This English translation is not legally binding. In case of doubt, the German version shall prevail.
Body responsible for data processing
HITS gGmbH (Heidelberger Institut für Theoretische Studien)
Represented by: Dr. Gesa Schönberger
Phone: +49 6221 533 533
Fax: +49 6221 533 298
Register court: Amtsgericht Mannheim
Trade register: HRB 337446
Value added tax identification number according to §27a Umsatzsteuergesetz: DE232037958
Contact details of the data protection officer:
Definition of terms
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any process or set of processes that handle personal data, whether or not by automatic means, such as the collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data is not attributed to an identified or identifiable natural person.
“File system”: any structured collection of personal data that is accessible based on specified criteria, whether such collection is maintained in a centralized, decentralized or functional or geographical manner;
“Controller” refers to the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
“Recipient”: a natural or legal person, public authority, agency or other body to whom personal data is disclosed, be it a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as Recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.
“Third party” means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.
“Consent” means the freely given specific, informed and unambiguous indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to them.
We collect and process the following personal data about you:
- contact, address and event information if you have provided us with your contact information,
- online identifiers (such as your IP address, browser type and version, the operating system used, the referrer URL, the file name, the access status, the amount of data transferred, the date and time of the server request, host name of the accessing computer),
- contract data (e.g. subject matter of the contract, contract term, contract category),
- social media identifiers,
- application (via email or the application portal),
- carrying out events,
- video conferences
- sound and image recordings
Purposes of data processing
We process your data for the following purposes:
- for the contact you have requested,
- to inform about our offer,
- to process a contract,
- for advertising purposes,
- for press and communication purposes,
- for sending the email newsletter, provided you have registered for this,
- for quality assurance reasons,
- for our statistics and
- preparation and implementation of virtual events and events in person, recordings, in particular also live streaming and publication of image and sound recordings on social media channels, our website and print media.
Legal basis for the data processing
Your data is processed on the following legal bases:
- your consent as per article 6 (1) a) GDPR,
- for the fulfilment of a contract with you according to article 6 (1) b) GDPR,
- for the purpose of fulfilling legal obligations pursuant to article 6 (1) c) GDPR, or
- for a legitimate interest as per article 6 (1) f) GDPR.
Insofar as we base the processing of your personal data on legitimate interests within the meaning of article 6 (1) f) GDPR, these are
- the improvement of our offering,
- the protection against abuse and
- the keeping of our statistics.
We receive the data from you (including about the devices you use). If we do not collect the personal data directly from you, we will also tell you the source of the personal data and, if applicable, whether it comes from publicly available sources.
When processing your data, we work together with the following service providers who have access to your data:
- web hosting providers,
- management service provider,
- video conferencing service provider,
- payment service provider,
- advertising agencies,
- print service provider,
- catering providers,
- security services,
- social media.
Data is transmitted to third countries outside the European Union. This occurs on the basis of contractual regulations provided for by law, which are designed to ensure adequate protection of your data and which you can view on request.
Duration of the processing
We only store your personal data for as long as is necessary to achieve the purpose of the processing or the storage is subject to a legal retention period.
We will store you data
- once you have consented to the processing at the most until you revoke your consent,
- if we need the data to perform a contract, at most for as long as the contractual relationship with you exists or statutory retention periods continue,
- if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymization does not outweigh this.
You have the right – in part under certain conditions,
- to request information about the processing of your data free of charge and to receive a copy of your personal data. You can request information about, among other things, the purposes of the processing, the categories of personal data that is processed, the recipients of the data (if a transfer takes place), the duration of the storage or the criteria for determining the duration;
- to correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of the processing;
- to have your data deleted or blocked. Reasons for the existence of a right to deletion/blocking may include revoking of the consent on which the processing is based, the data subject objects to the processing, the personal data have been processed unlawfully;
- to have the processing restricted;
- to object to the processing of your data;
- to revoke your consent to the processing of your data in the future; and
- to file a complaint to the competent supervisory authority about unlawful data processing.
Further information on data protection
The contact form on our website is an easy way to contact us quickly. Some fields are marked as mandatory so that we can contact you. By filling in the fields and selecting “Send”, you agree that your data will be sent to us by email with the message. The data is not stored on the web server.
If you subscribe to our newsletter, we will use the data required for this purpose or separately provided by you to send you our email newsletter on a regular basis. Unsubscribing from the newsletter is possible at any time with effect for the future and can be done either by sending a message to the contact option described above or via the unsubscribe link provided in the newsletter.
We have taken extensive technical and organizational measures to protect your data against possible threats, such as unauthorized access and viewing, modification or dissemination, as well as against loss, destruction or abuse. To protect your personal data from unauthorized access by third parties during transmission, we secure data transmissions using SSL encryption where necessary. This is a standardized encryption procedure for online services, especially for the web.
Every time you access our website, the respective internet transmits usage data that is stored in log files, the so-called server log files. The data records stored in the process contain the following data:
- date and time of the retrieval
- IP address of the accessing computer
- website(s) visited by the user within the framework of the offer
- data volume transferred
- browser type and version, possibly the operating system used
- message whether the retrieval was successful
These log file data records are evaluated in order to improve the offer and make it more user-friendly, to find and correct errors, and to control the utilization of the servers.
We are pleased that you want to apply for a job with us. In the following, we would like to explain how we process the personal data you provide to us as part of the application process.
What data do we process? As part of the application process, we collect and process personal data that you provide to us, namely contact and address information, your application photo, information about your career to date, your schooling and vocational training.
The purpose of the processing is to carry out the application process and the selection of the applicant.
On what legal basis do we process your data? Article 6 (1) (b) GDPR, namely the implementation of pre-contractual measures, serves as the legal basis.
We receive the data from you. If we do not collect the personal data directly from you, we will also tell you the source of the personal data and, if applicable, whether it comes from publicly available sources.
Is your data transmitted to third parties? As part of the application process, data may be transferred to service providers, group companies and affiliated businesses. Data is only ever shared with third parties within the legally permissible framework and insofar as this is necessary for the implementation of the application process.
Storage duration: We only store your personal data for as long as is necessary to achieve the purpose of the processing or the storage is subject to a legal retention period. In the event that we are unable to offer you a job as a result of the application process, we will delete the data collected in our systems six months after the end of the application process.
Your rights: You have the right to a) request information about the processing of your data free of charge, b) receive a copy of your personal data and c) to correct your data. Should your personal data be incomplete, you have the right, while taking into consideration the processing purposes, to complete the data, to have your data deleted or blocked, to have the processing restricted, to object to the processing of your data, to revoke your consent to the processing of your data in the future.
In the event of revocation for sound and image recordings, we will remove the images and videos from all websites that we have access to. In the case of group photos, only individual persons are anonymized. Please note that the revocation of consent does not apply to printed media that have already been printed and distributed. Furthermore, it must be taken into account that photos and film recordings can be accessed worldwide when published online or on social networks. Any further use and/or modification by third parties cannot be ruled out. A total deletion of the published photos and video recordings on the internet can therefore only be ensured on the pages of the responsible party.
We distinguish between the following types of cookies:
First-party cookies: First-party cookies are transferred from the platform just visited.
Third-party cookies: Third-party cookies are cookies that are transferred from a provider other than the platform the user visited. When a user accesses a platform and another entity transmits a cookie through that platform, it is a third-party cookie.
Absolutely essential cookies: These cookies are necessary for you to navigate the platform and to use its features, such as accessing secure areas of the platform. Without these, certain services cannot be provided, such as the display of content that is customized for your computer or device.
Performance cookies: These cookies collect information about how visitors use the platform, such as which pages are accessed most frequently and whether they receive error messages from websites. However, these cookies do not collect any information about the visitor’s identity. All information collected by these cookies is aggregated and hence anonymous. They are only used to optimize the platform.
Functionality cookies: These cookies allow the platform to remember the choices you have made (e.g. language preferences and your region) and to provide you with enhanced, further personalized features. They can also be used to save your settings regarding text size, font and other customizable parts of the website. They may also be used to provide services you request, such as playing a video or commenting on a blog. The information that these cookies collect can be made anonymous. Your browsing activities cannot be tracked on other platforms.
Social Media cookies: These cookies are used when you click a social media sharing button on the platform. The social network records this action and may use it for marketing or advertising purposes.
How can you manage and delete cookies?
We use “Matomo” (formerly PIWIK) on this website for statistical analysis. It is an open source tool for web analysis.
The information that Matomo generates about the use of this website is only transmitted to our server. Matomo is generally deactivated when you visit our website. Only once you actively consent will your usage behavior be recorded anonymously.
Matomo uses so-called cookies. These are text files that are stored on your computer and allow us to analyze the use of our website. To this end, the information on usage obtained by the cookie is transmitted to our server and stored so that the usage behavior can be evaluated. Your IP address is made anonymous immediately; this means that you remain anonymous as a user. The data records stored in the process contain the following data:
- date and time of the retrieval
- website(s) that the user visits within the scope of the offer
- browser type and version, possibly the operating system used
- name of the internet service provider
- domain from which the user accesses the website
The information generated by the cookie about your use of this website is not shared with third parties. Analysis is part of our internet service. We wish to continuously improve our website.
Our website uses the cookie consent technology from Borlabs to obtain your consent to the storage of certain cookies in your browser and to document this in a data protection compliant manner. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs).
When you visit our website, a Borlabs cookie is stored in your browser, which saves the consents you give or the revocation of these consents. This data is not shared with the Borlabs cookie provider. The Borlabs cookie does not process any personal data. Should you wish to revoke these consents, simply delete the cookie in your browser.
This social network is a service provided by the service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”). We use YouTube’s extended data protection settings to integrate videos without recording user behavior with cookies and so that technical data from the user’s accessing system is not passed on to Google. When you start a video (clicking on a video), YouTube receives the information that you have accessed the corresponding sub-page of our website. The data obtained is transferred to the USA and stored there. This also occurs without a Google user account. If you are logged into your Google account, Google can assign the above data to your account. If you do not wish this to happen, you must log out of your Google account. Google creates user profiles based on such data and uses this data for the purposes of advertising, market research or website optimization. Further information on the protection of personal data by Google is available at https://policies.google.com/privacy?hl=de.
We make use of blogs and publications (hereinafter “publication medium”). Readers’ data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. Incidentally, we would like to refer to the information provided by SciLogs: https://www.spektrumverlag.de/datenschutzerklaerung-scilogs/.
Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored on the basis of our legitimate interests. This is done for our security reasons in case someone leaves unlawful content in the comments and posts (e.g. insults, forbidden political propaganda). In this case, we may be prosecuted for the comment or post and are therefore interested in the author’s identity. Furthermore, we reserve the right to process the user’s details for the purpose of detecting spam based on our legitimate interests.
We will store the personal information provided in the context of comments and contributions, any contact and website information as well as the content-related information until the user objects.
We use the provider Vimeo to embed videos. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, NY 10011, USA. On our website, we do not use any plug-ins from the provider Vimeo. Further information on data processing and privacy notices by Vimeo can be found at https://vimeo.com/privacy.
Photos and film footage
Photographs, group photos and films (incl. audio recordings) are taken/ recorded to support public relations work, media accompaniment of conferences, events and other HITS activities. These recordings are usually published on our websites, social media channels and in print media.
We have concluded an order processing contract and standard contractual clauses with the Zoom provider and implement the requirements of the data protection authorities when using Zoom.
We and our representatives offer various events, such as workshops, lectures and conferences, which are presented under the heading “Events”. For some of these offers, we ask for registration in advance, in the course of which mandatory information is requested. In particular, these include the name, title, email, address, data required for participating in and implementing the event. You will find a detailed overview in the respective registration form. The data will be processed for the purpose of fulfilling contractual obligations, including for billing purposes and for the creation of supporting material for the event, such as participant lists. We will use the email address provided during registration to contact you to send information about the relevant event as well as important changes, for example in range of offers or due to technical requirements.
We will store the data collected during registration until the purpose of processing the data no longer applies or it is no longer required for the purpose. Unless the data is deleted because it is required for other and legally permissible reasons, the processing of it will be limited to these purposes. Accordingly, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural person or legal entity. In the event that users request the deletion of their personal data, their data will be deleted subject to a legal obligation to retain it. This does not apply to data that has already been printed and distributed.
In this regard, we refer to the GTC and the data protection information ( https://www.paypal.com/de/webapps/mpp/ua/privacy-full) of the payment service provider PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details are located here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Moreover, you have the option to pay the participation fee via bank transfer. The payment information you enter with your payment service provider, in particular the account data, is processed and stored there. We receive your account-related information and the amount of the payment from your payment service bar.