Data Protection Policy

I. Name and address of the person responsible

The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Alexander von Humboldt Institute for Internet and Society (HIIG)

Französische Straße 9
10117 Berlin
Germany

Phone: +49 (o)30 2007 60 82
E-Mail: info@hiig.de

Websites:

  1. www.hiig.de
  2. www.elephantinthelab.org
  3. www.noc-europeanhub.net
  4. www.openingscience.org
  5. www.policyreview.info
  6. www.startup-clinics.com
  7. www.stiftung-internet-und-gesellschaft.de
  8. www.wahlkompass-digitales.de

II. Name and address of the data protection officer

The data protection officer of the person responsible is:

Alexander von Humboldt Institut für Internet und Gesellschaft gGmbH (HIIG)

Dr. Jörg Pohle

Französische Straße 9
10117 Berlin
Germany

Phone: +49 (0)30 2007 6082
E-Mail: dsb@hiig.de

III. General information on the processing of personal data

1. Scope of processing personal data

We only process personal data of users of our website if this is necessary to provide a functional website as well as our contents and offers. The processing of personal data of users of our website only takes place if the processing of the data is permitted by legal regulations. The processing of personal data is geared to the objective of protecting fundamental rights and freedoms (Article 1(2) GDPR).

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of HIIG or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) GDPR serves as the legal basis for processing.

3. Data erasure and retention period

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Website provision and logging

1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the client computer.

The following data is collected:

  • the IP address of the client computer
  • information about the browser type and version used (user agent)
  • the operating system of the client computer
  • date and time of access
  • websites from which the user's system reaches our website (referrer)
  • websites accessed by the user's system via our website
  • status codes
  • amount of data
  • used protocols

The data is also stored in the log files of our system. This data is kept separated from other personal data of the user.

All websites are hosted at Mittwald. IP addresses are anonymized there by removing the last three digits. For further information see also Mittwald's data protection declaration.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must be kept for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.

4. Data retention period, possibility to object and to erase

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after 60 days at the latest.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. According to Art. 21 para. 1 sentence 2 1st alternative GDPR there is therefore no possibility to object on the part of the user.

V. Improved the user experience

1. Description and scope of data processing

We use procedures to make our website more user-friendly and to increase the security of the website. Some elements of our website require that the calling browser can be identified even after a page change.

To this end, we use cookies, among other things, in which the following data is stored and transmitted:

  • language settings
  • log-in information
  • entered search terms

We also incorporate external fonts from Google Fonts and media, including sound recordings and videos, such as YouTube and Twitter’s Periscope and maps from Google Maps.

We use Google ReCaptcha to protect against comment spam and attacks on our login page.

The data will not be stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for processing personal data to improve the user experience is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The purpose of the processing is to simplify the use of websites for users and to ensure the protection of the website. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

  • accepting language settings
  • remembering search terms
  • commenting on posts
  • registered user login

The user data collected through technically necessary cookies are not used to create user profiles.

4. Data retention period, possibility to object and to erase

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies, either directly in the browser or with the help of uBlock Origin or Privacy Badger. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

When integrated content is called up, personal data is transmitted to the provider of this content, among other things. The access to these contents is subject to the full control of the users. By changing the settings in your browser, you can deactivate or restrict the access to external content, either directly in the browser or with the help of uBlock Origin or NoScript.

The integration of Google ReCaptcha is mandatory for the security of the website if you want to comment on articles on the website or log in. According to Art. 21 para. 1 sentence 2 1st alternative GDPR there is therefore no possibility of objection on your part.

VI. Web analytics

1. Description and scope of data processing

We use the web analytics tool Matomo to improve the quality of our website and its content.

If you have activated 'Do Not Track' in your browser or set the following opt-out cookie, no personal data will be collected, stored or used for usage analysis.

Otherwise we collect, store and use the following data:

  • web analytics cookie with unique ID
  • the IP address of the client (anonymized to 2 bytes)
  • information about the browser type underlying engine, version used and existing plugins
  • the operating system of the client
  • the screen resolution of the client
  • the probable country from which the access is made
  • the language set in the browser
  • date and time of access
  • websites from which the user's system reaches our website (referrer)
  • websites accessed by the user's system via our website

The IP address is shortened to 2 bytes directly during the collection and thus anonymized.

2. Legal basis for data processing

The legal basis for the processing of personal data for usage analysis is Art. 6 para. 1 lit. f GDPR

3. Purpose of data processing

The analytical tool is used to improve the quality of our website and its content. This tells us how the website is used and enables us to continually optimise our offering.

4. Data retention period, possibility to object and to erase

The web analytics cookie with unique ID is valid until the end of the browser session. The IP address is shortened to 2 bytes directly during the survey and thus made anonymous. This means that at the latest after the end of your browser session the data is no longer personal.

You can activate 'Do Not Track' in your browser or set the following opt-out cookie to prevent the collection, storage and use of personal data for usage analysis. The opt-out cookie is valid for two years.

VII. Newsletter and event mailing lists

1. Description and scope of data processing

On our websites you have the possibility to subscribe to newsletters and to subscribe to lists for event announcements. The following data from the input mask will be transmitted to us during registration:

  • first name
  • last name
  • email address
  • language

For the processing of the data, reference is made to this data protection declaration as part of the registration process.

In connection with data processing for the dispatch of newsletters and event announcements, the data is passed on to MailPoet and SendGrid. The data will only be used for sending newsletter and event announcements, see also MailPoet's and SendGrid’s privacy notice.

For www.elephantinthelab.org Mailchimp is used instead.

2. Legal basis for data processing

The legal basis for the processing of the data after registration for the newsletter and entry on the list of events by the user is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The collection of the user's email address serves to deliver the newsletter or the event announcements. The collection of first and last names serves to personalize these messages. The collection of the desired language serves to ensure that only messages in this language are delivered.

4. Data retention period, possibility to object and to erase

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. E-mail address, first name, surname and language of the user will be stored as long as the subscription to the newsletter or the list of events is active.

The subscription to the newsletter and the list of events can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter and in every event announcement.

VIII. Event registration

1. Description and scope of data processing

You can register for events on our website. The data from the input mask is transferred to us during registration. This includes, among other things:

  • first name
  • last name
  • email

Depending on the event, further data can be collected, including

  • language
  • organizational affiliation
  • position

Further data may be collected for registration for academic workshops or conferences, including

  • scholarly contribution or lecture to be submitted
  • title and abstract of the paper or lecture
  • academic degree
  • street address

If you register for an event on our website and enter your e-mail address, we may subsequently use this to send you information about the event, e.g. changes in time or location or cancellation.

If you register on our website for an event in a event series and enter your e-mail address, this can subsequently be used by us to send information on this event, e.g. time or place changes or cancellations, as well as on other events in this series.

In some cases, it may be possible to register on third party websites (e.g. Meetup or Facebook) for events held at or co-organized by HIIG. The data protection regulations of the respective provider apply to these external websites.

2. Legal basis for data processing

The legal basis for the processing of the data after registration by the user for the event is Art. 6 para. 1 lit. f GDPR

3. Purpose of data processing

The purpose of data processing is to organise and carry out events, to inform participants about changes or the cancellation of the event, as well as other events in the same series.

4. Data retention period, possibility to object and to erase

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is regularly the case after the end of the event or series of events, for individual data at the latest, however, after expiry of the billing and documentation obligations.

If you do not wish to receive further information about other events of the respective event series, simply unsubscribe from the list. For this purpose, each event announcement contains a corresponding link to the relevant series.

IX. Applications

1. Description and scope of data processing

On our website you have the opportunity to apply for (student) positions and fellowships. During the application the data from the input mask are transferred to us. This includes, among other things:

  • first name
  • last name
  • email
  • Telephone number for further inquiries
  • University, subject and semester
  • Country (Fellows only)
  • How you heard about us
  • Whether we should inform you in the future about further tenders at the institute
  • Application documents as PDF (e.g. CV, certificates, letter of motivation, etc.)

The data is passed on to JotForm in connection with data processing for applications. The data will only be used for the application process, see also JotForm's privacy policy.

2. Legal basis for data processing

The legal basis for the processing of data in the context of job applications is Art. 6 para. 1 lit. b GDPR.

The legal basis for the processing of data in the context of fellowship applications is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The purpose of data processing is the electronic submission and examination of applications and application documents for advertised positions and fellowships.

4. Data retention period, possibility to object and to erase

If the application is for employment within the scope of a project, the data will be deleted three months after the end of the project if the application is rejected, and six months after the end of the application procedure if the application is not project-related.

Upon request, we will delete the stored data before the end of the storage period, provided there is no longer storage due to commercial, tax or social security law storage obligations.

In the event of employment, the application documents will be deleted three years after termination of employment, provided that there is no longer retention due to commercial, tax or social security retention obligations.

X. Rights of the data subjects

If personal data relating to you are processed, you are a data subject according to the GDPR, and you have the following rights vis-à-vis the HIIG:

1. Right of access

You have the right to request information from us as to whether we process the personal data relating to you. In a positive case, this also includes information about the data relating to you, as well as the information specified in Art. 15 para. 1 lit. a to h GDPR.

2. Right to rectification

You have the right to request us to correct any data relating to you if it is inaccurate.

3. Right to restriction of processing

You have the right to request us to restrict the processing of data relating to you if this request is covered by one of the reasons in Art. 18 para. 1 lit. a to d GDPR.

4. Right to erasure

You have the right to request us to delete the data relating to you, provided that this request is covered by one of the reasons in Art. 17 para. 1 lit. a to f DS-GMO and none of the exceptions in Art. 17 para. 3 lit. a to e GDPR applies.

5. Right to be notified

You have the right to ask us to inform you of the parties to whom we have transmitted data relating to you, unless this involves disproportionate effort on our part.

6. Right to data portability

They have the right to data transferability if data processing is carried out using automated procedures and the legal basis is Article 6(1)(b) GDPR.

7. Right to object

You have the right to object to the processing insofar as the legal basis of the processing is Art. 6 para. 1 lit. e or f GDPR.

8. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with any supervisory authority if you believe that the processing of data relating to you is illegal.

The data protection supervisory authority responsible for the HIIG is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219
10969 Berlin
Germany

Phone: +49 (0)30 13889-0
Fax: +49 (0)30 2155050
E-Mail: mailbox@datenschutz-berlin.de

Data Protection Officer

Jörg Pohle, Dr.

Co-Head of Research Programme: Actors, Data and Infrastructures

Keep in touch

Sign up for our newsletters.