Privacy Policy

This privacy policy informs about the manner, scope and purpose of processing personal data (hereinafter referred to as data) as well as your rights regarding this data processing within our online service.


Responsible for data processing is:
CISPA – Helmholtz-Zentrum für Informationssicherheit gGmbH
Stuhlsatzenhaus 5
66123 Saarbrücken

Phone: +49 681 87083 1521
Fax: +49 681 87083 8801

CISPA is represented by the managing directors Prof. Dr. Dr. h. c. Michael Backes and Chief Operating Officer and Member of the Executive Board Dr. Kevin Streit.


You can reach our data protection officer at:

Phone: +49 681 87083 1521

If you have general questions about data privacy, you can also contact our staff unit
data protection department:


1. Data processing

On our website, the following data are subject to processing: inventory data (e.g. names) and meta and communication data (e.g. device information, browser information, IP addresses of website users).

Persons affected by the processing of the data are all visitors and users of our website as well as project staff and communication partners. The data processing depends on this and on the user behaviour. For example, by visiting this website alone, only meta and communication data of the website users are processed. In the case of contact via e-mail, the user’s personal data transmitted with the e-mail is processed.

2. Purpose of the data processing

We collect and use data of our users only to the extent necessary to provide our content and a functional and user-friendly website. In the case of contact via e-mail, the purpose of processing is to handle the communication.

3. Legal basis for data processing

Data processing is only carried out on a strictly legal basis. This is the case if the data subject has given his or her consent (Art. 6 para. 1 letter a, Art. 7 DSGVO), if we are obliged to fulfil contractual or pre-contractual obligations (Art. 6 para. 1 letter b DSGVO), if we have to fulfil legal obligations (Art. 6 para. 1 letter c DSGVO) or if we protect our legitimate interests (Art. 6 para. 1 letter f DSGVO). Special regulations such as those of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) may also apply.

4. Recipients of data

Your data will not be transferred to processors or other third parties for purposes other than those listed below.

We only pass on your data to third parties if:

  • you have given your explicit consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f DSGVO is necessary to protect our legitimate interests or those of a third party and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • in the event that there is a legal obligation for disclosure under Art. 6 para. 1 sentence 1 letter c DSGVO, and
  • this is legally permissible and required under Art. 6 para. 1 sentence 1 lit. b DSGVO for the processing of contractual relationships with you.

We conclude contracts for commissioned data processing with contract processors in accordance with Art. 28 DSGVO, according to which these also undertake to comply with data protection.

5. Data security

In accordance with Art. 32 DSGVO and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

In addition, we take the protection of personal data into account as early as the development and selection of hardware, software and processes, in accordance with the principle of data protection by design and through data protection-friendly default settings (Art. 25 DSGVO).

6. Storage of data

The data processed by us is stored as long as it is necessary for the purpose of processing. It will be deleted as soon as the purpose for processing this data ceases to apply or consent is revoked.

Data may also be stored if this is necessary for other legally permissible purposes. Processing is then limited to these purposes. This applies, for example, to data that must be stored for reasons of commercial or tax law, or that must be stored to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. Here too, the data will be deleted as soon as the purpose no longer applies.


1. Data processing

When you access our website and the associated sub-pages, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a log file. The following information is recorded without your involvement and stored until it is automatically deleted: IP-Adresse, Timestamp, accessed URL, HTTP-Status, Webbrowser+Version.

2. Purpose

The above-mentioned data is processed by us for the following purposes: Making our online offer available, ensuring a problem-free connection to the website, system security and stability.

3. Legal basis

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest results from the above listed purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your identity.

4. Storage

For security reasons (e.g. for the clarification of cases of abuse), the data is stored for a period of 7 days. If longer storage is necessary for evidence purposes, the data will be deleted after the final clarification of the matter.


Each company processes the applicant data you provide as part of an application process on a separate website, which has its own privacy policy for the website.


You have the following rights in relation to the processing of your data by CISPA:

  • You have the right to obtain confirmation as to whether data that concerns you is being processed and the right to obtain information on such data and to receive further information and a copy of the data in accordance with Art. 15 of the DPA.
  • In accordance with Art. 16 DSGVO, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
  • In accordance with Art. 17 DSGVO, you have the right to demand that data relating to you be deleted immediately, or alternatively, in accordance with Art. 18 DSGVO, to demand that the processing of the data be restricted.
  • You have the right to demand that you receive the data concerning you which you have provided us with in accordance with Art. 20 DSGVO and to demand that it be passed on to other responsible parties.
  • You have the right to revoke consents granted in accordance with Art. 7 Para. 3 DSGVO with effect for the future.
  • Right of objection: You may object to the future processing of data concerning you in accordance with Art. 21 DSGVO at any time (see below).
  • In accordance with Art. 77 DSGVO, you may lodge a complaint with the supervisory authority responsible for data protection. As a rule, you can contact the supervisory authority of your place of residence or the Independent Data Protection Centre Saarland for this purpose:
    Unabhängiges Datenschutzzentrum Saarland
    Die Landesbeauftragte für Datenschutz und Informationsfreiheit
    Fritz-Dobisch-Straße 12
    66111 Saarbrücken
    Telefon: (0681) 94781-0
    Telefax: (0681) 94781-29

    Right of objection
    If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO if there are reasons for doing so arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without indicating any special situation.

If you wish to revoke your consent or exercise your right of objection, simply send an e-mail to


This privacy policy is currently valid and reflects the state of August 2023.

It may become necessary to amend this data protection declaration as a result of the further development of our website and further offers or due to changes in legal or official requirements. You can access and print out the current data protection declaration at any time.