Personal data (hereinafter referred to as “data”) is processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.
Personal data is, according to Art. 4 (1) of the General Data Protection Regulation (DSGVO), any information relating to an identified or identifiable natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
With the following privacy policy, we inform you in particular about the nature, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of processing. In addition, we inform you below about the third-party components used by us for optimization purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.
» Regarding the Privacy policy for the protection of personal data of our business partners
Inhalt
2 Information about us as the responsible party
3 Rights of the data subjects and information on the right to object
4.2 Categories of affected persons
4.3 Purposes of the processing
4.7 Data transfer within the group of companies
4.8 Data processing in third countries
5 Detailed information on data processing operations
5.1 When visiting our web pages
5.2 Contact requests / contact options
5.2.1 Contacting via e-mail or contact form
5.4 Operation of social media profiles
8 Aktualität und Änderungen dieser Datenschutzerklärung
1 Terms used
The terms used in this Privacy Policy are defined in Art. 4 GDPR.
2 Information about us as the responsible party
Responsible provider of this website in the sense of data protection law is:
CiS Forschungsinstitut für Mikrosensorik GmbH
Konrad-Zuse-Str. 14
99099 Erfurt
Phone.: +49 361 663 1410
E-Mail: info@cismst.de
URL: https://www.cismst.de
Managing Directors: Prof. Dr. Thomas Ortlepp and Thomas Brock
Local court Jena HRB 110584
Data protection officer at the provider:
Juno – Datenschutz auf Augenhöhe
Julia Pudenz
Fischersand 50
99084 Erfurt
Phone: +49 361 663 1475
E-Mail: datenschutz@cismst.de
3 Rights of the data subjects and information on the right to object
With regard to the data processing described in more detail below, data subjects have the right to
- to confirmation as to whether data relating to them is being processed, to information about the data processed, to further information about the data processing and to copies of the data (cf. also Art. 15 GDPR);
- to correction or completion of incorrect or incomplete data (cf. also Art. 16 DSGVO);
- to the immediate deletion of the data concerning them (cf. also Art. 17 DSGVO), or, alternatively, insofar as further processing is necessary in accordance with Art. 17 (3) DSGVO, to restriction of processing in accordance with Art. 18 DSGVO;
- to revoke given consents at any time with effect for the future (cf. also Art. 7 (3) in conjunction with. Art. 17 para. 1.
- to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 DSGVO);
- to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions (cf. also Art. 77 GDPR).
In addition, the Provider is obliged to inform all recipients to whom data has been disclosed by the Provider about any correction or deletion of data or restriction of processing that takes place on the basis of Articles 16, 17 (1), 18 GDPR. However, this obligation does not exist insofar as this notification is impossible or involves a disproportionate effort. Notwithstanding the above, the user has a right to information about these recipients.
Likewise, according to Art. 21 GDPR, data subjects have the right to object to the future processing of data concerning them, provided that the data is processed by the provider in accordance with Art. 6 (1) f) GDPR. In particular, an objection to data processing for the purpose of direct marketing is permissible.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. Address your objection to the data protection officer at : datenschutz@cismst.de. |
4 Overview of the processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
4.1 Types of data processed
- Master data (e.g. names, addresses)
- Applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, curriculum vitae, certificates, as well as other information provided with regard to a specific position or voluntarily by applicants concerning their person or qualifications).
- Content data (e.g. entries in online forms)
- Contact data (e.g. e-mail, telephone numbers)
- Social media data (e.g. profile link in professional, social network).
- Meta/communication data (e.g. device information, IP addresses, missed call)
- Usage data (e.g., web pages visited, access times)
- Contract data (e.g. subject matter, term, type of business relationship)
4.2 Categories of affected persons
- Users (e.g., website visitors, users of online services).
- Employees (e.g. employees, applicants, former employees)
- Business and contractual partners
- communication partners
- Interested parties
4.3 Purposes of the processing
- Provision of our website and its user-friendliness, including our profiles on social media platforms
- Provision of contractual services and customer service
- Application procedure (establishment and possible subsequent implementation as well as possible subsequent termination of the employment relationship)
- Contact requests and communication
- Office and organizational procedures (e.g., conducting video conferences)
4.4 Relevant legal bases
The following is an overview of the legal basis of the GDPR on the basis of which we process personal data. In addition to the provisions of the GDPR, other national rules on data protection may apply.
- Consent (Art. 6 para. 1 p. 1 lit. a. GDPR) – The data subject has given his or her consent to the processing of personal data relating to him or her for a specific purpose or purposes. You can revoke your given consent at any time with effect for the future. Processing that took place before the revocation is not affected.
- Performance of a contract and processing of pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the request of the data subject.
- Legal obligation (Art. 6 (1) p. 1 lit. c. GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject, such as in the context of legal obligations to retain business documents.
- Legitimate interests (Art. 6 (1) p. 1 lit. f. GDPR) – Processing is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
National data protection regulations in Germany: In addition to the regulations of the General Data Protection Regulation, national legal requirements for data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains national regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission. It specifically regulates data processing for employment purposes (Section 26 BDSG), in particular with regard to the establishment, performance or termination of employment relationships and the consent of employees.
4.5 Security measures
Taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
These measures serve in particular the goal of confidentiality, integrity and availability of data, services and systems, input, transfer, ensuring availability and segregation of data. We have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software as well as procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
SSL encryption (https): To protect the data you transmit via our website, we use SSL encryption. You can recognize such encrypted connections by a lock symbol or the prefix https:// in the address bar of your browser.
4.6 Transfer of personal data
In the course of our processing of personal data, it may happen that this data is transferred to other companies or legally independent organizational units. These can be, for example, commissioned IT service providers with whom we have concluded corresponding contracts and agreements for the protection of your data.
4.7 Data transfer within the group of companies
We may transfer personal data to our umbrella organization, CiS e.V., or grant them access to this data. This transfer is usually for administrative purposes and is based on our legitimate business interests, is necessary for the fulfillment of our contract-related obligations or is based on your consent.
Data transmission within the CiS Forschungsinstitut
We may transfer personal data to other entities within our company or grant them access to this data. As a rule, this is necessary for the fulfillment of our contract-related obligations.
For administrative purposes, the transfer of data is based on our legitimate corporate and business interests.
A transfer of data may also be based on your consent or there is a legal permission.
4.8 Data processing in third countries
If we process data in a third country (i.e. countries outside the European Economic Area) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is only done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with an adequate level of data protection. For this purpose, companies or organizations in these third countries must fulfill appropriate guarantees, such as committing to comply with the so-called standard protection clauses of the EU Commission (Art. 44 to 49 GDPR).
4.9 Deleting data
Your data processed during the use of our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information on individual processing procedures is provided below.
5 Detailed information on data processing operations
5.1 When visiting our web pages
To advertise our services and to inform the public about our research projects, we maintain the Internet presence https://www.cismst.de as well as temporary project-specific websites.
5.1.1 Server data
Purposes of processing: For technical reasons, in particular to ensure a secure and stable Internet presence and comfortable use of our website, data is transmitted by your Internet browser to us or to our web hoster and stored in so-called server log files.
Types of data processed: These server log files include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type together with language and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, the IP address of the requesting end device and the requesting provider.
This data collected in this way is stored temporarily, but not together with other data from you.
Data subjects: Users/visitors to our website
Legal basis: This storage takes place on the legal basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our Internet presence.
Recipients of the data: The log data is received by our web host, who works for us under a contract processing agreement.
Service provider used:
- ALL-INKL.COM – Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany; WebSite: https://all-inkl.com; Privacy Policy: https://all-inkl.com/datenschutzinformationen
Storage period: The data will be deleted after 7 days at the latest, unless further storage is required for evidence purposes. Otherwise, the data is exempt from deletion in whole or in part until final clarification of an incident.
Disclosure to third parties: The log data (call, browser type and language, date and time of the call, IP address) are -with the exception of our web host- not passed on to third parties. Our web hoster reserves the right to check the above-mentioned log data retrospectively if there are concrete indications of illegal use.
Right of objection: You have the right to object to the processing of the above log data. If you wish to exercise your right to object, simply send an e-mail to datenschutz@cismst.de.
You are neither legally nor contractually obligated to provide your personal data. However, failure to provide such data may mean that you cannot use our website or cannot use it to its full extent.
5.1.2 Cookies
We use so-called “cookies” on our website. Cookies are small text files that contain certain data about your visit to our website. These text files are automatically created by your browser without your intervention and stored on your end device for a limited period of time when you visit our site. If our website is called up again from this end device, your browser sends back the content of the cookies and thus enables us to recognize you.
Allowing cookies
We only use cookies on our website that are necessary for the function. Thus, the obligation for a cookie declaration does not apply; likewise, no consent is required on your part.
In doing so, the following cookies are set and stored until automatically deleted:
Name | Purpose | Storage period | Kind of Cookies/ Supplier |
pll_language | Set by WordPress to save the language setting of the website user. | 1 year | Permanent or protocol cookie/ Supplier of this website |
The cookies serve the purpose and our legitimate interest to automatically recognize when you visit our site again that you have already been with us and what entries and settings you have made, so that you do not have to enter them again and to make the use of our website more comfortable for you.
However, we do not use your data to draw conclusions about your identity. A storage of the data together with other personal data of you, does not take place.
This storage takes place on the legal basis of Art. 6 para. 1 lit. f) GDPR. The legitimate interest in storing cookies is the technically error-free and optimized provision of services.
Recipients of the data are only the responsible party, the operator of the host server of our website, which acts for us within the framework of order processing according to Art. 28 GDPR (cf. Section 5.1.1), the provider of the respective cookie, as well as third parties to whom a legal obligation exists within the meaning of Art. 6 para.1 p. 1 lit. c) GDPR.
Management of cookies in your browser
Of course, you can also view our website without cookies in principle. You can deactivate the allowance of cookies by your browser via your browser settings and delete already stored cookies in your browser at any time. Please use the help functions of your Internet browser to find out how to change these settings. However, we cannot rule out the possibility that individual functions of our website may not work if you have deactivated the use of cookies.
Right to object: You can object to the processing of data collected by means of cookies at any time by contacting us at the following address: datenschutz@cismst.de.
The provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. Nor is there any obligation to provide us with this data. However, failure to provide it would mean that you may not be able to use our website and its subpages, or only to a limited extent.
5.2 Contact requests / contact options
5.2.1 Contacting via e-mail or contact form
If you contact us via contact form or e-mail, the data you provide will be used to process your request.
Types of data processed: Master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (inquiry content).
Purposes of processing: The provision of the data is necessary for processing and answering your inquiry – without their provision, we cannot answer your inquiry or, at best, only to a limited extent.
Data subjects: Communication partners, business and contractual partners
Legal basis: The above-mentioned data is processed on the legal basis of Art. 6 Para. 1 lit. b GDPR, insofar as your contact request is in connection with a contract initiation (e.g. request for an offer, appointment).
The above data will be processed on the legal basis of Art. 6 para. 1 lit. f GDPR for all other contact requests. Our legitimate interest is to be able to contact you as well as to answer your inquiry at any time.
Recipients of the processed data: The above-mentioned data is received by our company. Within our company, we ensure that only those persons are granted access to your data who are authorized to do so on the basis of contractual or legal obligations.
Storage period: Your data will be deleted if your inquiry has been conclusively answered and the deletion does not conflict with any statutory retention obligations, such as in the case of any subsequent contract processing.
Disclosure to third parties: The above-mentioned data will not be passed on to third parties.
Right to object: You can object to the processing of data collected by means of cookies at any time by contacting us at the following address: datenschutz@cismst.de.
The provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. Nor is there any obligation to provide us with this data. However, failure to provide it would mean that you may not be able to use our website and its subpages, or only to a limited extent.
5.2.2 Contacting by phone
You can contact us via the telephone number published on our website.
Types of data processed: telephone number, date and time of your call as well as information resulting from the conversation and, if applicable – upon request – your surname, first name and e-mail address.
Purposes of processing: your data is processed in order to handle your contact request and to be able to contact you for the purpose of responding to your request.
Data subjects: Communication partners, business and contractual partners.
Legal basis: The above-mentioned data is processed on the legal basis of Art. 6 Para. 1 lit. b GDPR, insofar as your contact request is related to a contract initiation (e.g. request for an offer, appointment).
The above-mentioned data is processed on the legal basis of Art. 6 para. 1 lit. f GDPR for all other contact requests. Our legitimate interest is to be able to contact you as well as to answer your request at any time.
Recipients of the processed data: The above-mentioned data is received by our company. Within our company, we ensure that only those persons are granted access to your data who are authorized to do so on the basis of contractual or legal obligations.
Storage period of the processed data: The above-mentioned data will only be processed as long as it is necessary for the processing of your contact request.
Disclosure of processed data to third parties: The above data will not be disclosed to third parties.
Right to object: You have the right to object to the processing of the above log data. If you wish to exercise your right to object, simply send an e-mail to datenschutz@cismst.de
You are neither legally nor contractually obligated to provide your personal data. However, failure to provide such data may mean that you cannot use our website or cannot use it to its full extent.
5.2.3 Contacting by letter
Contacting our company by letter is possible via the address published on our website.
Purposes of data processing: The processing of the above-mentioned data is carried out in order to process your contact request and to be able to contact you for the purpose of responding to your request.
Types of data processed: Insofar as you use this contact channel, the data you provide, such as in particular your address (surname, first name, street, place of residence, postal code), date of receipt of the mail as well as data from your letter and, if applicable, also attachments, will be processed.
Data subjects: Communication partners, business and contractual partners
Legal basis: The above-mentioned data is processed on the legal basis of Art. 6 Para. 1 lit. b GDPR, insofar as your contact request is in connection with a contract initiation (e.g. request for an offer, appointment).
The above-mentioned data is processed on the legal basis of Art. 6 para. 1 lit. f GDPR for all other contact requests. Our legitimate interest is to be able to contact you as well as to answer your request at any time.
Recipients of the processed data: The above-mentioned data is received by our company. Within our company, we ensure that only those persons are granted access to your data who are authorized to do so on the basis of contractual or legal obligations.
Storage period of the processed data: The above-mentioned data will only be processed as long as it is necessary for the processing of your contact request.
Disclosure of processed data to third parties: The above-mentioned data will not be passed on to third parties.
Right to object: You have the right to object to the processing of the above log data. If you wish to exercise your right to object, simply send an e-mail to datenschutz@cismst.de.
You are neither legally nor contractually obligated to provide your personal data. However, failure to provide such data may mean that you cannot use our website or cannot use it to its full extent.
5.3 Online job applications
We offer you the opportunity to apply to us via our website. For these digital applications, your applicant and application data will be collected and processed electronically by us for the purpose of handling the application process.
You can find detailed information on this in our section Notes on data protection for incoming applications.
5.4 Operation of social media profiles
We also advertise our social media presence on the platforms listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents a connection from being automatically established to the respective server of the social network when a web page with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic will the user be redirected to the service of the respective social network.
After the user has been forwarded, information about the user is collected by the respective network. It cannot be ruled out here that processing of the data collected in this way takes place in the USA.
This is initially data such as IP address, date, time and page visited. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the specific visit of the user to the personal account of the user. If the user interacts via a “Share” button of the respective network, this information can be stored in the user’s personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.
Responsibilities and assertion of your rights as a data subject
With regard to the operation of the individual social media channels, unless the individual social media operators qualify as the sole responsible parties, we act together with the respective social media operator as joint responsible parties. However, we do not have full access to the data collected by the social media operators and your profile data. Therefore, please read our privacy policy together with the privacy policy of the social media operator to get a comprehensive overview.
Purposes: The processing of personal data serves to expand and improve our Internet offering, to establish contact with potential customers, to maintain existing customer contacts and to interact in the community.
Legal basis: The processing is carried out on the legal basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to make our online presence functional and comprehensive.
The data processing initiated by the social networks may be based on different legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. a GDPR).
Types of data processed: We have access to your publicly visible data (e.g. name and profile picture if you make a public comment on our social media channel).
For anonymous statistics, we process the following data:
- Followers: number of people who follow our social media channel.
- Reach: number of people who see a specific post; number of interactions on a post; in particular, this can be used to infer which content is attracting widespread interest in the community.
Data subjects: Users/visitors to our website (social media channel).
Recipients of the data: Users and operators of the social media platforms
Storage period: the data collected directly by us via the respective social media channel is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. You can find details about this directly from the operators of the social networks (e.g. in their privacy policy, see the following subchapters).
Disclosure to third parties: CiS does not disclose any data to third parties. For information on the passing on of data by the platform operators, please refer to the respective data protection information.
Right to object: You have the right to object to the processing of the above log data. If you wish to exercise your right to object, simply send an e-mail to datenschutz@cismst.de.
You are neither legally nor contractually obligated to provide your personal data. However, failure to provide such data may mean that you cannot use our website or cannot use it to its full extent.
5.4.1 Twitter
We have an online profile on Twitter, a so-called channel, to present our company and our services and to communicate with customers/prospects. Twitter is a service of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may pose increased risks to users in that, for example, it may be more difficult to access user data at a later date. We also do not have access to this user data. The access possibility lies exclusively with Twitter.
The purpose and scope of the data collection and the further processing and use of the data by Twitter, as well as your rights in this regard and setting options for protecting your privacy, can be found in Twitter’s data protection information at https://twitter.com/en/privacy
You can make personal data protection settings at twitter.com/personalization.
5.4.2 YouTube
We have an online profile on YouTube, a so-called channel, to present our company as well as our services and to communicate with customers/interested parties. You can subscribe to our channel to stay informed about new videos from us. According to your privacy settings, we can see that you have subscribed to our channel.
YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.
In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may pose increased risks to users in that, for example, it may be more difficult to access user data at a later date. We also do not have access to this user data. The access possibility lies exclusively with YouTube.
The privacy policy of YouTube can be found at https://policies.google.com/privacy.
5.4.3 LinkedIn
We have an online profile on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.
In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may pose increased risks to users in that, for example, it may be more difficult to access user data at a later date. We also do not have access to this user data. The access option lies exclusively with LinkedIn.
For the purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information of LinkedIn at https://www.linkedin.com/legal/privacy-policy.
You can find an opt-out option at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
5.4.4 XING
We have an online profile on XING to present our company and our services and to communicate with customers/prospects. XING is a service of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
The purpose and scope of the data collection and the further processing and use of the data by XING, as well as your rights in this regard and settings options for protecting your privacy, can be found in the XING data protection information at https://privacy.xing.com/en/privacy-policy.
6 Business services
6.1 Data protection information for customers, cooperation partners, suppliers and interested parties
We process data of our contractual and business partners, i.e. customers, cooperation partners, suppliers and interested parties within the scope of contractual and comparable legal relationships as well as related measures and within the scope of communication with data subjects.
What personal data do we process?
We process the following personal data in full or in part that we receive from you in the course of our business relationship or initiation of a business relationship:
- Personal data / personal identification data[1]
- Address data (address)
- Contact data (telephone, e-mail)
- Business letters[2]
For what purposes is the data processed and on what legal basis?
In the following, we explain what your data is processed by us for and on what legal basis.
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):
To fulfill contractual and/or pre-contractual obligations (Art. 6 para. 1 letter b GDPR).
The processing of personal data is carried out in particular for the execution of our contracts with you or for the initiation of contracts as well as all activities required with the operation and administration of a company.
You can find further details on the purpose of the data processing in the respective contract documents. Examples are:
- R&D contracts
- supply contracts
- purchase orders
Due to legal requirements (Art. 6 para. 1 letter c GDPR).
We are subject to various legal obligations that entail data processing. These include, for example:
- Tax laws as well as statutory accounting in accordance with commercial law.
- The fulfillment of control and reporting obligations under tax law.
Within the framework of the balancing of interests (Art. 6 para. 1 letter f GDPR).
As far as necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or of third parties. Examples of such cases are:
- Measures for business management and further development of services and products.
- Measures for IT security
- Advertising – insofar as you have not objected to the use of your data
- Processing in the CRM system
- Assertion of legal claims and defense in legal disputes
Processing based on your explicit consent (Art. 6 para. 1 letter a GDPR)
We process personal data for advertising purposes by e-mail or for evaluation for marketing purposes on the basis of your expressly voluntary consent. Consent given can be revoked at any time with effect for the future.
Who gets your data?
Within our company
- Management and employees for the contact with you and the contractual cooperation (incl. the fulfillment of pre-contractual measures) or for the implementation of our legitimate interest
Third party, outside our company
Should it be necessary to pass on data to third parties for the purpose of initiating or executing a contract, these third parties will be obliged to maintain confidentiality in accordance with the DS-GVO/BDSG. Within the framework of the balancing of interests according to Art. 6 Para. 1 Letter f DS-GVO, data may also be passed on to third parties in exceptional cases. Otherwise, data will only be disclosed if permitted or required by law.
Recipients of personal data may be, for example:
- Credit and financial service providers (processing of payment transactions)
- Business and wage tax and company auditors (statutory audit mandate)
- Public authorities and institutions (e.g. public prosecutor’s office, police, supervisory authorities, tax office) if there is a legal or official obligation to do so
- In R&D cooperation projects coordinated by the person responsible, personal data is transferred to the project sponsor, such as AiF, to experts, to funding bodies, such as the BMBF.
Your data may be passed on to service providers who act as processors on our behalf:
- Data destruction to certified shredders
- IT service provider (e.g. DATEV)
All service providers are contractually bound and in particular obliged to treat your data confidentially.
Is data transferred to a third country or to an international organization?
A transfer to a third country is not intended.
How long will your data be stored?
We process and store your personal data as long as this is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted.
Exceptions arise,
- insofar as statutory retention obligations must be fulfilled, e.g. the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage or documentation are generally six to ten years;
- for the preservation of evidence within the framework of the statutory limitation provisions. According to §§ 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.
If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions apply here.
Right to object: You have the right to object to the processing of your personal data. If there are no overriding legitimate grounds for processing, this data will be deleted. If you wish to exercise your right to object, simply send an e-mail to datenschutz@cismst.de.
6.2 Events
We plan, organize and conduct scientific conferences and workshops for the presentation of research projects and discussion of the achieved results. The registration of participants is usually done through our website. Any additional mandatory information is marked as such (by *). In addition, further information can often be provided voluntarily. The mandatory data is processed in order to identify you as a participant in the event, to check the plausibility of the data entered, to reserve a place on the event and to establish or implement the contract with you regarding participation and to provide you with information about the event before, during and after the event to enable you to participate in the best possible way and to enable us to plan and ensure that the event runs smoothly.
The provision of the voluntary data enables us to plan and carry out the event in a customer-friendly manner and in line with your interests.
Purposes of processing: provision of contractual services and customer service.
Data subjects: Interested parties, business and contractual partners, employees
Types of data processed: master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), contractual data (e.g. event title, date, speaker/guest, technical data on the presentation (title, abstract)
Legal basis: contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR). Our legitimate interest is to plan and ensure a smooth process for each participant.
Recipients of the data: The above-mentioned data is received by our company. Within our company, we ensure that only those persons are granted access to your data who are authorized to do so on the basis of contractual or legal obligations.
Storage period: We delete the data when the contract has been fully processed, but must comply with the retention periods under tax and commercial law.
Disclosure to third parties: In the context of contract processing, we pass on your data to co-organizers/organizers as well as to financial service providers, insofar as the transfer is necessary for payment purposes. The legal basis for the transfer of data is then Art. 6 para. 1 lit. b) GDPR.
6.3 Virtual Meetings
We use platforms and applications of other providers (hereinafter referred to as “third-party providers”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. When selecting the third-party providers and their services, we observe the legal requirements.
In this context, data of the communication participants are processed and stored on the servers of the third-party providers, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual as well as vocal contributions and entries in chats and shared screen contents.
If users are referred to the third-party providers or their software or platforms in the course of communications, business or other relationships with us, the third-party providers, such as Cisco WebEx, may process usage data and metadata for security, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.
Notes on legal bases: If we ask users for their consent to use the third-party providers or certain functions (e.g. consent to a recording of conversations), the legal basis of the processing is consent. Furthermore, their use may be a component of our (pre)contractual services, provided that the use of the third-party providers was agreed upon in this context. Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners. In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.
- Types of data processed: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text input, photographs, videos, transcripts), usage data (e.g., web pages visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
- Data subjects: Communication partners, users (e.g. website visitors, users of online services).
- Purposes of processing: contractual performance and service, contact requests and communication, office and organizational procedures.
- Legal bases: consent (Art. 6 para. 1 p. 1 lit. a GDPR), contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
- Services used and service providers
Cisco WebEx Meetings: Videoconference application; Service provider: Webex Communications Deutschland GmbH, Hansaallee 249, c/o Cisco Systems GmbH, 40549 Düsseldorf; Parent company: Cisco Systems, Inc. 170 West Tasman Dr., San Jose, CA 95134, USA;
- WebSite: https://www.webex.com/en;
- Security advice: https://www.cisco.com/c/en/us/about/trust-center.html
- Privacy Policy: https://www.cisco.com/c/en_uk/about/legal/privacy-full.html
- Master Data Protection Agreement (MDPA /AVV): https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-master-data-protection-agreement.pdf;
- EU Standard Contract Clauses (SCC) Controller-to-Processor: https://www.cisco.com/c/dam/en_us/about/doing_business/legal/docs/sccs-ctop.pdf?dtid=osscdc000283
- Privacy Data Sheet: https://trustportal.cisco.com/c/r/ctp/trust-portal.html?doctype=Privacy%20Data%20Sheet&language=English&prodserv=Cisco%20Webex%20Meetings#/customer_transparency/pdfViewer/c%2Fdam%2Fr%2Fctp%2Fdocs%2Fprivacydatasheet%2Fcollaboration%2Fcisco-webex-meetings-privacy-data-sheet.pdf?docClassification=public
Objection to data processing: You have the right to object to the processing of the above log data. If you wish to exercise your right to object, simply send an e-mail to datenschutz@cismst.de.
You are under no legal or contractual obligation to provide your personal data. However, failure to provide such data may mean that you cannot use our website or cannot use it to its full extent.
7 Measures for data security
Our website is delivered TLS-encrypted (HTTPS) by our web hoster. You can recognize the secure connection by the small lock symbol or the prefix https:// in the address bar of your browser. Our web hoster uses TLS version 1.3. This transport encryption protects communication with our website from access by unauthorized third parties.
We also use appropriate technical and organizational security measures to protect your data against loss, destruction, access, alteration or distribution by unauthorized third parties. Our security measures are continuously improved in line with technological developments. A complete protection against all dangers is not possible despite regular controls.
8 Aktualität und Änderungen dieser Datenschutzerklärung
This privacy policy is currently valid and has the status November 2021.
Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy.
The previous version will be archived by us in case of replacement by a new version.
9 Other
This privacy statement also contains links to third-party websites. We have no control over the content or privacy practices of those websites. We recommend that you read the privacy statements of all third party websites you visit.
This information on data protection is based on the “Model Data Protection Declaration“ of the law firm Weiß & Partner.
[1] Personal data are e.g. name, title, company, department, position/function
[2] Business letters include: Letters, minutes of telephone calls, appointments, quotations, orders, delivery bills, invoices, complaints, contracts, non-disclosure agreements, visit reports