This English translation is not legally binding. In case of doubt, the German version shall prevail.
Body responsible for data processing
HITS gGmbH (Heidelberger Institut für Theoretische Studien)
Represented by: Dr. Gesa Schönberger
Phone: +49 6221 533 533
Fax: +49 6221 533 298
Register court: Amtsgericht Mannheim
Trade register: HRB 337446
Value added tax identification number according to §27a Umsatzsteuergesetz: DE232037958
Contact details of the data protection officer: firstname.lastname@example.org
Definition of terms
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any process or set of processes that handle personal data, whether or not by automatic means, such as the collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data is not attributed to an identified or identifiable natural person.
“File system”: any structured collection of personal data that is accessible based on specified criteria, whether such collection is maintained in a centralized, decentralized or functional or geographical manner;
“Controller” refers to the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
“Recipient”: a natural or legal person, public authority, agency or other body to whom personal data is disclosed, be it a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as Recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.
“Third party” means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.
“Consent” means the freely given specific, informed and unambiguous indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to them.
We collect and process the following personal data about you:
- contact, address and event information if you have provided us with your contact information,
- online identifiers (such as your IP address, browser type and version, the operating system used, the referrer URL, the file name, the access status, the amount of data transferred, the date and time of the server request, host name of the accessing computer),
- contract data (e.g. subject matter of the contract, contract term, contract category),
- Implementation of the program,
- Publication of results,
- Project communication,
- Carrying out events,
- Video conferences
- Sound and image recordings
Purposes of data processing
We process your data for the following purposes:
- for communication about the LiSyM-Cancer project,
- for press and communication purposes,
- for quality assurance reasons,
- for our statistics and preparation and implementation of virtual events and events in person, recordings, in particular also live streaming and publication of image and sound recordings on social media channels, our website and print media.
Legal basis for the data processing
Your data is processed on the following legal bases:
- your consent as per article 6 (1) a) GDPR,
- for the fulfilment of a contract with you according to article 6 (1) b) GDPR,
- for the purpose of fulfilling legal obligations pursuant to article 6 (1) c) GDPR, or
- for a legitimate interest as per article 6 (1) f) GDPR.
Insofar as we base the processing of your personal data on legitimate interests within the meaning of article 6 (1) f) GDPR, these are
- the improvement of our offering,
- the protection against abuse and
- the keeping of our statistics.
We receive the data from you (including about the devices you use). If we do not collect the personal data directly from you, we will also tell you the source of the personal data and, if applicable, whether it comes from publicly available sources.
When processing your data, we work together with the following service providers who have access to your data:
- web hosting providers,
- management service provider,
- contract partners,
- video conferencing service provider,
- social media.
Data is transmitted to third countries outside the European Union. This occurs on the basis of contractual regulations provided for by law, which are designed to ensure adequate protection of your data and which you can view on request.
Duration of the processing
We only store your personal data for as long as is necessary to achieve the purpose of the processing or the storage is subject to a legal retention period.
We will store you data
- once you have consented to the processing at the most until you revoke your consent,
- if we need the data to perform a contract, at most for as long as the contractual relationship with you exists or statutory retention periods continue,
- if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymization does not outweigh this.
You have the right – in part under certain conditions,
- to request information about the processing of your data free of charge and to receive a copy of your personal data. You can request information about, among other things, the purposes of the processing, the categories of personal data that is processed, the recipients of the data (if a transfer takes place), the duration of the storage or the criteria for determining the duration;
- to correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of the processing;
- to have your data deleted or blocked. Reasons for the existence of a right to deletion/blocking may include revoking of the consent on which the processing is based, the data subject objects to the processing, the personal data have been processed unlawfully;
- to have the processing restricted;
- to object to the processing of your data;
- to revoke your consent to the processing of your data in the future; and
- to file a complaint to the competent supervisory authority about unlawful data processing.
Further information on data protection
Data protection We have taken extensive technical and organizational measures to protect your data against possible threats, such as unauthorized access and viewing, modification or dissemination, as well as against loss, destruction or abuse. To protect your personal data from unauthorized access by third parties during transmission, we secure data transmissions using SSL encryption where necessary. This is a standardized encryption procedure for online services, especially for the web.
Log files Every time you access our website, the respective internet transmits usage data that is stored in log files, the so-called server log files. The data records stored in the process contain the following data:
- date and time of the retrieval
- IP address of the accessing computer
- website(s) visited by the user within the framework of the offer
- data volume transferred
- browser type and version, possibly the operating system used
- message whether the retrieval was successful
These log file data records are evaluated in order to improve the offer and make it more user-friendly, to find and correct errors, and to control the utilization of the servers.
Photos and film footage
Photographs, group photos and films (incl. audio recordings) are taken/ recorded to support public relations work, media accompaniment of conferences, events and other HITS activities. These recordings are usually published on our websites, social media channels and in print media.
We and our representatives offer various events, such as workshops, lectures and conferences. For some of these offers, we ask for registration in advance, in the course of which mandatory information is requested. In particular, these include the name, title, email, address, data required for participating in and implementing the event. You will find a detailed overview in the respective registration form. The data will be processed for the purpose of fulfilling contractual obligations, including for billing purposes and for the creation of supporting material for the event, such as participant lists. We will use the email address provided during registration to contact you to send information about the relevant event as well as important changes, for example in range of offers or due to technical requirements.
We will store the data collected during registration until the purpose of processing the data no longer applies or it is no longer required for the purpose. Unless the data is deleted because it is required for other and legally permissible reasons, the processing of it will be limited to these purposes. Accordingly, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural person or legal entity. In the event that users request the deletion of their personal data, their data will be deleted subject to a legal obligation to retain it. This does not apply to data that has already been printed and distributed.