Data Privacy

Data Protection Policy

1. Who we are and how you can reach us

The responsible party for the processing of personal data on this website is:

Hasso Plattner Foundation
Seestr. 35-37
Phone: +49 (0)331 74513-103
Email: foundation(at)plattner.com

You may contact our data protection officer at:

Hasso Plattner Foundation
Seestr. 35-37
Phone: +49 (0)331 74513-103
Email: datenschutz(at)hpc-office.com

2. Which data we do (not) process, for what purpose, how long, and on what legal basis

2.1. Use of our website

When you call up and use our website, we collect the personal data that your browser automatically transmits to our server.  The following information is stored temporarily in a so-called log file:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by ourselves, but by a service provider who processes the aforementioned data for the aforementioned purpose on our behalf in accordance with Art 28 DSGVO.

The processing is carried out to protect our overriding legitimate interest to display our website and ensure security and stability based on Art. 6 para. lit. f DSGVO. The collection of data and storage in log files is mandatory for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 (1) DSGVO. Insofar as the further storage of log files is required by law, the processing is based on Art. 6 para. 1 lit. c DSGVO. There is no legal or contractual obligation to provide the data, however, calling up our website is technically not possible without providing the data.

The aforementioned data is stored for the duration of the website display and for technical reasons beyond that for a maximum of 7 days.

2.2. Data processing in connection with general contact

If you call us or send us a message, we need your email address, your postal address or your telephone number to provide you an answer. Instead of your name, you may use a pseudonym. We will only use this information, as well as date and time of your contact, to process your request. Your data will not be passed on to third parties by us, but only used internally by the department that is responsible for your concern. We will delete your data as soon as it is no longer needed for this purpose. As a rule, this is three months after your last contact with us. If you should have any questions, please notify us again within this three month period. The legal basis for the processing of data are Art. 6 para. 1 subpara. 1 letters b and f GDPR. The legitimate interests in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is to fulfill your request.

Exceptions: We are required to store business and commercial letters and other tax-relevant documents in order to fulfill the commercial and tax law archiving obligations. We will delete these documents by the 31st of March of the seventh calender year following their creation and, in the case of accounting receipts, the eleventh calender year following their creation. Our accounting department has access to these data. The legal basis for the tax law retention is Art. 6 para. 1 subpara. 1 letter c GDPR in connection with §§ 147 AO, 257 HGB.

2.3. Data processing in connection with job applications

We understand that job applications contain sensitive personal information.

When you apply to us, we process the information we receive from you in the context of the application process. This includes the letter of application, CV, certificates, written correspondence and information received by telephone and in person. Besides your contact information, we attach particular importance to your educational background, working experience and abilities. Without this information we will be unable to regularly determine your suitability for the position and therefore we will be unable to consider your application.

Your data will initially be processed for the application procedure alone. If your application is successful, it will be used as part of your personal file and for the purpose of implementing and terminating your employment relationship, whereby it will then be deleted in accordance with the rules applicable to personal files. If we are currently unable to offer you employment, your data will be processed up to six months after the sending the refusal in order to protect ourselves against possible legal claims, in particular against any alleged discrimination claim in the application process. Insofar, as you are entitled to receive reimbursements or any other tax-related business transaction exists (e.g., a meal invitation), the corresponding accounting documents for the fulfillment of commercial and tax-related retention obligations are saved up to 31 March of the eleventh calender year after payment. In the case of commercial and business letters and other tax-related documents, these are saved up to the seventh calender year after their creation. Initially our human resource department has access to your documents but also, as necessary, the department of the job you applied for, the legal department, and the accounting department. 

The legal basis of the data processing in the application process and as part of the personal file are § 26 para. 1 sent. 1 GDPR und Art. 6 para. 1 subpara. 1 letter b GDPR, and insofar as you have given your consent—for example by sending information that is not required for the application procedure―Art. 6 para. 1 subpara. 1 letter a GDPR. The legal basis of data processing after refusal is Art. 6 para. 1 subpara. 1 letter f GDPR.The legal basis for the commercial and tax law retention is Art. 6 para.1 subpara. 1 letter c GDPR in conjunction with §§ 147 AO, 257 HGB. Legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is the defense against legal claims. The legal basis for the fulfillment of the statuatory rights of the Works Council is Art. 6 para. 1 subpara. 1 letter c GDPR in conjunction with § 80 BetrVG (German Works Council Constitution Act), § 26 para. 1 sent. 1 last clause BDSG (Federal Data Protection Act).

As a rule, we do not require any special categories of personal data for the application in terms of Art. 9 GDPR, such as health data or information about your ethical origin. We ask you at the outset not to provide us with any such information. If such information is particularly relevant to the application, we will process it along with your other application data. This might, for example, concern information about severe disability, which you provide voluntarily and which we are then required to process in fulfillment of our specific obligation with respect to the severely disabled. In this case, the processing serves in exercising the rights or in fulfillment of legal responsibilities arising from labor law, social security law, and social protection. The legal basis of data processing is Art. 9 para. 2 letter b GDPR, §§ 26 para. 3 BDSG (Federal Data Protection Act), 164 SGB (Code of Social Law) IX.

3. Voluntary provision of your data

You are not required to provide personal information to us. However, by not providing us with certain information (for example, how to contact you if you would like an answer from us), it is possible that we will be unable to complete your request. 

 4. Recipients of your data

Generally, your personal data remains within our area of responsibility, except in special cases (e.g., co-operative events), in which we will then explicitly inform you to whom your data will be sent. If compelling circumstances arise, it may be necessary to pass on your data to external consultants, for example to lawyers in the case of legal disputes (legal basis Art. 6 para. 1 subpara. 1 letter f GDPR; purpose and legitimate interest: the exercising, defending or asserting of legal rights). Our administrators have the possibility to access data processed by our IT department, if this should be necessary. Our data protection officer has extensive rights of control, accorded by Art. 37, 38 GDPR, and therefore access to personal data (legal basis Art. 6 para. 1 subpara. 1 letter c in conjunction with Art. 37, 38 GDPR). In certain cases, we may need to disclose your personal information to third parties so that you can receive the service you want; this means to vicarious agents, for example banks and other payment service providers or to postal service providers. In certain areas, such as web hosting and email hosting, we use specialized service providers. These providers are strictly bound by our instructions through an agreement on commissioned data processing and may not process the data for their own purposes. If in special cases (e.g., co-operative events with partners outside of the EU), your data will be transferred to third countries, we will inform you of this and, if required, also separately about the legal basis and level of data protection.

 5. Automated decision-making, profiling

Your data will not be used for automated decision-making or profiling.

6. Your rights

Under the relevant legal requirements, you have the right to receive information about your data, the right to have such data corrected or deleted, the right to the restriction of processing, the right to object to processing, and the right to data tranferability. In particular, you have the right to object to the processing of your data for advertising purposes at any time without incurring costs other than the transmission costs, according to the rates of your provider (e.g., the costs of an email=usually none). This applies, for example, if you have registered for an event and do not wish  to be informed about similar events. If the data processing is based on consent, you have the right to revoke your consent at any time without this affecting the legality of the processing being carried out on the basis of consent to revocation or processing on any other legal basis. If you want to exercise these rights, you can simply write to datenschutz(at)hpc-office.com.com or click on the unsubscribe link in any email newsletter to unsubscribe. If we call you, you can also communicate this to us directly.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data, for example to the supervisory authority whom we answer to: Die Landesbeauftragte fĂĽr den Datenschutz und fĂĽr das Recht auf Akteneinsicht, Stahnsdorfer Damm 77, 14532 Kleinmachnow, Tel: +49 (0)33203 356-0, Fax: +49 (0)33203 356-49, Email: poststelle(at)lda.brandenburg.de.

If you have questions or requests regarding data protection, you can contact us at any time. Your contact is: datenschutz(at)hpc-office.com.

7. Your right to object to data processing

Insofar as the processing of your personal data is based on Art. 6 para. 1 subpara. 1 letter e or f GDPR, you have the right to object to processing in accordance with Art. 21 GDPR. If your objection is made for reasons arising from your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or for the establishment, exercise of defence against legal claims. If your opposition is directed against direct marketing, including profiling, insofar as it is connected with such direct mail, we will no longer process your personal data for these purposes.

8. Presence of social media platforms 

We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers also within social networks and to offer you further ways to contact us and to inform yourself about our offers. In the following, we inform you about which data we or the respective social network process from you in connection with the call and use of our fan pages/accounts.

If you wish to contact us via messenger or direct message via the respective social network, we generally process your user name via which you contact us and, if necessary, store other data provided by you insofar as this is required to process/respond to your request.

The legal basis is Art. 6 (1) sentence 1 f) DSGVO (processing is necessary to protect the legitimate interests of the controller). Furthermore, your consent to the data processing by the social network is required according to Art 6 para 1 lit a DSGVO in conjunction with Art 7 DSGVO.

We receive automated statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, page activity and post interactions, reach, video views, and the percentage of men/women among our fans/followers.

The statistics only contain aggregated data that cannot be related to individual persons. You are not identifiable to us through this.

What data the social networks process from you

In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and, in this respect, no user account for the respective social network is required.

Please note, however, that the social networks also collect and store data from website visitors without a user account when the respective social network is called up (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no control. Details on this can be found in the privacy policy of the respective social network (see the corresponding links above).

If you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our postings/contributions and/or contact us via messenger functions, prior registration with the respective social network and the provision of personal data is required.

We have no influence on the data processing by the social networks within the scope of their use by you. According to our knowledge, your data will be processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behaviour (using cookies, pixels/web beacons and similar technologies), on the basis of which advertising based on your interests is played both within and outside the respective social network. It cannot be ruled out that your data will be stored by the social networks outside the EU/EEA and passed on to third parties.

Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the privacy policy/cookie policy of the social networks. There you will also find information on your rights and objection options.

Facebook page

When you visit our Facebook page, Facebook (Meta) collects, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more detailed information on this at the following link: https://facebook.com/help/pages/insights.

It is not possible for us to draw conclusions about individual users by means of the statistical information transmitted. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We collect your data via our fan page only to realize a possible provision for communication and interaction with us. This collection usually includes your name, message content, comment content and the profile information you provide “publicly”.

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 (1) f) DSGVO. Should you, as a user, have given your consent to the data processing vis-Ă -vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 (1) a), Art. 7 DSGVO.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to fully access your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.

We are jointly responsible with Facebook for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.

The primary responsibility for the processing of Insights Data lies with Facebook under the GDPR and Facebook complies with all obligations under the GDPR with respect to the processing of Insights Data, Meta Platforms Ireland Ltd. provides the essence of the Page Insights Supplement to Data Subjects.

We do not make any decisions regarding the processing of Insights data and storage duration of cookies on user terminals.

Further instructions can be found directly at Facebook (Supplemental Agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

For more information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion, as well as guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to Facebook’s privacy policy/cookie policy: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 https://www.facebook.com/policies/cookies

Instagram page

When you visit our Instagram page, Instagram (Meta) collects, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more detailed information on this under the following link (Note: clicking on the following link will take you to the website of the social network Facebook, also part of the Meta Group. However, the information provided via the link applies equally to the social network Instagram): https://facebook.com/help/pages/insights.

It is not possible for us to draw conclusions about individual users by means of the statistical information transmitted. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We collect your data via our fan page only to realize a possible provision for communication and interaction with us. This collection usually includes your name, message content, comment content and the profile information you provide “publicly”.

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 (1) f) DSGVO. Should you, as a user, have given your consent to the data processing vis-Ă -vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 (1) a), Art. 7 DSGVO.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to fully access your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.

We are jointly responsible with Instagram for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.

The primary responsibility for the processing of Insights Data lies with Instagram under the GDPR and Instagram complies with all obligations under the GDPR with respect to the processing of Insights Data, Meta Platforms Ireland Ltd. provides the essence of the Page Insights Supplement to Data Subjects.

We do not make any decisions regarding the processing of Insights data and storage duration of cookies on user terminals.

For further instructions, please refer directly to Instagram (Supplemental Agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

For more information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to the privacy policy/cookie policy of Instagram (note: clicking on the following link will take you to the website of the social network Facebook): https://help.instagram.com/519522125107875/?helpref=uf_share

This information can also be viewed in the help section of the Instagram website via the following link: https://help.instagram.com/581066165581870

Twitter page

Twitter is a social network of Twitter Inc. based in San Francisco, California, USA, which enables the creation of private profiles of natural persons (Personal Account) as well as professional profiles (Professional Account) of natural persons and companies. Via Twitter, users can, among other things, compose short messages (so-called “tweets”), interact with the content of other users, e.g., compose so-called “retweets”, submit likes to posts, share posts and reply when other users mention or tag you in content.

When using or visiting the network and thus also when visiting our Twitter account, Twitter automatically collects data from the users or visitors, for example user name and IP address, during the use or visit. This is done with the help of tracking technologies, in particular using cookies. Twitter provides users with information, offers and recommendations, among other things, based on the data collected in this way. This information is used to provide us, as the operator of our Twitter site, with statistical information about the use of the Twitter site. You can find more information on this in Twitter’s privacy policy: https://twitter.com/privacy#twitter-privacy-1.

It is not possible for us to draw conclusions about individual users by means of the statistical information transmitted. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We collect your data via our fan page only to realize a possible provision for communication and interaction with us. This collection usually includes your name, message content, comment content and the profile information you provide “publicly”.

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 para. 1 f DSGVO. Should you, as a user, have given your consent to the data processing vis-Ă -vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a, Art. 7 DSGVO.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to fully access your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.

We are jointly responsible with Twitter for the personal content of the fan page. Data subject rights can be asserted with Twitter Inc. as well as with us.

The primary responsibility under the GDPR for the processing of Insights Data rests with Twitter and Twitter complies with all obligations under the GDPR with respect to the processing of Insights Data. Twitter Inc. provides the essence of the Page Insights Supplement to data subjects.

We do not make any decisions regarding the processing of Insights data and storage duration of cookies on user terminals.

For more information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to Twitter’s privacy policy/cookie policy:

Privacy policy: https://twitter.com/privacy#twitter-privacy-1

Cookie Policy: https://help.twitter.com/rules-and-policies/twitter-cookies

LinkedIn page

LinkedIn is a social network of LinkedIn Inc. based in Sunnyvale, California, USA, which enables the creation of private as well as professional profiles of natural persons and company profiles. Users can maintain their existing contacts and make new ones within the social network. Businesses and other organizations can create profiles that upload photos and other company information to present themselves as employers and hire employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The network’s focus is on professional exchanges on specialized topics with people who share the same professional interests.

When using or visiting the network, LinkedIn automatically collects data from the users or visitors, for example user name, job title and IP address. This is done with the help of various tracking technologies. LinkedIn provides information, offers and recommendations to users on the basis of the data collected in this way.

We collect your data via our company profile only to realize a possible provision for communication and interaction with us. This collection usually includes your name, message content, comment content as well as your “publicly” provided profile information.

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 para. 1 f DSGVO. Should you, as a user, have given your consent to the data processing vis-Ă -vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a, Art. 7 DSGVO.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to fully access your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.

We are jointly responsible with LinkedIn for the personal content of our company profile. Data subject rights can be asserted with LinkedIn Inc. as well as with us.

We do not make any decisions regarding the data collected on LinkedIn’s site using tracking technologies.

For more information on LinkedIn, visit: https://about.linkedin.com.

For more information about privacy at LinkedIn, please visit: https://www.linkedin.com/legal/privacy-policy.

Further information on storage duration/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use at LinkedIn can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage- basic_footer-cookie-policy.

MyFonts Counter

Nature and scope of processing

We have integrated MyFonts Counter on our website. MyFonts Counter is a service of MyFonts, Inc. and offers us the possibility to statistically evaluate the number of visits to our website. MyFonts Counter uses cookies and other browser technologies to recognize users and website visits. This information is used, among other things, to compile reports on website activity. In this case, your data is passed on to the operator of MyFonts Counter, MyFonts, Inc., 600 Unicorn Park Drive Woburn, MA 01801 USA.

Purpose and legal basis

The use of MyFonts Counter is based on your consent according to Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by MyFonts, Inc. Further information can be found in the privacy policy for MyFonts Counter: https://www.myfonts.com/legal/website-use- privacy-policy/.

9. Consent Tool

Cookies are small text files that are sent by us to the browser of your end device during your visit to our website and stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses, so that we are able, for example, to identify the browser you are using when you return to our website, visit our website and to transmit various information to us (non-essential cookies).

With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly from your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. You can find detailed information about the cookies used in the cookie settings or in the Consent Manager of this website.

Domain Name Description Storage duration
plattnerfoundation.org _pk_id.1.151a This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behavior and measure website performance. It is a pattern type cookie, where the _pk_id prefix is followed by a short series of numbers and letters that are assumed to be a reference code for the domain that sets the cookie. approx. 1 year
plattnerfoundation.org _pk_ses.1.151a This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behavior and improve website performance.

It is a pattern type cookie where the _pk_ses prefix is followed by a short series of numbers and letters that are assumed to be a reference code for the domain that sets the cookie.

 

28 minutes
plattnerfoundation.org borlabs-cookie Used to store the user’s cookie consent, so that the next time the website is accessed, it is not necessary to obtain new consent. approx. 6 months

Version: 19.02.2023