Data Protection

You can use our website anonymously. When you visit our website, your web browser will tell our web server your IP address to make communication possible. It may be possible to identify you via your IP address. 

Each time you access the Internet offer of the Hasso Plattner Institute for Digital Engineering gGmbH, the following data is stored in the server log files: 

• Name of the retrieved file
• Date and time of retrieval
• Volume of data transferred
• Notification of whether the retrieval was successful
• IP address (in abbreviated form so that you are not identifiable)
• The web address from which the file was accessed (referrer URL)
• Information about the operating system and browser (user agent string)

You remain completely anonymous to us when you visit our website. This anonymous data is evaluated for statistical puposes only.

Error messages—which as a rule are the result of attempted attacks—are recorded and evaluated with a complete IP address for security reasons. If no longer needed (for example, as evidence), this data will be deleted after seven days.

The legal basis for data processing is Art. 6 para. 1 subpara. 1 letter f GDPR. Legitimate interests in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR are to ensure the functionality and security of our website and to ward off attacks and other abuses.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on the site, operating systems used and the user's origin. This data is combined in a user ID and assigned to the respective end device of the website visitor.

Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

This service is used on the basis of your consent in accordance with Art. 6 (1) a GDPR and Section 25 (1) TDDDG. Consent can be revoked at any time. Data transmission to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Each DPF-certified company is committed to complying with these data protection standards. Further information can be obtained from the provider at the following link: www.dataprivacyframework.gov/participant/5780. 

IP anonymization

Google Analytics IP anonymization is activated. This means that your IP address will be truncated by Google within the area of member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
 

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de
 

Contract data processing

We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

Usage statistics with Matomo

This website uses the open-source web analysis service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of our website by you. For this purpose, the information generated by the cookie about the use of our website is stored on our server. The IP address is anonymized before it is stored. The purpose of the processing is to improve our website and our services and to design them to meet user needs.

The information generated by the cookie about the use of our website will not be disclosed to third parties. You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.

If you do not agree to the storage and use of your data, you can also deactivate the storage and use here. In this case, an opt-out cookie will be stored in your browser that prevents Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated the next time you visit our site.

The legal basis for the data processing is Art. 6 para. 1 subpara. 1 lit. f GDPR. Legitimate interests in the processing on the basis of Art. 6 para. 1 subpara. 1 lit. f GDPR are our and your interest in providing an appealing and helpful website and needs-based services and the better marketing of our services.

If you call us or send us a message, for example via the contact form or by email, we need your email address, your postal address or your telephone number to provide you an answer. Instead of your name, you may use a pseudonym. We will only use this information, as well as date and time of your contact, to process your request. Your data will not be passed on to third parties by us, but only used internally by the department that is responsible for your concern. We will delete your data as soon as it is no longer needed for this purpose. As a rule, this is three months after your last contact with us. If you should have any questions, please notify us again within this three month period. The legal basis for the processing of data are Art. 6 para. 1 subpara. 1 letters b and f GDPR. The legitimate interests in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is to fulfill your request.

Exceptions: We are required to store business and commercial letters and other tax-relevant documents in order to fulfill the commercial and tax law archiving obligations. We will delete these documents by the 31^st of March of the seventh calender year following their creation and, in the case of accounting receipts, the eleventh calender year following their creation. Our accounting department has access to these data. The legal basis for the tax law retention is Art. 6 para. 1 subpara. 1 letter c GDPR in connection with §§ 147 AO, 257 HGB.

If your request is for a specific purpose (e.g., registration, request for a quotation, subscribing to the newsletter), only the explanations in the relevant section for that particular purpose apply to the processing of data.

If you register for our newsletter, we need your email address in order to send you the newsletter. All other data is optional. Your data will not be passed on to third parties, and we use it solely for our newsletter and for customer service to contact you individually (as far as this is legally permissible), if applicable, after the research of further data, to make you offers and to clarify your need for our services. You will first receive an email with a link that you must click to confirm that you wish to receive the newsletter (“double opt-in”). In this way we prevent unauthorized persons from subscribing to the newsletter in your name. Additionally, we store your registration for the newspletter and your confirmation to prove that you have registered. Evaluations on the use of our newsletter are always carried out anonymously. For the purpose of sending you the newsletter, we will store your data until your consent is revoked or until the newletter is finally discontinued. In the interest of customer service we will delete your data in the event of your objection or by 31 March of the fifth calender year following your last login, request for quotation, or expression of interest; this is for the purpose of proof of consent by 31 March of the fourth calendar year following the last newsletter dispatch. If you do not confirm your newsletter registration, we will delete your data after 24 hours. Therefore please confirm your registration (“double-op-in”) within 24 hours otherwise you will be required to register again. Our communications department and our customer service have access to your data, and our legal department if required

We also use commercially available technologies in our newsletters to measure your interactions with the newsletters (eg, email opening, clicked links, unsubscribes, approximate location by IP address). We use this data in pseudonymous form for general statistical evaluations as well as for the optimization and further development of our content and our communication with you. This is done with the help of small graphics that are embedded in the newsletter (so-called pixels). The data are collected exclusively pseudonymized and also not linked with your other personal data. Legal basis for this is our aforementioned legitimate interest acc. Art. 6 para. 1 sentence 1 lit. f DSGVO. Through our newsletter, we want to share the most relevant content for you and better understand what readers are actually interested in. If you do not want to analyze the usage behavior, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default. The data for the interaction with our newsletters are stored pseudonym for 30 days and then completely anonymized.

The legal basis of processing for the purpose of sending the newsletter is Art. 6 para. 1 subpara. 1 letter a GDPR. The legal basis of processing for the purpose of proof of consent is Art. 6 para. 1 subpara. 1 letter c in conjunction with Art. 5 para. 2 GDPR, Art. 7 para. 1 GDPR and Art. 24 para. 1 GDPR and Art. 6 para. 1 subpara. 1 letter f GDPR. For processing for the purpose of customer service is the legal basis Art. 6 para. 1 subpara. 1 letter f GDPR. Legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR are the promotion of the sale of our products and services, appropriate advertising as well as proof of your consent, i.e., the defense against legal claims.

When you register for an event, sign up or apply, we need specific information from you, depending on the nature of the service. The registration, application and / or offer form indicates which information is required and which is voluntary. If you contact us informally and the necessary information is missing, we will contact you or request the information from you. Your data will not be shared with third parties. Any exceptions (for example, at co-operative events) are clearly stated at the time of registration.

We use your data solely for the processing of your request, and the handling of the application, registration, event, training and complaints process, for customer service, and in particular (as far as this is legally permissible), if applicable, after the research of further data—to contact you to present offers and clarify your need for our services, to send you advertisements on similar trainings, events and services (including via e-mail) and to prove that we may send you this advertising.

In connection with events and training programs you also have the possibility to provide us with information regarding any special needs (e.g., food intolerances and allergies) if applicable. In this case, we ask for your explicit consent regarding data processing. The data will be processed solely in connection with the event or training program. In certain cases it may be necessary to pass on this information to third parties who carry out the respective service (e.g., to the caterer, the hotel, etc). Again, we will ask for your consent.  Your consent and provision of information are voluntary. However, in the case that you do not give consent or supply information about your needs, we will be unable to take them into account. The legal basis of processing is Art. 9 para. 2 letter a GDPR. The data will be deleted by us no later than three months after the end of the event.

Contingent upon your consent, we will use the participant information at events and training programs also for networking between participants and to document the events for attendees, for example, by providing or circulating participant lists. The legal basis of processing is Art. 6 para.1 subpara. 1 letter a of the GDPR. The data will be deleted by us no later than three months after the end of the event.

When explicitly stated, we use the participant information at events and training programs to also document the event in photo and film recordings. This material can also be used for advertising and for public relations purposes by the Hasso Plattner Institute for Digital Engineering gGmbh or for networking between participants, as well as to document the event or participant training. In doing so, the Hasso Plattner Institute for Digital Engineering gGmbh ensures that either those parts where the participant has given consent to be photographed or filmed explicitly or at least implicitly are sufficiently large and that those parts where there is no express or at least implied consent to being photographed or filmed are clearly recognizable, or that the participant can indicate his or her objection by a visually recognizable sign, such as a  name tag or a bracelet in a certain color, which the Hasso Plattner Institute for Digital Engineering gGmbh will observe independent of the applicable legal requirements under Art. 21 GDPR. The legal basis of processing is Art. 6 para 1 subpara. 1 letter f of the GDPR. Legitimate interests are the documentation and promotion of the work of the Hasso Plattner Institute for Digital Engineering gGmbh, as well as the public relations work and advertising for the Hasso Plattner Institute for Digital Engineering gGmbH and its events and training programs, as well as the networking between the participants and the documentation of the events or training for the participants. We assume that there is no infringement upon your interests, rights and freedoms because of the possibility to opt out of the recordings without significant limitations. The processing is generally carried out for an unlimited period. However, the event or training program will be reexamined at the latest by 31 December of the following year to determine whether the photo or film recordings are still needed, and, if so, whether a limitation can be placed on the processing. If the review reveals that due to the significance of the event or the training program or the recording, it is not possible to limit the processing of the data at the present time, a further reexamination will be made by 31 December of the tenth year following the respective last review. These images can potentially be made accessible to everyone.

Due to tax and commercial reasons, we are compelled to save your registration and, if applicable, any associated communication as well as invoice and payment data. We will delete your data as soon as it is no longer needed for this purpose. We are required to retain business and commercial letters and other tax-relevant documents to fulfill our commercial and tax law archiving obligations. We will delete this data by 31 March of the seventh calender year following their creation, and in the case of accounting documents by the eleventh calender year after their creation. In the interest of handling applications, registrations, events, trainings and claims, your data will be deleted three months after the end of the event or training. For customer service (including the processing of your enquiry) your data will be deleted in the event of your objection or by 31 March of the fifth calender year after your last application, registration, event or training participation, request for information or an offer or expression of interest. For the purpose of promotional mailings your data will be deleted in the event of your objection or we if definitively cease promotional mailings. For the purpose of proof of your registration and in a similar sense for the advertised events, trainings and services or for proof of consent your data will be deleted by 31 March of the fourth calender year that follows the last promotional mailing. Our communications department, our customer service and our accounting department have access to your data and, if necessary, the legal department

The legal basis of data processing is Art. 6 para. 1 subpara. 1 letter a (as far as consent is granted), letter b (for the processing and handling of your request, application or registration including the implementation of the contract) and f GDPR. The legal basis of processing for providing proof of your request, application or registration, or consent are Art. 6 para. 1 subpara. 1 letter c in conjunction with Art. 5 para. 2 GDPR and Art. 24 para. 1 GDPR, as well as Art. 6 para. 1 subpara. 1 letter f GDPR. The legal basis for the tax retention is Art. 6 para. 1 subpara. 1 letter c GDPR in conjunction with §§ 147 AO, 257 HGB. Legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR are the fulfillment of your request, the promotion of the sale of our services, appropriate advertising, the assertion or exercise of legal rights or the defense against legal claims.

Our website uses offers from third-party providers. These are: Youtube, Vimeo, OpenStreetMap and Google Maps. Normally, your web browser would automatically exchange information with these providers, such as your IP address. To prevent this, we use so-called two-click solutions: To use the offers of third-party providers, you must first activate the data transfer to these third-party providers. No data will be transferred to the third-party provider before you have done this, and you will remain unknown to the third-party provider. If you activate this button, information will be transferred directly from your web browser to the respective provider, over which we no longer have any influence – just as if you were to follow another link to another website. The legal basis is Art. 6 (1) 1 lit. f GDPR; the legitimate interest is your wish to activate and use the third-party content.

The data transmitted in this process includes, for example, the page from which you clicked the button and your IP address. If you are logged in to the provider or the provider can otherwise identify you, for example via cookies stored on your computer, the provider can, for example, link the information that you have visited our website with the other information about you, such as your user account with the provider. If you do not want the provider to associate this information with your other information, you should log out beforehand and preferably also delete the cookies in your web browser.
 

If you transfer data to third-party providers, these are subject to the data protection provisions of these providers. We can no longer guarantee this. Please note that it may be that the country in which the third-party provider is located may not have such strict data protection as ours. You can find out about the data protection provisions of third-party providers on the respective pages of the following plugins and tools:

YouTube with advanced data protection

This website embeds videos from the website YouTube. The website operator is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites that has YouTube embedded in it, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in advanced data protection mode. According to YouTube, videos played in advanced data protection mode are not used to personalize your surfing on YouTube. Ads displayed in advanced data protection mode are also not personalized. No cookies are set in advanced data protection mode. Instead, however, so-called local storage elements are stored in the user's browser, which, similar to cookies, contain personal data and can be used for recognition. You can find more information about the advanced privacy mode here: support.google.com/youtube/answer/171780.

After activating a YouTube video, further data processing operations may be triggered over which we have no influence.

YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If a corresponding agreement has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) DSGVO and Section 25 (1) TDDDG, insofar as the agreement includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The agreement can be revoked at any time. Further information about data protection at YouTube.

Vimeo
 

https://vimeo.com/privacy

Google Maps

This site uses the mapping service Google Maps. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. This service allows us to incorporate map material into our website.

To use the Google Maps features, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of a uniform display of fonts. When you access Google Maps, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: and

 

Open Street Maps

https://www.fossgis.de/datenschutzerklaerung

 

Web fonts

Google Fonts

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you access a page, your browser loads the required fonts into your browser cache to display texts and fonts correctly.

To do this, the browser you use has to establish a connection with Google's servers. As a result, Google learns that your IP address was used to access this website. The use of Google Fonts is based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator's website. If a corresponding agreement has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the agreement includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The agreement can be revoked at any time.

If your browser does not support Google Fonts, a standard font is used by your computer.

Further information about Google Fonts can be found at and in Google's privacy policy: . The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Each DPF-certified company is committed to complying with these data protection standards. For more information, please contact the provider at the following link: https://developers.google.com/fonts/faq
 

Further web fonts

In addition, our website uses fonts (web fonts) from Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA ("Monotype"). If your browser is configured accordingly, your browser will establish a direct connection to Monotype when you access our website, so that Monotype technically needs to know your IP address and other data about your browser that it automatically sends. According to Monotype's privacy policy, this data is stored for 30 days to count page views (on which the compensation we pay depends) and to prevent unauthorized use of the web fonts. You can usually disable web font loading in your browser; then your browser will not connect to Monotype. The legal basis for the processing is Art. 6 para. 1 subpara. 1 lit. f GDPR. Our and your interest in a visually appealing presentation of our website is the legitimate interest. The legal basis for the transmission to the USA is Art. 49 (1) subpara. 1 (processing is necessary for the performance of a contract to which the data subject is party). For more information about Monotype's processing of personal data, please visit: https://www.monotype.com/de/rechtshinweise/datenschutzrichtlinie/datenschutzrichtlinie-zum-tracking-von-webschriften/.

We understand that job applications contain sensitive personal information.

When you apply to us, we process the information we receive from you in the context of the application process. This includes the letter of application, CV, certificates, written correspondence and information received by telephone and in person. Besides your contact information, we attach particular importance to your educational background, working experience and abilities. Without this information we will be unable to regularly determine your suitability for the position and therefore we will be unable to consider your application.

Your data will initially be processed for the application procedure alone. If your application is successful, it will be used as part of your personal file and for the purpose of implementing and terminating your employment relationship, whereby it will then be deleted in accordance with the rules applicable to personal files. If we are currently unable to offer you employment, your data will be processed up to six months after the sending the refusal in order to protect ourselves against possible legal claims, in particular against any alleged discrimination claim in the application process. Insofar, as you are entitled to receive reimbursements or any other tax-related business transaction exists (e.g., a meal invitation), the corresponding accounting documents for the fulfillment of commercial and tax-related retention obligations are saved up to 31 March of the eleventh calender year after payment. In the case of commercial and business letters and other tax-related documents, these are saved up to the seventh calender year after their creation. Initially our human resource department has access to your documents but also, as necessary, the department of the job you applied for, the legal department, and the accounting department. 

The legal basis of the data processing in the application process and as part of the personal file are § 26 para. 1 sent. 1 GDPR und Art. 6 para. 1 subpara. 1 letter b GDPR, and insofar as you have given your consent—for example by sending information that is not required for the application procedure―Art. 6 para. 1 subpara. 1 letter a GDPR. The legal basis of data processing after refusal is Art. 6 para. 1 subpara. 1 letter f GDPR.The legal basis for the commercial and tax law retention is Art. 6 para.1 subpara. 1 letter c GDPR in conjunction with §§ 147 AO, 257 HGB. Legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is the defense against legal claims. The legal basis for the fulfillment of the statuatory rights of the Works Council is Art. 6 para. 1 subpara. 1 letter c GDPR in conjunction with § 80 BetrVG (German Works Council Constitution Act), § 26 para. 1 sent. 1 last clause BDSG (Federal Data Protection Act).

As a rule, we do not require any special categories of personal data for the application in terms of Art. 9 GDPR, such as health data or information about your ethical origin. We ask you at the outset not to provide us with any such information. If such information is particularly relevant to the application, we will process it along with your other application data. This might, for example, concern information about severe disability, which you provide voluntarily and which we are then required to process in fulfillment of our specific obligation with respect to the severely disabled. In this case, the processing serves in exercising the rights or in fulfillment of legal responsibilities arising from labor law, social security law, and social protection. The legal basis of data processing is Art. 9 para. 2 letter b GDPR, §§ 26 para. 3 BDSG (Federal Data Protection Act), 164 SGB (Code of Social Law) IX.

This information applies if you use Microsoft 365 applications together with us. This applies in particular to the use of aMicrosoft Office application such as Teams, SharePoint, Stream, Forms, etc. (hereinafter referred to as M365). MicrosoftAzure is used for the purpose of logging on to HPI applications.
M365 is a productivity, collaboration and exchange platform for individual users, teams, communities and networks thatcan be used across organizational units. When you use M365, personal data about you is processed.
Our contractual partner for the licensing of these applications is Microsoft Ireland Operations Limited, South CountyBusiness Park, One Microsoft Place, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland. This company may transfer data to subcontractors based in the USA, in particular to Microsoft Corporation, One Microsoft Way Redmond, Washington 98052, USA.
If you require information about the processing by us, you can find it under the following links: Privacy Impact Assessment M365, Privacy Policy M365

If you need information about the processing by Microsoft, you can find it under the following link: https://privacy.microsoft.com/en-us/privacystatement