Data Protection Information



With this data protection information, we would like to inform you about how we process personal data and inform you about your rights. We are aware of the importance of processing personal data for you as a data subject and accordingly observe all relevant legal requirements. In doing so, the protection of your privacy is of the utmost importance to us. The processing of your personal data by us is carried out in compliance with the General Data Protection Regulation and other data protection regulations.

Person responsible for data processing

Heidelberg Laureate Forum Foundation
Schloss-Wolfsbrunnenweg 33
69118 Heidelberg
E-Mail: info@heidelberg-laureate-forum.org

Contact details of the data protection officer: eprivacy@heidelberg-laureate-forum.org

  • Definition of terms

    This data protection notice uses the terms of the General Data Protection Regulation (GDPR):

    "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    "Restriction of processing" means the marking of stored personal data with the aim of limiting their future processing.

    "Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

    "File system" means any structured collection of personal data accessible according to specified criteria, whether such collection is maintained centrally, decentrally, or according to functional or geographic considerations.

    "Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

    "Processor" means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

    "Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, authorities that may receive personal data in the context of a specific investigation task under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.

    "Third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

    "Consent" means the freely given, informed and unambiguous indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

  • Processing operations

    We collect and process the following personal data about you:

    • Contact, event, API, key and master data information, if you have provided us with your contact information or registered on our site,
    • online identifiers (e.g. your IP address, browser type and version, operating system used, referrer URL, file name, access status, amount of data transferred, date and time of server request),
    • for contacting us as requested by you,
    • for information about our activities and offers,
    • contract data (e.g. subject matter of the contract, contract term, contract category),
    • application (by mail, via e-mail),
    • implementation of events,
    • video conferences, sound and image recordings,
    • social media identifiers.
  • Purposes of data processing

    We process your data for the following purposes:

    • for contacting us as requested by you,
    • for information about our services,
    • to process contracts, in particular to carry out activities within the framework of the Heidelberg Laureate Forum (HLF) and the Mathematics Informatics Station (MAINS),
    • implementation of events,
    • video conferences,
    • management of the alumni network,
    • for advertising purposes,
    • for sending the e-mail newsletter, if you have subscribed to it,
    • for quality assurance and
    • for our statistics.
  • Legal basis for data processing

    Your data is processed on the following legal bases:

    • Your consent according to Art. 6 para. 1 lit. a) GDPR,
    • for the performance of a contract with you according to Art. 6 para. 1 lit. b) GDPR,
    • to fulfill legal obligations according to Art. 6 para. 1 lit. c) GDPR or
    • for a legitimate interest according to Art. 6 (1) lit. f) GDPR.

    If we base the processing of your personal data on legitimate interests within the meaning of. Art. 6 para. 1 lit. f) GDPR, such are.

    • the improvement of our services,
    • the protection against misuse and
    • the maintenance of our statistics.
  • Data sources

    We receive the data from you (including about the devices you use). If we do not collect the personal data directly from you, we will also inform you about the source of the personal data and, if applicable, whether the data originates from publicly available sources.

  • Transmission / data recipient

    When processing your data, we cooperate with the following service providers who have access to your data:

    • Web analytics tool providers,
    • web hosting providers,
    • consent management platform service providers,
    • administration service providers,
    • event service providers,
    • video conferencing service provider,
    • collaboration partner alumni network,
    • social media.

    There is a data transfer to third countries outside the European Union. This is done on the basis of contractual regulations provided for by law, which are intended to ensure adequate protection of your data and which you can view on request.

  • Duration of processing

    We store your personal data only as long as it is necessary to achieve the purpose of processing or the storage is subject to a legal retention period.

    We store your data,

    • if you have consented to the processing, at most until you revoke your consent,
    • if we need the data to perform a contract, at most for as long as the contractual relationship with you exists or is subject to statutory retention periods,
    • if we use the data on the basis of a legitimate interest, at most as long as your interest in deletion or anonymization does not prevail.
  • Your rights

    You have - partly under certain conditions - the right

    • to request information free of charge about the processing of your data and to receive a copy of your personal data. Among other things, you can request information about the purposes of processing, the categories of personal data that are processed, the recipients of the data (if a transfer takes place), the duration of storage or the criteria for determining the duration;
    • to rectify your data. If your personal data is incomplete, you have the right, taking into account the purposes of processing, to complete the data;
    • to have your data erased or blocked. Reasons for the existence of an erasure/blocking claim may include: revocation of the consent on which the processing is based, the data subject objects to the processing, the personal data have been processed unlawfully;
    • to have the processing restricted;
    • to object to the processing of your data;
    • revoke your consent to the processing of your data for the future; and
    • to complain to the competent supervisory authority about unlawful data processing. 
  • Further information on data protection

    E-mail newsletter

    If you register for our newsletter, we will use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis. Unsubscribing from the newsletter is possible at any time with effect for the future and can be done either by sending a message to the contact option described above or via the unsubscribe link provided for this purpose in the newsletter.

    This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede. CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on CleverReach servers in Germany and Ireland.

    Our newsletters sent with CleverReach enable us to analyze the behavior (conversion tracking) of the newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. The data processing is based on your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. If you do not want any analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message or you can also unsubscribe directly on the website. The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. 

    For more information, please see the CleverReach privacy policy at: https://www.cleverreach.com/de/datenschutz/.

  • Data backup

    We have taken extensive technical and organizational measures to secure your data against possible threats, such as unauthorized access, unauthorized disclosure, alteration or dissemination, as well as against loss, destruction or misuse.

    In order to protect your personal data from unauthorized access by third parties during transmission, we secure data transmissions using TLS encryption where necessary. This is a standardized encryption method for online services, especially for the web.

  • Log files

    Each time our internet pages are accessed, usage data is transmitted by the respective internet browser and stored in log files, the so-called server log files. The data records stored contain the following data:

    • Domain from which the user accesses the website,
    • Date and time of access, IP address of the accessing computer,
    • website(s) visited by the user within the scope of our services,
    • amount of data transferred,
    • browser type and version,
    • operating system used,
    • message as to whether the retrieval was successful.

    These log file data records are evaluated in anonymized form in order to improve our services and make them more user-friendly, to find and correct errors and to control the utilization of servers.

  • Cookies

    This website uses so-called cookies. A cookie is a text file with an identification number that is transferred to the user's computer and stored there together with the other data actually requested when the website is used. The file is kept there for later access and serves to authenticate the user. Since cookies are only simple files and not executable programs, they do not pose any danger to the computer. Depending on the settings selected by the user, the Internet browser automatically accepts cookies. However, this setting can be changed and the storage of cookies can be deactivated or set in such a way that the user is notified as soon as a cookie is set. In the event that the use of cookies is deactivated, however, some functions of the website may not be available or may only be available to a limited extent. You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the internet browser used and thus permanently object to the setting of cookies. Cookies that are already active can be deleted at any time using an internet browser or other software programs. We may work together with advertising partners who help us to make our Internet services more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we cooperate with aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following paragraphs.

    We distinguish between the following types of cookies:

    First-party cookies: first-party cookies are transmitted by the platform just visited.

    Third-party cookies: Third-party cookies are cookies that are transferred by a provider other than the platform visited by the user. When a user visits a platform and another entity transmits a cookie through that platform, it is a third-party cookie.

    Essential cookies: these cookies are necessary for you to navigate the platform and use its features, such as accessing secure areas of the platform. Without them, certain services cannot be provided, such as displaying content customized for your computer or device.

    Performance cookies: These cookies collect information about how visitors use the platform, such as which pages are viewed most frequently and whether they receive error messages from websites. However, these cookies do not collect information about the identity of the visitor. All information collected by these cookies is aggregated and therefore anonymous. They are only used to optimize the platform.

    Functionality cookies: These cookies allow the platform to remember choices you make (such as language preferences and your region) and provide you with enhanced, more personalized functionality. They can also be used to remember your preferences regarding text size, font, and other customizable parts of the website. They may also be used to provide services you request, such as viewing a video or commenting within a blog. The information that these cookies collect may be anonymized. Your browsing activity cannot be tracked on other platforms.

    Social media cookies: these cookies are used when you click a social media sharing button on the platform. The social network records this action and may use it for marketing or advertising purposes.

    This website uses the following cookies:

    Matomo
    For statistical analysis, we use "Matomo" (formerly "PIWIK") on this website. It is an open source tool for web analysis.
    The information generated by Matomo about the use of this website is only transmitted to our server. Matomo is generally deactivated when you visit our website. Only if you actively consent, is your usage behavior recorded anonymously.
    Matomo uses cookies. These are text files that are stored on your computer and enable us to analyze the use of our website. For this purpose, the information about usage obtained by the cookie is transmitted to our server and stored so that usage behavior can be evaluated. Your IP address is immediately anonymized; thus you remain anonymous as a user. The information generated by the cookie about your use of this website will not be passed on to third parties. The analysis is part of our internet service. We would like to use it to further improve the website.

    Facebook
    Plugins of the social network Facebook, Meta Platforms Ireland Limited, 4 Grand Square, Grand Canal Habour, Dublin 2 Ireland, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the "Like button" ("Like") on our page. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/. When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link the content of our pages on your Facebook profile. This allows Facebook to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at http://de-de.facebook.com/policy.php.

    Twitter
    Plugins of the short message network Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA are integrated on our Internet pages. You can recognize the Twitter plugins (Tweet button) by the Twitter logo on our site. You can find an overview of Tweet buttons here (https://about.twitter.com/resources/buttons). When you call up a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter thereby receives the information that you have visited our site with your IP address. If you click the Twitter "Tweet button" while you are logged into your Twitter account, you can link the content of our pages on your Twitter profile. This allows Twitter to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. If you do not want Twitter to be able to associate your visit to our pages, please log out of your Twitter user account. You can find more information about this in the privacy policy of Twitter (https://twitter.com/privacy).

    Instagram
    On our pages, functions of the service Instagram are integrated. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. If you do not want Instagram to be able to associate the visit to our pages, please log out of your Instagram user account. For more information, please refer to the privacy policy of Instagram https://instagram.com/about/legal/privacy/.

    YouTube
    Our site uses the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the integration of videos. Normally, when you call up a page with embedded videos, your IP address is already sent to YouTube and cookies are installed on your computer. However, we have embedded our YouTube videos with the extended data protection mode (in this case, YouTube still contacts Google's Double Klick service, but according to Google's privacy policy, personal data is not evaluated). As a result, YouTube no longer stores any information about visitors unless they watch the video. If you click on the video, your IP address is transmitted to YouTube and YouTube learns that you have watched the video. If you are logged in to YouTube, this information is also assigned to your user account (you can prevent this by logging out of YouTube before viewing the video). We have no knowledge of and no influence on the possible collection and use of your data by YouTube. You can find more information in YouTube's privacy policy at www.google.de/intl/de/policies/privacy/. In addition, please refer to our general presentation in this privacy policy for the general handling and deactivation of cookies.

    flickr
    On our website, functions and contents of the service flickr may be integrated. Flickr is a photo and image service of the American company SmugMug Inc, 67 E. Evelyn Ave, Suite 200 Mountain View, California, USA. For details on the processing of data at flickr and the visibility settings, please refer to the privacy policy of Flickr or Oath (formerly Yahoo): https://www.flickr.com/help/privacy/.

  • Processing your personal data in different contexts

    OpenStreetMap
    In the context of route descriptions or location presentations, we use the map content of the "OpenStreetMap" service, which is offered by the OpenStreetMap Foundation as an Open Data Commons Open Database License (ODbL). To prevent the transfer of user data to OpenStreetMap, the maps are embedded locally. In this way, no data of the visitors is passed on. For more information, please refer to the association's privacy policy, which can be found at https://wiki.osmfoundation.org/wiki/Privacy_Policy.

    Google Fonts
    We integrate the fonts ("Google Fonts") of the provider Google locally in order to be able to guarantee the display of the font in the user's browser. Google Fonts is loaded directly from our own server and no longer via the Fonts Application Programming Interface (API). This way, no user data is sent to providers outside the EU, as the server location of our website is within the EU. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://fonts.google.com/. For details on data processing, please see the Privacy Policy: https://policies.google.com/privacy.

    Podigee Podcast Hosting
    We use the podcast hosting service Podigee of the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are thereby loaded by Podigee or transmitted via Podigee. The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis as well as optimization of our podcast offer pursuant to Art. 6 para. 1 lit. f. GDPR. Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data, such as call-up figures. This data is anonymized or pseudonymized before it is stored in Podigee's database, unless it is necessary for the provision of the podcasts. For more information and opt-out options, please see Podigee's privacy policy: https://www.podigee.com/de/about/privacy/.

    Blogs
    We use blogs and publications (hereinafter "publication medium"). Readers' data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for reasons of security. For the rest, please refer to the information on the processing of visitors to our publication medium within the scope of this data protection notice.
    Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in the event that someone leaves unlawful content in comments and posts (e.g., insults, prohibited political propaganda). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author. Furthermore, we reserve the right to process the user's data for the purpose of spam detection on the basis of our legitimate interests.
    The personal information provided in the comments and contributions, any contact and website information as well as the content-related information will be stored by us until the objection of the user.

  • Video conferencing

    We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom's privacy policy: https://zoom.us/de-de/privacy.html. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://zoom.us/de-de/privacy.html.

    We have concluded an order processing contract and standard contractual clauses with the provider of Zoom and implement the requirements of the data protection authorities when using Zoom.

    For our HLFF Inspiring Minds project, we use the provider BigBlueButton. The tool is installed locally. You can find the data protection notice here: https://www.hlff-inspiringminds.org.

  • Applications

    We are pleased that you want to apply for a job with us. In the following, we would like to explain how we process the personal data you provide to us as part of the application process.

    Definitions
    Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. The data subject is the applicant.

    What data do we process?
    As part of the application process, we collect and process personal data provided to us by you, namely contact and address information, your application photo, information about your career to date, your educational and professional training.

    Purpose of processing
    The purpose of the processing is to carry out the application process and the selection of the applicant.

    On what legal basis do we process your data?
    The legal basis is Art. 6 (1) lit. b) GDPR, namely the implementation of pre-contractual measures.
    We receive the data from you. If we do not collect the personal data directly from you, we will additionally inform you of the source of the personal data and, if applicable, whether it comes from publicly accessible sources.

    Will your data be transferred to third parties?
    As part of the application process, data may be transferred to service providers, companies from the Klaus Tschira Group, the responsible party and affiliated companies. Data is only ever passed on to third parties within the legally permissible framework and to the extent necessary to carry out the application process.

    Storage period
    We only store your personal data for as long as is necessary to achieve the purpose of the processing or for as long as the storage is subject to a statutory retention period. In the event that we are unable to offer you a position as a result of the application process, we will return your submitted documents to you and delete the data collected in our systems six months after the end of the application process.

    Your rights
    You have the right to a) request information about the processing of your data, b) request a copy of your personal data, c) have your data corrected. If your personal data is incomplete, you have the right, taking into account the processing purposes, to complete the data, to have your data deleted or blocked, to have the processing restricted, to object to the processing of your data, to revoke your consent to the processing of your data for the future and to complain to the competent supervisory authority about unlawful data processing. If you wish to exercise your rights as a data subject or have other questions about this notice, please contact bewerbung@heidelberg-laureate-forum.org or the Data Protection Officer of the Heidelberg Laureate Forum Foundation, who can be reached at eprivacy@heidelberg-laureate-forum.org.

    Unless expressly stated at the time of collection, the provision of data is not required or obligatory. Such an obligation may result from legal or contractual regulations.

Status of this data protection notice

October 2022

We reserve the right to change this data protection notice at any time with effect for the future.

This is an English translation of the official Data Protection Information and is intended as a guide. Only the original German version constitutes a legally binding agreement.