Data Privacy
Data Protection Policy
1. Who we are and how you can reach us
The responsible party for the processing of personal data on this website is:
Hasso Plattner Foundation
Seestr. 35-37
Phone: +49 (0)331 74513-103
Email: foundation(at)plattner.com
You may contact our data protection officer at:
Hasso Plattner Foundation
Seestr. 35-37
Phone: +49 (0)331 74513-103
Email: datenschutz(at)hpc-office.com
2. Which data we do (not) process, for what purpose, how long, and on what legal basis
2.1. Use of our website
When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is stored temporarily in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by ourselves, but by a service provider who processes the aforementioned data for the aforementioned purpose on our behalf in accordance with Art 28 GDPR.
The processing is carried out to protect our overriding legitimate interest to display our website and ensure security and stability based on Art. 6 para. lit. f GDPR. The collection of data and storage in log files is mandatory for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 para. 1 GDPR. Insofar as the further storage of log files is required by law, the processing is based on Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, however, calling up our website is technically not possible without providing the data.
The aforementioned data is stored for the duration of the website display and for technical reasons beyond that for a maximum of 7 days, unless we need the logfiles after that to assert or defend legal claims.
2.2. Data processing in connection with general contact
If you call us or send us a message, we need your email address, your postal address or your telephone number to provide you an answer. Instead of your name, you may use a pseudonym. We will only use this information, as well as date and time of your contact, to process your request. Your data will not be passed on to third parties by us, but only used internally by the department that is responsible for your concern. We will delete your data as soon as it is no longer needed for this purpose. As a rule, this is three months or up to three years after your last contact with us. If you should have any questions, please notify us again within this three month period. The legal basis for the processing of data are Art. 6 para. 1 subpara. 1 letters b and f GDPR. The legitimate interests in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is to fulfil your request.
Exceptions: We are required to store business and commercial letters and other tax-relevant documents in order to fulfil the commercial and tax law archiving obligations. We will delete these documents by the 31st of March of the seventh calendar year following their creation and, in the case of accounting receipts, the eleventh calendar year following their creation. Our accounting department has access to these data. The legal basis for the tax law retention is Art. 6 para. 1 subpara. 1 letter c GDPR in connection with §§ 147 AO, 257 HGB.
2.3. Data processing in connection with job applications
We understand that job applications contain sensitive personal information.
When you apply to us, we process the information we receive from you in the context of the application process. This includes the letter of application, CV, certificates, written correspondence and information received by telephone and in person. Besides your contact information, we attach particular importance to your educational background, working experience and abilities. Without this information we will be unable to regularly determine your suitability for the position and therefore we will be unable to consider your application.
Your data will initially be processed for the application procedure alone. If your application is successful, it will be used as part of your personal file and for the purpose of implementing and terminating your employment relationship, whereby it will then be deleted in accordance with the rules applicable to personal files. If we are currently unable to offer you employment, your data will be processed up to six months after the sending the refusal in order to protect ourselves against possible legal claims, in particular against any alleged discrimination claim in the application process. Insofar, as you are entitled to receive reimbursements or any other tax-related business transaction exists (e.g., a meal invitation), the corresponding accounting documents for the fulfilment of commercial and tax-related retention obligations are saved up to 31 March of the eleventh calendar year after payment. In the case of commercial and business letters and other tax-related documents, these are saved up to the seventh calendar year after their creation. Initially our human resource department has access to your documents but also, as necessary, the department of the job you applied for, the legal department, and the accounting department.Â
The legal basis of the data processing in the application process and as part of the personal file Art. 6 para. 1 subpara. 1 letter b GDPR, and insofar as you have given your consent—for example by sending information that is not required for the application procedure―Art. 6 para. 1 subpara. 1 letter a GDPR. The legal basis for the further data processing after refusal is Art. 6 para. 1 subpara. 1 letter f GDPR. We may need the data for the defence or assertion of legal claims, if necessary.The legal basis for the commercial and tax law retention is Art. 6 para.1 subpara. 1 letter c GDPR in conjunction with §§ 147 AO, 257 HGB.
As a rule, we do not require any special categories of personal data for the application in terms of Art. 9 GDPR, such as health data or information about your ethical origin. We ask you at the outset not to provide us with any such information. If you do so voluntarily, you also agree that we process them. If such information is particularly relevant to the application, we will process it along with your other application data. This might, for example, concern information about severe disability, which you provide voluntarily and which we are then required to process in fulfilment of our specific obligation with respect to the severely disabled. In this case, the processing serves in exercising the rights or in fulfilment of legal responsibilities arising from labor law, social security law, and social protection. The legal basis of data processing is Art. 9 para. 2 letter b GDPR, §§ 26 para. 3 BDSG (Federal Data Protection Act), 164 SGB (Code of Social Law) IX.
2.4. Management of contactsÂ
We manage contact information of existing and potential business partners, service providers, consultants, as well as other individuals and institutions related to our foundation through a Customer Relationship Management system. The processing is carried out based on Art. 6 para. 1 subpara. 1 letter f GDPR. Our legitimate interest lies in maintaining and communicating with the individuals concerned.
3. Voluntary provision of your data
You are not required to provide personal information to us. However, by not providing us with certain information (for example, how to contact you if you would like an answer from us), it is possible that we will be unable to complete your request.Â
 4. Recipients of your data
4.1. Data transfers within the Hasso Plattner Foundation Â
Within the Hasso Plattner Foundation, access to your personal data is granted to individuals and institutions solely on the basis of legitimate interests for internal administrative and compliance purposes, as per Art. 6 para. 1 letter f GDPR. Access is given only to those individuals and entities who a legitimately need to access your personal data, e.g. for the fulfilment of legitimate interests, contractual obligations, statutory requirements, or according to the foundation’s statutes (need to know). For instance, we are obligated to grant and document the proper utilisation of foundation resources, including grants from the founder or third-party donations in the form of contributions. Our administrators possess the technical capability to access data processed via IT systems as necessary.
4.2. Data Transfers to Third Parties Â
Your personal data may be disclosed to third parties (such as financial institutions, postal services, telecommunications service providers, or public authorities and institutions, including finance authorities, regulatory bodies, etc.), provided that we are contractually authorised to do so or there is a legal obligation to disclose your data. If compelling circumstances arise, it may be necessary to pass on your data to external consultants, for example to lawyers in the case of legal disputes (legal basis Art. 6 para. 1 subpara. 1 letter f GDPR; purpose and legitimate interest: the exercising, defending or asserting of legal rights) or with auditors, tax consultants, etc.Â
We also transmit personal data to third parties for journalistic or advertising purposes. We will inform you in accordance with legal regulations and, where necessary, obtain your consent.Â
Our data protection officer has extensive rights of control, accorded by Art. 37, 38 GDPR, and therefore, in particular cases, access to personal data (legal basis Art. 6 para. 1 subpara. 1 letter c in conjunction with Art. 37, 38 GDPR).
4.3. Data Transfers to Service Providers Â
In certain areas, such as web hosting and email hosting, we use specialised service providers. These providers are strictly bound by our instructions through an agreement on commissioned data processing and may not process the data for their own purposes and are subject to confidentiality.
4.4. Data Transfers to Third Countries Â
We do not transfer your personal data to countries outside the European Economic Area (EEA), also known as ‘third countries,’ without implementing appropriate safeguards. However, it should be noted that third countries do not necessarily provide a data protection level equivalent to that within the EU.Â
We only transfer your personal data if:Â
- The Commission has issued an adequacy decision for the third country or recipient in that third country.Â
- The recipient provides guarantees for the protection of personal data as per Art. 46 GDPR (including any necessary additional measures).Â
- You have given explicit consent to the transfer after being informed of the risks, in accordance with Art. 49 para. 1 GDPR.Â
- The transfer is necessary for the fulfilment of contractual obligations between you and us.Â
Guarantees under Art. 46 GDPR may include so-called standard contractual clauses or binding corporate rules by which the recipients assure sufficient data protection to ensure a level of protection comparable to that GDPR. We are happy to provide you with further information upon request. Â
If in special cases (e.g., co-operative events with partners outside of the EU), your data will be transferred to third countries, we will inform you of this and, if required, also separately about the legal basis and level of data protection.
 5. Automated decision-making, profiling
Your data will not be used for automated decision-making or profiling.
6. Retention and Deletion
We process and store your personal data as long as it is necessary to fulfil our contractual or legal obligations, or our legitimate interests. If the data is no longer required for compliance with legal obligations (e.g., tax or commercial obligations), it will be deleted, unless further processing is necessary for the preservation of evidence or for the defence of legal claims against us unless processing is based on your consent. In this case, we will store your data until you withdraw your consent.
7. Your rights and Control Options
You have the following rights, which you can exercise at any time:Â
Your right to withdraw consent under Art. 7 para. 3 GDPR. You can withdraw your consent at any time, without stating reasons, with future effect.Â
Your right of access to information and to a copy under Art. 15 GDPR. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of the right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, and information about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.Â
Your right to rectification under Art.. 16 GDPR. You can request correction if your data is incomplete or inaccurate.Â
Your right to erasure under Art. 17 GDPR. Your data can be deleted if it is no longer necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims.Â
Your right to restriction of processing under Art. 18 GDPR. You may request that we process your data only in a restricted form, for example, if you believe the data is inaccurate, the processing is unlawful but you oppose deletion, or you need the data for the establishment, exercise, or defence of legal claims, or you have objected to processing under Art. 21 GDPR.Â
Your right to data portability under Art. 20 GDPR. You can request that we transfer data you provided to us in a structured, common, and machine-readable format or transfer it to another data controller.Â
If you want to exercise these rights, you can simply write to datenschutz(at)hpc-office.com.com or click on the unsubscribe link in any email newsletter to unsubscribe. If we call you, you can also communicate this to us directly.Â
You also have the right to complain to a data protection supervisory authority about our processing of your personal data, for example to the supervisory authority whom we answer to: Die Landesbeauftragte fĂĽr den Datenschutz und fĂĽr das Recht auf Akteneinsicht, Stahnsdorfer Damm 77, 14532 Kleinmachnow, Tel: +49 (0)33203 356-0, Fax: +49 (0)33203 356-49, Email: poststelle(at)lda.brandenburg.de. Â
If you have questions or requests regarding data protection, you can contact us at any time. Your contact is: datenschutz(at)hpc-office.com.
8. Your right to object to data processing
Information on Your Right to Object Pursuant to Art. 21 GDPR:Â
In addition to the rights mentioned earlier, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation provided that such processing is carried out on the basis of Art. 6 para. 1 subbara. 1 letter f GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data, unless we can demonstrate circumstances that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.Â
You also have the right to object at any time to the processing of your personal data for direct marketing purposes (including subscribing to our newsletter) without incurring any costs other than the transmission costs at the basic rates. This also applies to the creation of user profiles (so-called ‘profiling’) insofar as it is associated with direct marketing. If you object, we will no longer process your personal data in the future.Â
You can submit your objection informally to datenschutz@hpc-office.com. Please note that you may not be able to use our services, or they may be available to you only in a limited capacity, if you object to the use of certain data.
Cookies and Third-Party ContentÂ
Information about Third-Party Content Â
We incorporate third-party content into our website based on your consent in accordance with Art. 6 para. 1 subpara. 1 letter a GDPR, as well as for our legitimate interests under Rt. 6 para. 1 subpara. 1 letter f GDPR. This may include, for example, videos to enhance the functionality of our pages for our users by providing services offered by other providers, such as YouTube videos or Google Maps.Â
Further information can be found in the privacy policy for MyFonts Counter: https://www.myfonts.com/legal/website-use- privacy-policy/. Â
9. Cookies
When using our services, usage data is generated as part of so-called ‘web tracking.’ This means that the behavior of certain users can be traced pseudonymously to improve our services, personalize them, and optimize the display of advertising. To achieve this, we also use cookies and similar technologies.Â
What are cookies? Cookies are small text files containing information that are stored on your device. They are typically used to associate a specific action or preference with a user on a website without identifying the user personally or disclosing their identity.Â
Cookies are not inherently good or bad, but it is essential to understand what you can do about them and make your own decisions regarding your data.Â
We use the following types of cookies, and their scope and functionality are explained below: session cookies and persistent cookies.Â
Session cookies are automatically deleted when you close your browser, especially for session cookies. They store a so-called session ID, which allows various requests from your browser to be associated with the same session. This enables your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.Â
Persistent cookies are also initially stored when you close your browser and are then automatically deleted after a certain period, which can vary depending on the cookie. You can also delete the cookies in your browser’s security settings at any time.Â
Purposes and Legal BasesÂ
The use of these technologies serves to make your use of our services more pleasant. Â
MyFonts CounterÂ
We have integrated MyFonts webfonts and MyFonts Counter, services of MyFonts, Inc. 500 Unicorn Park Drive, Woburn, MA 01801, USA. Due to the licence terms, MyFonts requires us to allow recognizing pageviews by counting the number of visits to the website and transferring them to MyFonts in the US. The purpose is to prevent illicit use of MyFonts web fonts, implemented on our website. When accessing our website a Java script code runs. To prevent the running of Java Script code altogether, you can install a Java Script blocker (e.g. www.noscript.net). Â
The use of MyFonts Counter is based on our legitimate interests according to Art. 6 para. 1 lit. f. GDPR and § 25 para. 2 No. 2 TTDSG. Further information on MyFonts Counter can be found in the MyFonts privacy policy at http://www.myfonts.com/info/terms-and-conditions/#PrivacyÂ
Borlabs CookieÂ
This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consent. The borlabs cookie stores the consent you gave when you entered the website. If you wish to withdraw your consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again.Â
The legal basis is Art. 6 para. 1 subpara. 1 letter f GDPR (legitimate interest) in obtaining and managing legally required consents.Â
Consent-based ToolsÂ
Additionally, with your consent, we use these technologies to statistically track the use of our website and embed third party content on our website.Â
You can withdraw your consent at any time for the future via the cookie management tool. You can access the tool at any time by clicking the ‘Cookie Settings’ button at the bottom of the website to review and adjust your consent settings. There, you can also find more information about cookies and third-party content.Â
Information on Our Presence on Social Media PlatformsÂ
We maintain so-called fan pages, accounts, or channels on the social networks listed below to provide you with information and offers within social networks, as well as to offer you additional ways to contact us and learn about our offerings. Below, we inform you about the data we or the respective social network process when you access and use our fan pages/accounts.Â
If you want to contact us via messenger or direct message through the respective social network, we typically process your username through which you contact us and may store other data provided by you as necessary for processing/answering your inquiry.Â
The legal basis for this processing is Art. 6 para. 1 subpara. 1 letter f GDPR (processing is necessary for the legitimate interests of the data controller). Additionally, your consent to data processing by the social network is required under Art. 6 para. 1 subpara. 1 letter a GDPR in conjunction with Art. 7 GDPR.Â
We receive automated statistics provided by Insights functionality regarding our accounts. The statistics include, among other things, the total number of page views, likes, page activities, post interactions, reach, video views, and information about the gender distribution among our fans/followers.Â
The statistics only contain aggregated data that cannot be attributed to individual persons. They are not identifiable to us in this way.Â
Which data the social networks process from youÂ
To view the content of our fan pages or accounts, you do not need to be a member of the respective social network, and no user account for the respective social network is required.Â
Please be aware, however, that social networks may collect and store data from website visitors without user accounts when the respective social network is accessed (e.g., technical data to display the website) and may use cookies and similar technologies, over which we have no influence. Further details can be found in the data protection policies of the respective social network (see the relevant links above).Â
If you wish to interact with the content on our fan pages/accounts, such as commenting, sharing, or liking our posts, and/or if you want to contact us via messenger functions, prior registration with the respective social network and the provision of personal data are required.Â
We have no control over data processing by the social networks during your use of their services. To the best of our knowledge, your data is primarily stored and processed in connection with the provision of the respective social network’s services. This includes the analysis of user behavior (using cookies, pixels/web beacons, and similar technologies) to display interest-based advertising within and outside the respective social network. It cannot be ruled out that your data may be stored by the social networks outside the EU/EEA and shared with third parties.Â
Information, among other things, regarding the exact scope and purposes of processing your personal data, storage duration/deletion, as well as guidelines for the use of cookies and similar technologies in the context of registration and use of social networks, can be found in the data protection policies/cookie guidelines of the social networks. There, you will also find information about your rights and options for objection.Â
Facebook PageÂ
When visiting our Facebook page, Facebook (Meta) collects, among other things, your IP address and other information that is present on your PC in the form of cookies. These pieces of information are used to provide us, as the operator of the Facebook page, with statistical information about the use of the Facebook page. Further information on this can be found on the following link: https://facebook.com/help/pages/insights.Â
Through the transmitted statistical information, we are unable to draw conclusions about individual users. We only use this information to respond to the interests of our users, continually improve our online presence, and maintain its quality.Â
We only collect your data through our fan page to facilitate communication and interaction with us. This collection typically includes your name, message content, comment content, and the profile information you have provided as ‘public.’Â
The processing of your personal data for the purposes mentioned above is based on our legitimate business and communication interest in offering an information and communication channel, in accordance with Art. 6 para. 1 subpara. 1 letter f GDPR. If, as a user, you have given your consent to the social network provider for data processing, the legal basis for the processing extends to Art. 6 para. 1 subpara. 1 letter a, Art. 7 GDPR.Â
Due to the fact that the actual data processing is carried out by the social network provider, our access to your data is limited. Only the social network provider is authorized to fully access your data. Therefore, only the provider can effectively take and implement appropriate measures to fulfil your user rights (requests for information, deletion requests, objections, etc.). The assertion of corresponding rights is most effective when made directly to the respective provider.Â
We share joint responsibility with Facebook for the personal content of the fan page. Data subjects’ rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.Â
Under the GDPR, the primary responsibility for the processing of Insights data lies with Facebook, and Facebook fulfils all obligations under the GDPR concerning the processing of Insights data, while Meta Platforms Ireland Ltd. provides the core information for page insights to the data subjects.Â
We do not make decisions regarding the processing of Insights data and the storage duration of cookies on user devices.Â
For more information, please refer directly to Facebook (Supplementary Agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.Â
For more details on the exact scope and purposes of processing your personal data, storage duration/deletion, as well as guidelines for the use of cookies and similar technologies during registration and usage, please refer to Facebook’s data protection policies/cookie guidelines: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 https://www.facebook.com/policies/cookiesÂ
Instagram PageÂ
When visiting our Instagram page, Instagram (Meta) collects, among other things, your IP address and further information stored in the form of cookies on your computer. These pieces of information are used to provide us, as the operator of the Instagram page, with statistical information about the usage of the page. Further information can be found at the following link: Facebook Help – Pages Insights.Â
The statistical information provided by Instagram does not allow us to draw conclusions about individual users. We use this information solely to cater to the interests of our users, continually improve our online presence, and maintain its quality.Â
The data we collect through our fan page is used solely for communication and interaction with you. This typically includes your name, message content, comments, and the profile information you have made publicly available.Â
The processing of your personal data for the purposes mentioned above is based on our legitimate business and communicative interests in offering an information and communication channel, as stipulated in Art. 6 para. 1 subpara. 1 letter f GDPR. If, as a user, you have given consent to the respective social network provider for data processing, the legal basis for processing is Art. 6 para. 1 subpara. 1 letter a and Art. 7 GDPR.Â
Since the actual data processing is carried out by the social network provider, our access to your data is limited. Only the social network provider is authorized to have complete access to your data. Therefore, measures to exercise your user rights (such as requests for information, deletion requests, objections, etc.) are most effectively carried out directly with the respective provider.Â
We share joint responsibility with Instagram for the processing of personal content on the fan page. Data subject rights can be exercised with Meta Platforms Ireland Ltd. and with us.Â
The primary responsibility for the processing of Insights data lies with Instagram under the GDPR, and Instagram fulfils all obligations under the GDPR regarding the processing of Insights data. Meta Platforms Ireland Ltd. provides essential Insights data to the data subjects.Â
We do not make decisions regarding the processing of Insights data and the storage duration of cookies on user devices.Â
For more details, please refer to Instagram’s Supplemental Agreement with Facebook. For precise information on the scope and purposes of the processing of your personal data, data retention/deletion, and cookie policies, please consult Instagram’s Privacy Policy and Cookie Policy. You can also access this information in the Help Center on the Instagram website.Â
LinkedIn PageÂ
LinkedIn is a social network operated by LinkedIn Inc., based in Sunnyvale, California, USA. It allows individuals to create private and professional profiles, as well as profiles for companies. Users can maintain existing contacts and establish new ones within the social network. Companies and other organizations can create profiles where they can upload photos and other company information to present themselves as employers and hire employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The network primarily focuses on professional exchanges on topics of interest with individuals who share similar professional interests.Â
When users visit or use the network, LinkedIn automatically collects data from users and visitors, such as usernames, job titles, and IP addresses. This data collection is facilitated through various tracking technologies. LinkedIn provides users with information, offers, and recommendations based on the data collected.Â
Through our company profile, we only collect your data to facilitate communication and interaction with us. This generally includes your name, message content, comment content, and the profile information you have made publicly available.Â
The processing of your personal data for the purposes mentioned above is based on our legitimate business and communicative interests in offering an information and communication channel, as stipulated in Art. 6 para. 1 subpara. 1 letter f GDPR. If you, as a user, have given your consent to the data processing with the respective social network provider, the legal basis for the processing extends to Art. 6 para. 1 subpara. 1 letter a and Art. 7 GDPR.Â
Due to the fact that the actual data processing is carried out by the social network provider, our access to your data is limited. Only the social network provider is authorized to have full access to your data. Therefore, the social network provider can take the necessary actions to fulfil your user rights (such as requests for information, deletion, objections, etc.). The most effective way to exercise such rights is to contact the respective social network provider directly.Â
We share joint responsibility with LinkedIn for the personal content on our company profile. You can assert your rights with LinkedIn Inc. and with us.Â
We do not make decisions regarding the data collected via tracking technologies on LinkedIn’s page.Â
For more information about LinkedIn, please visit: https://about.linkedin.com. For further details on data privacy at LinkedIn, you can refer to: https://www.linkedin.com/legal/privacy-policy. For information on data retention/deletion, as well as guidelines on the use of cookies and similar technologies related to registration and use on LinkedIn, you can check: https://de.linkedin.com/legal/cookie-policy?trk=homepagebasic_footer-cookie-policy.Â
Update on: 14.01.25