Data Protection Information
With this data protection information, we would like to inform you about how we process personal data and inform you about your rights. We are aware of the importance of processing personal data for you as a data subject and accordingly observe all relevant legal requirements. In doing so, the protection of your privacy is of the utmost importance to us. The processing of your personal data by us is carried out in compliance with the General Data Protection Regulation and other data protection regulations.
Person responsible for data processing
Heidelberg Laureate Forum Foundation
Contact details of the data protection officer: firstname.lastname@example.org
Definition of terms
This data protection notice uses the terms of the General Data Protection Regulation (GDPR):
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Restriction of processing" means the marking of stored personal data with the aim of limiting their future processing.
"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
"File system" means any structured collection of personal data accessible according to specified criteria, whether such collection is maintained centrally, decentrally, or according to functional or geographic considerations.
"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.
"Processor" means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
"Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, authorities that may receive personal data in the context of a specific investigation task under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.
"Third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
"Consent" means the freely given, informed and unambiguous indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
We collect and process the following personal data about you:
- Contact, event, API, key and master data information, if you have provided us with your contact information or registered on our site,
- online identifiers (e.g. your IP address, browser type and version, operating system used, referrer URL, file name, access status, amount of data transferred, date and time of server request),
- for contacting us as requested by you,
- for information about our activities and offers,
- contract data (e.g. subject matter of the contract, contract term, contract category),
- application (by mail, via e-mail),
- implementation of events,
- video conferences, sound and image recordings,
- social media identifiers.
Purposes of data processing
We process your data for the following purposes:
- for contacting us as requested by you,
- for information about our services,
- to process contracts, in particular to carry out activities within the framework of the Heidelberg Laureate Forum (HLF) and the Mathematics Informatics Station (MAINS),
- implementation of events,
- video conferences,
- management of the alumni network,
- for advertising purposes,
- for sending the e-mail newsletter, if you have subscribed to it,
- for quality assurance and
- for our statistics.
Legal basis for data processing
Your data is processed on the following legal bases:
- Your consent according to Art. 6 para. 1 lit. a) GDPR,
- for the performance of a contract with you according to Art. 6 para. 1 lit. b) GDPR,
- to fulfill legal obligations according to Art. 6 para. 1 lit. c) GDPR or
- for a legitimate interest according to Art. 6 (1) lit. f) GDPR.
If we base the processing of your personal data on legitimate interests within the meaning of. Art. 6 para. 1 lit. f) GDPR, such are.
- the improvement of our services,
- the protection against misuse and
- the maintenance of our statistics.
We receive the data from you (including about the devices you use). If we do not collect the personal data directly from you, we will also inform you about the source of the personal data and, if applicable, whether the data originates from publicly available sources.
Transmission / data recipient
When processing your data, we cooperate with the following service providers who have access to your data:
- Web analytics tool providers,
- web hosting providers,
- consent management platform service providers,
- administration service providers,
- event service providers,
- video conferencing service provider,
- collaboration partner alumni network,
- social media.
There is a data transfer to third countries outside the European Union. This is done on the basis of contractual regulations provided for by law, which are intended to ensure adequate protection of your data and which you can view on request.
Duration of processing
We store your personal data only as long as it is necessary to achieve the purpose of processing or the storage is subject to a legal retention period.
We store your data,
- if you have consented to the processing, at most until you revoke your consent,
- if we need the data to perform a contract, at most for as long as the contractual relationship with you exists or is subject to statutory retention periods,
- if we use the data on the basis of a legitimate interest, at most as long as your interest in deletion or anonymization does not prevail.
You have - partly under certain conditions - the right
- to request information free of charge about the processing of your data and to receive a copy of your personal data. Among other things, you can request information about the purposes of processing, the categories of personal data that are processed, the recipients of the data (if a transfer takes place), the duration of storage or the criteria for determining the duration;
- to rectify your data. If your personal data is incomplete, you have the right, taking into account the purposes of processing, to complete the data;
- to have your data erased or blocked. Reasons for the existence of an erasure/blocking claim may include: revocation of the consent on which the processing is based, the data subject objects to the processing, the personal data have been processed unlawfully;
- to have the processing restricted;
- to object to the processing of your data;
- revoke your consent to the processing of your data for the future; and
- to complain to the competent supervisory authority about unlawful data processing.
Further information on data protection
If you register for our newsletter, we will use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis. Unsubscribing from the newsletter is possible at any time with effect for the future and can be done either by sending a message to the contact option described above or via the unsubscribe link provided for this purpose in the newsletter.
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede. CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on CleverReach servers in Germany and Ireland.
Our newsletters sent with CleverReach enable us to analyze the behavior (conversion tracking) of the newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. The data processing is based on your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. If you do not want any analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message or you can also unsubscribe directly on the website. The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter.
We have taken extensive technical and organizational measures to secure your data against possible threats, such as unauthorized access, unauthorized disclosure, alteration or dissemination, as well as against loss, destruction or misuse.
In order to protect your personal data from unauthorized access by third parties during transmission, we secure data transmissions using TLS encryption where necessary. This is a standardized encryption method for online services, especially for the web.
Each time our internet pages are accessed, usage data is transmitted by the respective internet browser and stored in log files, the so-called server log files. The data records stored contain the following data:
- Domain from which the user accesses the website,
- Date and time of access, IP address of the accessing computer,
- website(s) visited by the user within the scope of our services,
- amount of data transferred,
- browser type and version,
- operating system used,
- message as to whether the retrieval was successful.
These log file data records are evaluated in anonymized form in order to improve our services and make them more user-friendly, to find and correct errors and to control the utilization of servers.
We distinguish between the following types of cookies:
First-party cookies: first-party cookies are transmitted by the platform just visited.
Third-party cookies: Third-party cookies are cookies that are transferred by a provider other than the platform visited by the user. When a user visits a platform and another entity transmits a cookie through that platform, it is a third-party cookie.
Essential cookies: these cookies are necessary for you to navigate the platform and use its features, such as accessing secure areas of the platform. Without them, certain services cannot be provided, such as displaying content customized for your computer or device.
Performance cookies: These cookies collect information about how visitors use the platform, such as which pages are viewed most frequently and whether they receive error messages from websites. However, these cookies do not collect information about the identity of the visitor. All information collected by these cookies is aggregated and therefore anonymous. They are only used to optimize the platform.
Functionality cookies: These cookies allow the platform to remember choices you make (such as language preferences and your region) and provide you with enhanced, more personalized functionality. They can also be used to remember your preferences regarding text size, font, and other customizable parts of the website. They may also be used to provide services you request, such as viewing a video or commenting within a blog. The information that these cookies collect may be anonymized. Your browsing activity cannot be tracked on other platforms.
Social media cookies: these cookies are used when you click a social media sharing button on the platform. The social network records this action and may use it for marketing or advertising purposes.
This website uses the following cookies:
For statistical analysis, we use "Matomo" (formerly "PIWIK") on this website. It is an open source tool for web analysis.
The information generated by Matomo about the use of this website is only transmitted to our server. Matomo is generally deactivated when you visit our website. Only if you actively consent, is your usage behavior recorded anonymously.
Processing your personal data in different contexts
Podigee Podcast Hosting
We use blogs and publications (hereinafter "publication medium"). Readers' data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for reasons of security. For the rest, please refer to the information on the processing of visitors to our publication medium within the scope of this data protection notice.
Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in the event that someone leaves unlawful content in comments and posts (e.g., insults, prohibited political propaganda). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author. Furthermore, we reserve the right to process the user's data for the purpose of spam detection on the basis of our legitimate interests.
The personal information provided in the comments and contributions, any contact and website information as well as the content-related information will be stored by us until the objection of the user.
We have concluded an order processing contract and standard contractual clauses with the provider of Zoom and implement the requirements of the data protection authorities when using Zoom.
For our HLFF Inspiring Minds project, we use the provider BigBlueButton. The tool is installed locally. You can find the data protection notice here: https://www.hlff-inspiringminds.org.
We are pleased that you want to apply for a job with us. In the following, we would like to explain how we process the personal data you provide to us as part of the application process.
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. The data subject is the applicant.
What data do we process?
As part of the application process, we collect and process personal data provided to us by you, namely contact and address information, your application photo, information about your career to date, your educational and professional training.
Purpose of processing
The purpose of the processing is to carry out the application process and the selection of the applicant.
On what legal basis do we process your data?
The legal basis is Art. 6 (1) lit. b) GDPR, namely the implementation of pre-contractual measures.
We receive the data from you. If we do not collect the personal data directly from you, we will additionally inform you of the source of the personal data and, if applicable, whether it comes from publicly accessible sources.
Will your data be transferred to third parties?
As part of the application process, data may be transferred to service providers, companies from the Klaus Tschira Group, the responsible party and affiliated companies. Data is only ever passed on to third parties within the legally permissible framework and to the extent necessary to carry out the application process.
We only store your personal data for as long as is necessary to achieve the purpose of the processing or for as long as the storage is subject to a statutory retention period. In the event that we are unable to offer you a position as a result of the application process, we will return your submitted documents to you and delete the data collected in our systems six months after the end of the application process.
You have the right to a) request information about the processing of your data, b) request a copy of your personal data, c) have your data corrected. If your personal data is incomplete, you have the right, taking into account the processing purposes, to complete the data, to have your data deleted or blocked, to have the processing restricted, to object to the processing of your data, to revoke your consent to the processing of your data for the future and to complain to the competent supervisory authority about unlawful data processing. If you wish to exercise your rights as a data subject or have other questions about this notice, please contact email@example.com or the Data Protection Officer of the Heidelberg Laureate Forum Foundation, who can be reached at firstname.lastname@example.org.
Unless expressly stated at the time of collection, the provision of data is not required or obligatory. Such an obligation may result from legal or contractual regulations.
Status of this data protection notice
We reserve the right to change this data protection notice at any time with effect for the future.
This is an English translation of the official Data Protection Information and is intended as a guide. Only the original German version constitutes a legally binding agreement.