security of our information technology systems.

Duration of storage

Data is generally stored for up to 30 days, depending on the type of data processed, provided there are no indications of misuse.

Service provider

Privacy policy: https://policies.google.com/privacy; Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de

Workshop Management

description and scope of data processing

On our website there is the possibility to register for workshops. When registering for the workshop, the data from the input mask is transmitted to us.

For events of the cooperation network there is an alternative registration possibility by e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.

For the implementation of an event, but also within the framework of the event, your personal data will be made available to the implementing partners - e.g. partners in the cooperation network - and a responsible project sponsor. Your personal data will not be disclosed to third parties without your consent.

legal basis for data processing

The legal basis for the processing of data after registration for the workshop by the user is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

Purpose of data processing

We process the data for the purpose of organizational processing and implementation of the selected event and to provide further information about the event.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of participation in cooperation events, this is the case after 5 years.

possibility of opposition and elimination

The participant has the option to revoke his consent to the processing of personal data at any time. In the event of use and participation via online platforms, the data protection information of the corresponding platform shall continue to apply.

Photos and images from events

description and scope of data processing

Photos and videos can be taken at face-to-face events to provide visual documentation of the event.

In the case of hybrid events, which are a combination of presence participation and recording of the stage/speakers, as well as possibly a transmission of the presentations online, there is regularly no video transmission of the participants*.

During an online event, audio and video recordings as well as, if applicable, comments transmitted via the comment function of the online platform are processed.

The image recordings are made available to internal departments that necessarily need to receive the data as part of the processing of the activity (accounting, marketing, grants department), but also to cooperation partners, grantors and processors involved in the processing.

A transfer to recipients in a third country (outside the EU) is not intended. The data will not be passed on to recipients who pursue their own purposes with this data.

We would like to point out that some social media operators are based outside the territory of the EU and the European Economic Area (EEA), in particular in the USA, and that these countries do not have an adequate level of data protection. Furthermore, we cannot rule out the possibility that even if social media operators have a registered office in the EU, personal data may also be transmitted to Group companies in the USA or another country outside the EU or the EEA and/or this data may also be stored on servers in the USA or another country outside the EU or the EEA. In the case of social media channels, it may also be that the respective social media service receives usage rights to the published data.

In the case of hybrid or online events, it may be that the technology used by the cooperation partner with whom we are holding the event, or the technology service provider used by the partner, provides for data transmission to third parties and/or is carried out by a solution that transmits data to third parties. In this case, you will be informed separately.

legal basis for data processing

The legal basis for the processing of the data is § 23 KustUrhG, and if the user has given his consent, Art. 6 para. 1 lit. a GDPR.

In the case of online events, the legal basis for the processing of data is also Art. 6 (1) lit. f GDPR, since, when applicable, documentation may also be necessary due to certain funding regulations.

Purpose of data processing

The images or likenesses will be used for the following purposes: Provision of the photographs to the participants; References to further and to similar events; Our own print media and comparable publications; Public coverage of the event; Public relations; Use on our website; Publication in social media; Use by press and media.

Should an online event provide for the publication of the recording in whole or in part, this will be regulated accordingly in the description of the event. In any case, it could be that we keep a recording to meet the funding requirements of certain institutions.

Duration of storage

Retention period of the image recordings: The image recordings will be retained for as long as is necessary for the aforementioned purposes. The image recordings can be stored internally for an unlimited period, e.g. to secure copyright legal claims by providing evidence of original recordings and furthermore for reasons of contemporary historical documentation. In case of publication, the recordings can be published as long as the respective publication carriers, articles or contributions are publicly accessible.

possibility of opposition and elimination

The data subject has the possibility at any time to revoke his or her consent to the processing of personal data for the future for good cause.

Online meetings and video conferences

description and scope of data processing

We use in-house services to facilitate online meetings and conference calls via video and/or audio circuit among employees and with potential customers or clients.

If you communicate with us via such a service, the data collected in this communication process will be processed by us.

Data that may be generated in such a communication process includes, in particular, your login and contact information, posts in the chat window, your video and audio postings, and shared screen content.

The processed data primarily includes user data and metadata (e.g. IP address, computer system information). This data is usually processed to verify and ensure the security of the service.

The BigBlueButton service is used for video conferencing, instant messaging, chat and voice conferencing. Service provider: TransMIT Gesellschaft für Technologietransfer mbH

legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR, or Art. 6 para. 1 lit. a GDPR if the user has given his consent.

In the case of online events, the legal basis for the processing of data is also Art. 6 (1) lit. f GDPR, since, when applicable, documentation may also be necessary due to certain funding regulations.

Purpose of data processing

The data is processed for the purpose of internal and external communication with employees as well as interested parties and customers.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the metadata, this regularly happens no later than 7 days after the end of the meeting. User data and chat content are stored for as long as the documentation of a meeting requires.

possibility of opposition and elimination

The data subject has the possibility at any time to revoke his or her consent to the processing of personal data for the future for good cause.

Rights of the data subject

If personal data are processed by you, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

Right to information

You can ask the person in charge to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you can request the following information from the person responsible:

the purposes for which the personal data are processed;

the categories of personal data being processed;

the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;

the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of processing by the controller or a right to object to such processing;

the existence of a right of appeal to a supervisory authority;

any available information on the origin of the data if the personal data are not collected from the data subject;

the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

Right to correction

You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.

Right to limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

if you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;

the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

the data controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or

if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

Right to cancellation

Duty to delete

You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.

You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.

The personal data concerning you have been processed unlawfully.

The deletion of personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.

The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

Information to third parties

If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

Exceptions

The right to cancellation does not exist insofar as the processing is necessary

to exercise freedom of expression and information;

for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;

for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or

to assert, exercise or defend legal claims.

Right to information

If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

The person responsible shall have the right to be informed of such recipients.

Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that

processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

processing is carried out by means of automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f) of the DSBER; this also applies to profiling based on these provisions.

If you wish to use your right of withdrawal or right to object, an e-mail to the above e-mail address of the responsible person is sufficient.

The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

is necessary for the conclusion or performance of a contract between you and the person responsible,

with your express consent; or

the legislation of the Union or of the Member States to which the person responsible is subject is admissible and that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the first two cases, the person responsible shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to present his or her point of view and to contest the decision.

Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

An overview of all contact details of the supervisory authorities of the individual federal states can be found on the page of the "Federal Commissioner for Data Protection and Freedom of Information": https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

Changes and Updates to the Privacy Policy

This privacy policy is updated as needed. Updates are made whenever changes to our data processing practices require them. We therefore ask that you review the content of this privacy policy on a regular basis. We will notify you separately of any changes that require your action (e.g., consent) or individual notification.

If this privacy policy includes addresses or contact information for companies or organizations, please note that this information is subject to change. Therefore, please verify its accuracy before contacting them.

Version: 26.05.2026