data-privacy

Privacy Policy

This privacy policy informs about the manner, scope and purpose of processing personal data (hereinafter referred to as data) as well as your rights regarding this data processing within our online service.

I. RESPONSIBILITY FOR DATA PROCESSING

Responsible for data processing is:
CISPA – Helmholtz-Zentrum für Informationssicherheit gGmbH
Stuhlsatzenhaus 5
66123 Saarbrücken
Germany

Phone: +49 681 87083 1521
Fax: +49 681 87083 8801
E-mail: info@cispa.de

CISPA is represented by the managing directors Prof. Dr. Dr. h. c. Michael Backes and Chief Operating Officer and Member of the Executive Board Dr. Kevin Streit.

II. DATA PROTECTION OFFICER

You can reach our data protection officer at:

Phone: +49 681 87083 1521
E-mail: dsb@cispa.de

If you have general questions about data privacy, you can also contact our staff unit
data protection department: datenschutz@cispa.de

III. GENERAL INFORMATION ON DATA PROCESSING ON THIS WEBSITE

1. Data processing

On our website, the following data are subject to processing: inventory data (e.g. names) and meta and communication data (e.g. device information, browser information, IP addresses of website users).

Persons affected by the processing of the data are all visitors and users of our website as well as project staff and communication partners. The data processing depends on this and on the user behaviour. For example, by visiting this website alone, only meta and communication data of the website users are processed. In the case of contact via e-mail, the user’s personal data transmitted with the e-mail is processed.

2. Purpose of the data processing

We collect and use data of our users only to the extent necessary to provide our content and a functional and user-friendly website. In the case of contact via e-mail, the purpose of processing is to handle the communication.

3. Legal basis for data processing

Data processing is only carried out on a strictly legal basis. This is the case if the data subject has given his or her consent (Art. 6 para. 1 letter a, Art. 7 DSGVO), if we are obliged to fulfil contractual or pre-contractual obligations (Art. 6 para. 1 letter b DSGVO), if we have to fulfil legal obligations (Art. 6 para. 1 letter c DSGVO) or if we protect our legitimate interests (Art. 6 para. 1 letter f DSGVO). Special regulations such as those of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) may also apply.

4. Recipients of data

Your data will not be transferred to processors or other third parties for purposes other than those listed below.

We only pass on your data to third parties if:

you have given your explicit consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO
the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f DSGVO is necessary to protect our legitimate interests or those of a third party and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for disclosure under Art. 6 para. 1 sentence 1 letter c DSGVO, and
this is legally permissible and required under Art. 6 para. 1 sentence 1 lit. b DSGVO for the processing of contractual relationships with you.

We conclude contracts for commissioned data processing with contract processors in accordance with Art. 28 DSGVO, according to which these also undertake to comply with data protection.

5. Data security

In accordance with Art. 32 DSGVO and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

In addition, we take the protection of personal data into account as early as the development and selection of hardware, software and processes, in accordance with the principle of data protection by design and through data protection-friendly default settings (Art. 25 DSGVO).

6. Storage of data

The data processed by us is stored as long as it is necessary for the purpose of processing. It will be deleted as soon as the purpose for processing this data ceases to apply or consent is revoked.

Data may also be stored if this is necessary for other legally permissible purposes. Processing is then limited to these purposes. This applies, for example, to data that must be stored for reasons of commercial or tax law, or that must be stored to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. Here too, the data will be deleted as soon as the purpose no longer applies.

IV. DATA PRIVACY FOR THE SOCIAL MEDIA ACTIVITIES OF ELSA

X (formerly Twitter) Fanpage

We, CISPA – Helmholtz-Zentrum für Informationssicherheit gGmbH, use a X (formerly Twitter) fan page under the name @elsa_lighthouse. CISPA coordinates the project ELSA – European Lighthouse on Secure and Safe AI.
In the following we would like to inform you about the processing of your personal data on our Twitter fan page.

Processing of personal data by X (formerly Twitter)Processing of personal data by X (formerly Twitter)
X (formerly Twitter) is a service provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A.
We would like to point out that you use the services provided by X Corp. (formerly Twitter Inc.) and all related functions (e.g. sharing and rating of content) on your own responsibility.
Information about the data processing carried out by X Corp. (formerly Twitter Inc.) and the corresponding purposes pursued can be found in the data protection declaration of X Corp. (formerly Twitter Inc.).
The privacy policy of X (formerly Twitter) can be found here: https://twitter.com/de/privacy
We have no influence on the type and scope of the data processed by X Corp. (formerly Twitter Inc.) or its transfer to third parties. We have no means of control in this regard.
Your data is collected and processed by X Corp. (formerly Twitter Inc.). Your personal data is transferred to the United States, Ireland and any other country in which X Corp. (formerly Twitter Inc.) does business, regardless of your place of residence.
Data that you have voluntarily submitted to X Corp. (formerly Twitter Inc.) will be processed by X Corp. (formerly Twitter Inc.) (e.g. name and user name, email address, telephone number or the contacts in your address book) if you upload them.
In addition, X Corp. (formerly Twitter Inc.) evaluates the content you share. As a result, X Corp. (formerly Twitter Inc.) determines the topics and content you are interested in. Furthermore, confidential messages that you send to other users of X (formerly Twitter) are processed. GPS data, wireless network information or your IP address are used to determine your location and to send you content, usually advertising.
The evaluation is carried out with the help of various analysis tools, such as Google Analytics. The use of such analysis tools by X (formerly Twitter) is not subject to our control or influence. If such analysis tools are used by X Corp. (formerly Twitter Inc.), we were not informed about the use of such tools. As a result, X Corp. (formerly Twitter Inc.) has not been engaged by us to provide support or assistance in the use of such analysis tools. Furthermore, the results of such analysis are not made available to us. Only anonymised information about the response generated by tweets (clicks, likes, etc.) can be viewed by us. The use of analysis tools on our X (formerly Twitter) account cannot be turned off and there are no other ways to prevent such use.
Twitter also receives data from visitors who do not have a X (formerly Twitter) account when they view content on X (formerly Twitter). This log data includes the IP address, the type of browser used, the operating system, information about the website and pages you have previously visited, location, mobile phone provider, cookies or search terms and the end device used.
X (formerly Twitter) also has the option of recording visits to websites and assigning them to the corresponding Twitter account if so-called X (formerly Twitter) buttons or widgets have been embedded in the respective website.
It is possible for you to restrict the processing of your data by X (formerly Twitter). To do so, you can open the general settings of your X (formerly Twitter) account and change your privacy settings under “Privacy and Security”.

You can control and individualize your privacy settings here:

https://twitter.com/personalization
Additional assistance is available for this purpose:
https://support.twitter.com/articles/105576#
https://help.twitter.com/de/search?q=datenschutz

You can also change certain settings for your mobile devices (e.g. smartphones, tablets, etc.) so that X (formerly Twitter) has limited access to your contact data, location data, calendar data or photos, among other things. These setting options differ depending on the operating system used on your mobile device.

For more information and assistance, please visit

https://support.twitter.com/articles/20172711# (possibility to view your own data processed by X (formerly Twitter)
https://twitter.com/your_twitter_data (Information about conclusions from X (formerly Twitter) about you)
https://support.twitter.com/forms/privacy (form to receive further information from X (formerly Twitter))
https://support.twitter.com/articles/20170320# (possibility to download your own X (formerly Twitter) archive)

Processing of personal data by us
When we process your personal data on X (formerly Twitter), it is not collected via our X (formerly Twitter) account. A transmission of data to X (formerly Twitter), such as IP addresses, due to the embedding of tweets on homepages or the like does not take place.

However, it is possible that we retweet tweets from you, reply to tweets from you or write tweets that refer to you or to your Twitter account. In this respect, your public data on X (formerly Twitter) can be made accessible to followers of our site.

The purpose of processing on our X (formerly Twitter) site is to provide information about our products and services, combined with the possibility for users to interact with us in a targeted manner. The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is in particular our business interest in sharing information with our users and being able to communicate with them.
Data will only be passed on to public authorities in the event of overriding legal provisions.
If we publish pictures of people, this is done via consent (legal basis: Art. 6 para. 1 lit. a GDPR), on the basis of a contractual agreement (legal basis: Art. 6 para. 1 lit. b GDPR) and in exceptional cases on the basis of legitimate interests (legal basis: Art. 6 para. 1 lit. f. GDPR).

Transfer to third countries
It is not excluded that data from users may be processed on systems outside the European Union. X (formerly Twitter) has subjected itself to the standard contractual clauses and has thus committed itself to comply with EU data protection standards.

Your right of access, rectification, erasure, objection and data portability
You can exercise your right to access, rectification and erasure of data at any time. Simply contact us using the methods described above. If you wish to have your data erased, but we are still legally obliged to retain it, access to your data will be restricted (blocked). The same applies in the event of an objection. You can exercise your right to data portability as long as the technical possibilities are available to the recipient and to us.

Your right of objection
You have the opportunity to object to the processing of your personal data at any time on the basis of a legitimate interest in accordance with Art. 6 Para. 1 letter f GDPR or on the basis of public interests in the sense of Art. 6 Para. 1 letter e GDPR.
If we process your personal data for the purposes of direct advertising, you also have the opportunity to object to this processing at any time.
Please communicate your objection via the above-mentioned e-mail address.
If your rights must be asserted against Twitter International Company, we will forward your request to X Corporation (formerly Twitter International Company).

Right of appeal
You have the possibility to lodge a complaint with a data protection authority at any time.

LinkedIn page

We also use a page on the platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We use this page to:

Present ELSA news
Get and stay in touch with the community and followers
Inform the community and followers about current developments and events in our ELSA research project
Address questions and concerns from customers and followers
share ELSA-related news from partners and other networks

When visiting our site, personal data of users is collected by LinkedIn as the controller, for example through the use of cookies. Such data collection by LinkedIn may also occur for visitors to this site who are not logged in or registered with LinkedIn. Information about data collection and further processing by LinkedIn can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy?_l=de_DE.

CISPA – Helmholtz-Zentrum für Informationssicherheit gGmbH (CISPA) cannot track which user data LinkedIn collects. Nor does CISPA have full access to the data collected or your profile data. CISPA can only see the public information of your profile. You decide what this information is in your LinkedIn settings.
If our site offers a chat function, CISPA uses your data when using the chat function to answer your inquiry. The service and customer care information collected in this way is used to contact you in order to provide you with the requested information and offers.

CISPA receives anonymous statistics on the use and usage of the Page due to legitimate interest of LinkedIn. The following information is provided:
Followers: number of people who follow CISPA – including increases and development over a defined time frame.
Reach: Number of people who see a specific post. Number of interactions on a post. This can be used, for example, to determine which content is better received by the community than others.
Ad performance: How many people were reached and interacted with a post or paid ad.

CISPA uses these statistics, from which we cannot draw any conclusions about individual users, to constantly improve its online offering on LinkedIn and to better respond to the interests of our community. We cannot link the statistical data with the profile data of our followers. You can decide via your LinkedIn settings in which form targeted advertising is displayed to you.
CISPA receives personal data via LinkedIn if you actively communicate this to us via a personal message on LinkedIn. We use your data (e.g., first name, last name, company and position) to respond to your request. Your data will be stored for this purpose.

V. ACCESS DATA/SERVER LOG FILES

1. Data processing

When you access our website and the associated sub-pages, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a log file. The following information is recorded without your involvement and stored until it is automatically deleted: IP-Adresse, Timestamp, accessed URL, HTTP-Status, Webbrowser+Version.

2. Purpose

The above-mentioned data is processed by us for the following purposes: Making our online offer available, ensuring a problem-free connection to the website, system security and stability.

3. Legal basis

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest results from the above listed purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your identity.

4. Storage

For security reasons (e.g. for the clarification of cases of abuse), the data is stored for a period of 7 days. If longer storage is necessary for evidence purposes, the data will be deleted after the final clarification of the matter.

VI. APPLICATION PROCESS

Each company processes the applicant data you provide as part of an application process on a separate website, which has its own privacy policy for the website.

VII. RIGHTS OF DATA SUBJECTS

You have the following rights in relation to the processing of your data by CISPA:

You have the right to obtain confirmation as to whether data that concerns you is being processed and the right to obtain information on such data and to receive further information and a copy of the data in accordance with Art. 15 of the DPA.
In accordance with Art. 16 DSGVO, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
In accordance with Art. 17 DSGVO, you have the right to demand that data relating to you be deleted immediately, or alternatively, in accordance with Art. 18 DSGVO, to demand that the processing of the data be restricted.
You have the right to demand that you receive the data concerning you which you have provided us with in accordance with Art. 20 DSGVO and to demand that it be passed on to other responsible parties.
You have the right to revoke consents granted in accordance with Art. 7 Para. 3 DSGVO with effect for the future.
Right of objection: You may object to the future processing of data concerning you in accordance with Art. 21 DSGVO at any time (see below).
In accordance with Art. 77 DSGVO, you may lodge a complaint with the supervisory authority responsible for data protection. As a rule, you can contact the supervisory authority of your place of residence or the Independent Data Protection Centre Saarland for this purpose:
Unabhängiges Datenschutzzentrum Saarland
Die Landesbeauftragte für Datenschutz und Informationsfreiheit
Fritz-Dobisch-Straße 12
66111 Saarbrücken
Telefon: (0681) 94781-0
Telefax: (0681) 94781-29
E-Mail: poststelle@datenschutz.saarland.de

Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO if there are reasons for doing so arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without indicating any special situation.

If you wish to revoke your consent or exercise your right of objection, simply send an e-mail to dsb@cispa.de.

VIII. VALIDITY AND AMENDMENT OF THIS PRIVACY POLICY

This privacy policy is currently valid and reflects the state of November 2024.

It may become necessary to amend this data protection declaration as a result of the further development of our website and further offers or due to changes in legal or official requirements. You can access and print out the current data protection declaration at any time.