The legal basis for data processing is Art. 6 para. 1 subpara. 1 letter f GDPR. The legitimate interests in processing on the basis of Art. 6 para.1 subpara. 1 letter f GDPR are to ensure our and your interest are served in providing an attractive and helpful website and needs-based services and the better sales of our services.
2.4. Data processing in connection with general contact
If you call us or send us a message, for example via the contact form or by email, we need your email address, your postal address or your telephone number to provide you an answer. Instead of your name, you may use a pseudonym. We will only use this information, as well as date and time of your contact, to process your request. Your data will not be passed on to third parties by us, but only used internally by the department that is responsible for your concern. We will delete your data as soon as it is no longer needed for this purpose. As a rule, this is three months after your last contact with us. If you should have any questions, please notify us again within this three month period. The legal basis for the processing of data are Art. 6 para. 1 subpara. 1 letters b and f GDPR. The legitimate interests in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is to fulfill your request.
Exceptions: We are required to store business and commercial letters and other tax-relevant documents in order to fulfill the commercial and tax law archiving obligations. We will delete these documents by the 31st of March of the seventh calender year following their creation and, in the case of accounting receipts, the eleventh calender year following their creation. Our accounting department has access to these data. The legal basis for the tax law retention is Art. 6 para. 1 subpara. 1 letter c GDPR in connection with §§ 147 AO, 257 HGB.
If your request is for a specific purpose (e.g., registration, request for a quotation, subscribing to the newsletter), only the explanations in the relevant section for that particular purpose apply to the processing of data.
2.5. Data processing in connection with subscribing to the newsletter
If you register for our newsletter, we need your email address in order to send you the newsletter. All other data is optional. Your data will not be passed on to third parties, and we use it solely for our newsletter and for customer service to contact you individually (as far as this is legally permissible), if applicable, after the research of further data, to make you offers and to clarify your need for our services. You will first receive an email with a link that you must click to confirm that you wish to receive the newsletter (“double opt-in”). In this way we prevent unauthorized persons from subscribing to the newsletter in your name. Additionally, we store your registration for the newspletter and your confirmation to prove that you have registered. Evaluations on the use of our newsletter are always carried out anonymously. For the purpose of sending you the newsletter, we will store your data until your consent is revoked or until the newletter is finally discontinued. In the interest of customer service we will delete your data in the event of your objection or by 31 March of the fifth calender year following your last login, request for quotation, or expression of interest; this is for the purpose of proof of consent by 31 March of the fourth calendar year following the last newsletter dispatch. If you do not confirm your newsletter registration, we will delete your data after 24 hours. Therefore please confirm your registration (“double-op-in”) within 24 hours otherwise you will be required to register again. Our communications department and our customer service have access to your data, and our legal department if required
We also use commercially available technologies in our newsletters to measure your interactions with the newsletters (eg, email opening, clicked links, unsubscribes, approximate location by IP address). We use this data in pseudonymous form for general statistical evaluations as well as for the optimization and further development of our content and our communication with you. This is done with the help of small graphics that are embedded in the newsletter (so-called pixels). The data are collected exclusively pseudonymized and also not linked with your other personal data. Legal basis for this is our aforementioned legitimate interest acc. Art. 6 para. 1 sentence 1 lit. f DSGVO. Through our newsletter, we want to share the most relevant content for you and better understand what readers are actually interested in. If you do not want to analyze the usage behavior, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default. The data for the interaction with our newsletters are stored pseudonym for 30 days and then completely anonymized.
The legal basis of processing for the purpose of sending the newsletter is Art. 6 para. 1 subpara. 1 letter a GDPR. The legal basis of processing for the purpose of proof of consent is Art. 6 para. 1 subpara. 1 letter c in conjunction with Art. 5 para. 2 GDPR, Art. 7 para. 1 GDPR and Art. 24 para. 1 GDPR and Art. 6 para. 1 subpara. 1 letter f GDPR. For processing for the purpose of customer service is the legal basis Art. 6 para. 1 subpara. 1 letter f GDPR. Legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR are the promotion of the sale of our products and services, appropriate advertising as well as proof of your consent, i.e., the defense against legal claims.
2.6. Data processing in connection with events, education programs, and requests for information and offers
When you register for an event, sign up or apply, we need specific information from you, depending on the nature of the service. The registration, application and / or offer form indicates which information is required and which is voluntary. If you contact us informally and the necessary information is missing, we will contact you or request the information from you. Your data will not be shared with third parties. Any exceptions (for example, at co-operative events) are clearly stated at the time of registration.
We use your data solely for the processing of your request, and the handling of the application, registration, event, training and complaints process, for customer service, and in particular (as far as this is legally permissible), if applicable, after the research of further data—to contact you to present offers and clarify your need for our services, to send you advertisements on similar trainings, events and services (including via e-mail) and to prove that we may send you this advertising.
In connection with events and training programs you also have the possibility to provide us with information regarding any special needs (e.g., food intolerances and allergies) if applicable. In this case, we ask for your explicit consent regarding data processing. The data will be processed solely in connection with the event or training program. In certain cases it may be necessary to pass on this information to third parties who carry out the respective service (e.g., to the caterer, the hotel, etc). Again, we will ask for your consent. Your consent and provision of information are voluntary. However, in the case that you do not give consent or supply information about your needs, we will be unable to take them into account. The legal basis of processing is Art. 9 para. 2 letter a GDPR. The data will be deleted by us no later than three months after the end of the event.
Contingent upon your consent, we will use the participant information at events and training programs also for networking between participants and to document the events for attendees, for example, by providing or circulating participant lists. The legal basis of processing is Art. 6 para.1 subpara. 1 letter a of the GDPR. The data will be deleted by us no later than three months after the end of the event.
When explicitly stated, we use the participant information at events and training programs to also document the event in photo and film recordings. This material can also be used for advertising and for public relations purposes by the Hasso Plattner Institute for Digital Engineering gGmbh or for networking between participants, as well as to document the event or participant training. In doing so, the Hasso Plattner Institute for Digital Engineering gGmbh ensures that either those parts where the participant has given consent to be photographed or filmed explicitly or at least implicitly are sufficiently large and that those parts where there is no express or at least implied consent to being photographed or filmed are clearly recognizable, or that the participant can indicate his or her objection by a visually recognizable sign, such as a name tag or a bracelet in a certain color, which the Hasso Plattner Institute for Digital Engineering gGmbh will observe independent of the applicable legal requirements under Art. 21 GDPR. The legal basis of processing is Art. 6 para 1 subpara. 1 letter f of the GDPR. Legitimate interests are the documentation and promotion of the work of the Hasso Plattner Institute for Digital Engineering gGmbh, as well as the public relations work and advertising for the Hasso Plattner Institute for Digital Engineering gGmbH and its events and training programs, as well as the networking between the participants and the documentation of the events or training for the participants. We assume that there is no infringement upon your interests, rights and freedoms because of the possibility to opt out of the recordings without significant limitations. The processing is generally carried out for an unlimited period. However, the event or training program will be reexamined at the latest by 31 December of the following year to determine whether the photo or film recordings are still needed, and, if so, whether a limitation can be placed on the processing. If the review reveals that due to the significance of the event or the training program or the recording, it is not possible to limit the processing of the data at the present time, a further reexamination will be made by 31 December of the tenth year following the respective last review. These images can potentially be made accessible to everyone.
Due to tax and commercial reasons, we are compelled to save your registration and, if applicable, any associated communication as well as invoice and payment data. We will delete your data as soon as it is no longer needed for this purpose. We are required to retain business and commercial letters and other tax-relevant documents to fulfill our commercial and tax law archiving obligations. We will delete this data by 31 March of the seventh calender year following their creation, and in the case of accounting documents by the eleventh calender year after their creation. In the interest of handling applications, registrations, events, trainings and claims, your data will be deleted three months after the end of the event or training. For customer service (including the processing of your enquiry) your data will be deleted in the event of your objection or by 31 March of the fifth calender year after your last application, registration, event or training participation, request for information or an offer or expression of interest. For the purpose of promotional mailings your data will be deleted in the event of your objection or we if definitively cease promotional mailings. For the purpose of proof of your registration and in a similar sense for the advertised events, trainings and services or for proof of consent your data will be deleted by 31 March of the fourth calender year that follows the last promotional mailing. Our communications department, our customer service and our accounting department have access to your data and, if necessary, the legal department
The legal basis of data processing is Art. 6 para. 1 subpara. 1 letter a (as far as consent is granted), letter b (for the processing and handling of your request, application or registration including the implementation of the contract) and f GDPR. The legal basis of processing for providing proof of your request, application or registration, or consent are Art. 6 para. 1 subpara. 1 letter c in conjunction with Art. 5 para. 2 GDPR and Art. 24 para. 1 GDPR, as well as Art. 6 para. 1 subpara. 1 letter f GDPR. The legal basis for the tax retention is Art. 6 para. 1 subpara. 1 letter c GDPR in conjunction with §§ 147 AO, 257 HGB. Legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR are the fulfillment of your request, the promotion of the sale of our services, appropriate advertising, the assertion or exercise of legal rights or the defense against legal claims.
2.7. Data processing when using third party content and web fonts
Our website uses offers from third parties. These are Youtube, Vimeo and OpenStreetMap. Normally your web browser would automatically exchange information with these providers, such as your IP address. To prevent this, we use so-called two-click solutions. To use the offers of third party providers, it is necessary to first enable the data transfer to these third-party providers. Before this is done, none of your data will be sent to the third party provider, and you remain unknown to it. If you activate this button then information will be transmitted directly from your web browser to the respective provider. We then no longer have any influence on the processing of your data by third-party providers—just as when you follow a link to another website. The legal basis is Art. 6 para. 1 subpara. 1 letter f GDPR; the legitimate interest is your wish to activate and use the third-party content.
Data that is thereby transferred include, for example, from which page you clicked on the button and your IP address. If you are logged in at the provider or if the provider can otherwise identify you (for example, via the cookies stored at your machine) the provider can link the information that you visited our website with other information about you, such as your user account at the provider. If you do not want the provider to associate this information with your other information, you should log out beforehand and, ideally, delete the cookies in your web browser.
When you submit data to third-party providers, this data is subject to the privacy policies of those providers. We can assume no liability for this action. Please note that depending on the origin country of the third-party provider, the data privacy regulations may be less stringent than ours. Information about the data regulation of third-party providers is available here:
2.8. Data processing in connection with job applications
We understand that job applications contain sensitive personal information.
When you apply to us, we process the information we receive from you in the context of the application process. This includes the letter of application, CV, certificates, written correspondence and information received by telephone and in person. Besides your contact information, we attach particular importance to your educational background, working experience and abilities. Without this information we will be unable to regularly determine your suitability for the position and therefore we will be unable to consider your application.
Your data will initially be processed for the application procedure alone. If your application is successful, it will be used as part of your personal file and for the purpose of implementing and terminating your employment relationship, whereby it will then be deleted in accordance with the rules applicable to personal files. If we are currently unable to offer you employment, your data will be processed up to six months after the sending the refusal in order to protect ourselves against possible legal claims, in particular against any alleged discrimination claim in the application process. Insofar, as you are entitled to receive reimbursements or any other tax-related business transaction exists (e.g., a meal invitation), the corresponding accounting documents for the fulfillment of commercial and tax-related retention obligations are saved up to 31 March of the eleventh calender year after payment. In the case of commercial and business letters and other tax-related documents, these are saved up to the seventh calender year after their creation. Initially our human resource department has access to your documents but also, as necessary, the department of the job you applied for, the legal department, and the accounting department.
The legal basis of the data processing in the application process and as part of the personal file are § 26 para. 1 sent. 1 GDPR und Art. 6 para. 1 subpara. 1 letter b GDPR, and insofar as you have given your consent—for example by sending information that is not required for the application procedure―Art. 6 para. 1 subpara. 1 letter a GDPR. The legal basis of data processing after refusal is Art. 6 para. 1 subpara. 1 letter f GDPR.The legal basis for the commercial and tax law retention is Art. 6 para.1 subpara. 1 letter c GDPR in conjunction with §§ 147 AO, 257 HGB. Legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is the defense against legal claims. The legal basis for the fulfillment of the statuatory rights of the Works Council is Art. 6 para. 1 subpara. 1 letter c GDPR in conjunction with § 80 BetrVG (German Works Council Constitution Act), § 26 para. 1 sent. 1 last clause BDSG (Federal Data Protection Act).
As a rule, we do not require any special categories of personal data for the application in terms of Art. 9 GDPR, such as health data or information about your ethical origin. We ask you at the outset not to provide us with any such information. If such information is particularly relevant to the application, we will process it along with your other application data. This might, for example, concern information about severe disability, which you provide voluntarily and which we are then required to process in fulfillment of our specific obligation with respect to the severely disabled. In this case, the processing serves in exercising the rights or in fulfillment of legal responsibilities arising from labor law, social security law, and social protection. The legal basis of data processing is Art. 9 para. 2 letter b GDPR, §§ 26 para. 3 BDSG (Federal Data Protection Act), 164 SGB (Code of Social Law) IX.
3. Voluntary provision of your data
You are not required to provide personal information to us. However, by not providing us with certain information (for example, how to contact you if you would like an answer from us), it is possible that we will be unable to complete your request. In the context of special procedures (for example, when you register for an event or our newsletter), you may again be required to provide us with certain information. Without this data we may not, for example, be able to process your registration or send you our newsletter. You will be expressly informed if this should be the case.
4. Recipients of your data
Generally, your personal data remains within our area of responsibility, except in special cases (e.g., co-operative events), in which we will then explicitly inform you to whom your data will be sent. If compelling circumstances arise, it may be necessary to pass on your data to external consultants, for example to lawyers in the case of legal disputes (legal basis Art. 6 para. 1 subpara. 1 letter f GDPR; purpose and legitimate interest: the exercising, defending or asserting of legal rights). Our administrators have the possibility to access data processed by our IT department, if this should be necessary. Our data protection officer has extensive rights of control, accorded by Art. 37, 38 GDPR, and therefore access to personal data (legal basis Art. 6 para. 1 subpara. 1 letter c in conjunction with Art. 37, 38 GDPR). Further recipients of your data are listed in the notes on the respective data processing. In certain cases, we may need to disclose your personal information to third parties so that you can receive the service you want; this means to vicarious agents, for example banks and other payment service providers or to postal service providers. In certain areas, such as web hosting and email hosting, we use specialized service providers. These providers are strictly bound by our instructions through an agreement on commissioned data processing and may not process the data for their own purposes. If in special cases (e.g., co-operative events with partners outside of the EU), your data will be transferred to third countries, we will inform you of this and, if required, also separately about the legal basis and level of data protection.
5. Automated decision-making, profiling
Your data will not be used for automated decision-making or profiling.
6. Your rights
Under the relevant legal requirements, you have the right to receive information about your data, the right to have such data corrected or deleted, the right to the restriction of processing, the right to object to processing, and the right to data tranferability. In particular, you have the right to object to the processing of your data for advertising purposes at any time without incurring costs other than the transmission costs, according to the rates of your provider (e.g., the costs of an email=usually none). This applies, for example, if you have registered for an event and do not wish to be informed about similar events. If the data processing is based on consent, you have the right to revoke your consent at any time without this affecting the legality of the processing being carried out on the basis of consent to revocation or processing on any other legal basis. If you want to exercise these rights, you can simply write to datenschutz(at)hpi.de or click on the unsubscribe link in any email newsletter to unsubscribe. If we call you, you can also communicate this to us directly.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data, for example to the supervisory authority whom we answer to: Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht, Stahnsdorfer Damm 77, 14532 Kleinmachnow, Tel: +49 (0)33203 356-0, Fax: +49 (0)33203 356-49, Email: poststelle(at)lda.brandenburg.de.
If you have questions or requests regarding data protection, you can contact us at any time. Your contact is: datenschutz(at)hpi.de.
7. Your right to object to data processing
Insofar as the processing of your personal data is based on Art. 6 para. 1 subpara. 1 letter e or f GDPR, you have the right to object to processing in accordance with Art. 21 GDPR. If your objection is made for reasons arising from your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or for the establishment, exercise of defence against legal claims. If your opposition is directed against direct marketing, including profiling, insofar as it is connected with such direct mail, we will no longer process your personal data for these purposes.