Data Protection Policy
1. Who we are and how you can reach us
The responsible party for the processing of personal data on this website is:
Hasso Plattner Foundation
Phone: +49 (0)331 74513-103
Telefax: +49 (0)331 5509-129
You may contact our data protection officer at:
Hasso Plattner Foundation
Phone: +49 (0)331 74513-103
Telefax: +49 (0)331 5509-129
2. Which data we do (not) process, for what purpose, how long, and on what legal basis
2.1. Use of our website
When you visit our website, your web browser will tell our web server your IP address to make communication possible. It may be possible to identify you via your IP address.
Each time you access the Internet offer of the Hasso Plattner Foundation, the following data is stored in the server log files:
- Name of the retrieved file
- Date and time of retrieval
- Volume of data transferred
- Notification of whether the retrieval was successful
- IP address (in abbreviated form so that you are not identifiable)
- The web address from which the file was accessed (referrer URL)
- Information about the operating system and browser (user agent string)
You remain completely anonymous to us when you visit our website. This anonymous data is evaluated for statistical puposes only.
2.2. Data processing in connection with general contact
If you call us or send us a message, we need your email address, your postal address or your telephone number to provide you an answer. Instead of your name, you may use a pseudonym. We will only use this information, as well as date and time of your contact, to process your request. Your data will not be passed on to third parties by us, but only used internally by the department that is responsible for your concern. We will delete your data as soon as it is no longer needed for this purpose. As a rule, this is three months after your last contact with us. If you should have any questions, please notify us again within this three month period. The legal basis for the processing of data are Art. 6 para. 1 subpara. 1 letters b and f GDPR. The legitimate interests in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is to fulfill your request.
Exceptions: We are required to store business and commercial letters and other tax-relevant documents in order to fulfill the commercial and tax law archiving obligations. We will delete these documents by the 31st of March of the seventh calender year following their creation and, in the case of accounting receipts, the eleventh calender year following their creation. Our accounting department has access to these data. The legal basis for the tax law retention is Art. 6 para. 1 subpara. 1 letter c GDPR in connection with §§ 147 AO, 257 HGB.
2.3. Data processing in connection with job applications
We understand that job applications contain sensitive personal information.
When you apply to us, we process the information we receive from you in the context of the application process. This includes the letter of application, CV, certificates, written correspondence and information received by telephone and in person. Besides your contact information, we attach particular importance to your educational background, working experience and abilities. Without this information we will be unable to regularly determine your suitability for the position and therefore we will be unable to consider your application.
Your data will initially be processed for the application procedure alone. If your application is successful, it will be used as part of your personal file and for the purpose of implementing and terminating your employment relationship, whereby it will then be deleted in accordance with the rules applicable to personal files. If we are currently unable to offer you employment, your data will be processed up to six months after the sending the refusal in order to protect ourselves against possible legal claims, in particular against any alleged discrimination claim in the application process. Insofar, as you are entitled to receive reimbursements or any other tax-related business transaction exists (e.g., a meal invitation), the corresponding accounting documents for the fulfillment of commercial and tax-related retention obligations are saved up to 31 March of the eleventh calender year after payment. In the case of commercial and business letters and other tax-related documents, these are saved up to the seventh calender year after their creation. Initially our human resource department has access to your documents but also, as necessary, the department of the job you applied for, the legal department, and the accounting department.
The legal basis of the data processing in the application process and as part of the personal file are § 26 para. 1 sent. 1 GDPR und Art. 6 para. 1 subpara. 1 letter b GDPR, and insofar as you have given your consent—for example by sending information that is not required for the application procedure―Art. 6 para. 1 subpara. 1 letter a GDPR. The legal basis of data processing after refusal is Art. 6 para. 1 subpara. 1 letter f GDPR.The legal basis for the commercial and tax law retention is Art. 6 para.1 subpara. 1 letter c GDPR in conjunction with §§ 147 AO, 257 HGB. Legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is the defense against legal claims. The legal basis for the fulfillment of the statuatory rights of the Works Council is Art. 6 para. 1 subpara. 1 letter c GDPR in conjunction with § 80 BetrVG (German Works Council Constitution Act), § 26 para. 1 sent. 1 last clause BDSG (Federal Data Protection Act).
As a rule, we do not require any special categories of personal data for the application in terms of Art. 9 GDPR, such as health data or information about your ethical origin. We ask you at the outset not to provide us with any such information. If such information is particularly relevant to the application, we will process it along with your other application data. This might, for example, concern information about severe disability, which you provide voluntarily and which we are then required to process in fulfillment of our specific obligation with respect to the severely disabled. In this case, the processing serves in exercising the rights or in fulfillment of legal responsibilities arising from labor law, social security law, and social protection. The legal basis of data processing is Art. 9 para. 2 letter b GDPR, §§ 26 para. 3 BDSG (Federal Data Protection Act), 164 SGB (Code of Social Law) IX.
3. Voluntary provision of your data
You are not required to provide personal information to us. However, by not providing us with certain information (for example, how to contact you if you would like an answer from us), it is possible that we will be unable to complete your request.
4. Recipients of your data
Generally, your personal data remains within our area of responsibility, except in special cases (e.g., co-operative events), in which we will then explicitly inform you to whom your data will be sent. If compelling circumstances arise, it may be necessary to pass on your data to external consultants, for example to lawyers in the case of legal disputes (legal basis Art. 6 para. 1 subpara. 1 letter f GDPR; purpose and legitimate interest: the exercising, defending or asserting of legal rights). Our administrators have the possibility to access data processed by our IT department, if this should be necessary. Our data protection officer has extensive rights of control, accorded by Art. 37, 38 GDPR, and therefore access to personal data (legal basis Art. 6 para. 1 subpara. 1 letter c in conjunction with Art. 37, 38 GDPR). In certain cases, we may need to disclose your personal information to third parties so that you can receive the service you want; this means to vicarious agents, for example banks and other payment service providers or to postal service providers. In certain areas, such as web hosting and email hosting, we use specialized service providers. These providers are strictly bound by our instructions through an agreement on commissioned data processing and may not process the data for their own purposes. If in special cases (e.g., co-operative events with partners outside of the EU), your data will be transferred to third countries, we will inform you of this and, if required, also separately about the legal basis and level of data protection.
5. Automated decision-making, profiling
Your data will not be used for automated decision-making or profiling.
6. Your rights
Under the relevant legal requirements, you have the right to receive information about your data, the right to have such data corrected or deleted, the right to the restriction of processing, the right to object to processing, and the right to data tranferability. In particular, you have the right to object to the processing of your data for advertising purposes at any time without incurring costs other than the transmission costs, according to the rates of your provider (e.g., the costs of an email=usually none). This applies, for example, if you have registered for an event and do not wish to be informed about similar events. If the data processing is based on consent, you have the right to revoke your consent at any time without this affecting the legality of the processing being carried out on the basis of consent to revocation or processing on any other legal basis. If you want to exercise these rights, you can simply write to datenschutz(at)hpc-office.com.com or click on the unsubscribe link in any email newsletter to unsubscribe. If we call you, you can also communicate this to us directly.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data, for example to the supervisory authority whom we answer to: Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht, Stahnsdorfer Damm 77, 14532 Kleinmachnow, Tel: +49 (0)33203 356-0, Fax: +49 (0)33203 356-49, Email: poststelle(at)lda.brandenburg.de.
If you have questions or requests regarding data protection, you can contact us at any time. Your contact is: datenschutz(at)hpc-office.com.
7. Your right to object to data processing
Insofar as the processing of your personal data is based on Art. 6 para. 1 subpara. 1 letter e or f GDPR, you have the right to object to processing in accordance with Art. 21 GDPR. If your objection is made for reasons arising from your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or for the establishment, exercise of defence against legal claims. If your opposition is directed against direct marketing, including profiling, insofar as it is connected with such direct mail, we will no longer process your personal data for these purposes.