Data protection information

The project “Forum Privatheit” is a project of the Fraunhofer Institute for Systems and Innovation Research. The Fraunhofer Institute for Systems and Innovation Research takes the protection of your personal data very seriously.

When you use this website, your personal data will be processed by us as the data controller and stored for the duration necessary to fulfill the specified purposes and legal obligations. In the following, we will inform you which data is involved, how it is processed and which rights you have in this respect.

According to Art. 4 No. 1 of the Basic Data Protection Regulation (DSGVO), personal data is all information relating to an identified or identifiable natural person.

  • 1. scope of application
  • 2. the name and contact details of the data controller and of the company’s data protection officer
  • 3. processing of personal data and purposes of processing
  • 4. disclosure of personal data to third parties
  • 5. cookies
  • 6. social plugins
  • 7. YouTube
  • 8. rights of data subjects
  • 9. data security
  • 10. actuality and modification of this data protection information

1. Scope of application

This data protection information applies to the project website at and all services offered in connection with the project as a web service or as a mobile app provided that reference is made to this data protection information.

2.The name and contact details of the data controller and of the company data protection officer

This data protection information applies to the data processing on the website by the person responsible:

Responsible in the sense of art. 4 no. 7 DSGVO:

Fraunhofer Institute for Systems and Innovation Research ISI
(hereinafter referred to as “Fraunhofer-ISI”)
Breslauer road 48
76139 Karlsruhe

Phone: +49 721 6809-0
Fax: +49 721 689152

The data protection officer of Fraunhofer-ISI can be reached at the above address for the attention of the data protection officer.

You can contact our data protection officer directly at any time if you have any questions about data protection law or your rights.

3.Processing of personal data and purposes of processing

a) When visiting the website

You can access our website without revealing your identity. The browser used on your terminal device only automatically sends information to the server of our website (e.g. browser type and version, date and time of access) in order to establish a connection to the website. This also includes the IP address of your requesting end device. This is temporarily stored in a so-called log file and automatically deleted after 4 weeks.

The IP address is processed for technical and administrative purposes of establishing and maintaining a connection in order to guarantee the security and functionality of our website and to be able to prosecute any illegal attacks on it if necessary.

The legal basis for the processing of the IP address is Art. 6 Para. 1 S. 1 lit. f DSGVO. Our justified interest results from the security interest mentioned and the necessity of a trouble-free supply of our web page.
We cannot draw any direct conclusions about your identity from the processing of your IP address and other information in the log file.

In addition, we use cookies and analysis services when you visit our website. You will find more detailed information on this under sections 4 and 5 of this data protection information.

b) When registering for our newsletter

If you have expressly consented in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO, we will use your e-mail address to send you our regular newsletter informing you about the work at our institute and other Fraunhofer e.V. facilities and events.

After your registration, you will receive a registration notification by e-mail, which you must confirm in order to receive the newsletter (so-called double opt-in). This serves as proof that the registration was actually initiated by you.

You can unsubscribe at any time, e.g. via a link at the end of each newsletter. Alternatively, you can also send your unsubscription request to at any time:

Your e-mail address will be deleted from our newsletter distribution list immediately after your consent to receive your newsletter has been revoked.

c) When using contact forms

We offer you the opportunity to contact us via a form provided on the website. The following information is required as mandatory information:

First name and surname and
E-mail address.

We need your data to determine who sent the request and to be able to answer and process it.

The data processing takes place on your request and is based on our legitimate interests pursuant to Art. 6 Para. 1 S. 1 lit. f DSGVO when answering a contact request.

The personal data collected by us for the use of the contact form will be automatically deleted after you have completed your request.

d) When registering for events

We regularly offer events of all kinds via our website, for which you can register online. When registering for an event, some mandatory information must be provided. This includes

First name and surname
email address

Any other mandatory information is marked as such (e.g. by *). In addition, further information can often be provided voluntarily.

The processing of the mandatory data is done in order to identify the interested parties as participants of the event, as well as to process the contract on participation and to provide the participants with information on the event before, during and after the event. The provision of voluntary data enables us to plan and carry out the event according to the interests and age of the participants.

Data processing is carried out at the request of interested participants and is required for the purposes specified in Art. 6 Para. 1 S. 1 lit. b DSGVO for the fulfilment of the participant contract and the pre-contractual measures.

Within the scope of event registration via our web forms, we cooperate with the service provider Mailingwork GmbH, Birkenweg 7, 09569 Oederan (“Mailingwork”). The purpose of the cooperation is the professional administration of online registrations. For this purpose, the entered data is stored on the servers of Mailingwork in Germany.

We have concluded an order processing contract with Mailingwork. With this contract Mailingwork assures that they process the data on our behalf in accordance with the data protection basic regulation and guarantee the protection of the rights of the persons concerned.

4.Transfer of personal data to third parties

Except in the aforementioned cases (registration for events, registration for a newsletter), we will only pass on your personal data to third parties if:

you have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO,
this is necessary pursuant to Art. 6 para. 1 sentence 1 lit. b DSGVO for the performance of a contract with you,
in the event that there is a legal obligation to pass on the data pursuant to Art. 6 (1) sentence 1 lit. c DSGVO.

In particular, if you have registered for an event, it may be necessary for your personal data to be transferred to an external organiser in order to fulfil the contract. In connection with an event registration, you will be informed who is the organiser and whether this is an external organiser. The latter will process personal data within the scope of the event and in particular for participant administration purposes.

A transfer of personal data to a third country (outside the EU) or an international organisation is excluded.


We use cookies on our site. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your terminal device and do not contain viruses, Trojans or other malware.

Information is stored in the cookie, which results in each case in connection with the specifically used terminal device. This does not mean, however, that we will immediately become aware of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages on our website.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal for a specific period of time. If you visit our site again to make use of our services, it is automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again.


On the other hand, we use cookies in order to statistically record the use of our website and to evaluate it for you for the purpose of optimising our offer (see Section 6). These cookies enable us to automatically recognise that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. The complete deactivation of cookies may, however, result in you not being able to use all the functions of our website.

6.Social plugins

We use so-called Social-Media-Buttons (also Social-Media-Plugins) on our website. These are small buttons with which you can publish the content of our website in social networks under your profile.

If you activate such a button, a connection will be established between our website and the social network. In addition to the content in question, the operator of the social network also receives other, sometimes personal, information. This includes, for example, the fact that you are currently visiting our site.

The social media buttons are integrated using the so-called Shariff solution. This solution developed by Heise and c’t prevents a connection to a social network from already being established simply because you call up a page with a social media button without activating it. This means that information is only transmitted to the social network when you use the button.

If the respective symbol is visible on the website in the header or footer area or in the right/left column, then we use the appropriate social media plug-in on the website. The possible social media are:

a) Facebook parts of Facebook Ireland Limited
In some cases, information is transferred to the parent company Facebook Inc. based in the USA. This company complies with the data protection regulations of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your related rights and setting options for the protection of your privacy can be found in Facebook’s privacy policy.

b) Twitter parts of the Twitter International Company
In some cases, information is transmitted to the parent company Twitter Inc. based in the USA. This company complies with the data protection regulations of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce.
For more information about Twitter’s privacy practices, please see Twitter’s Privacy Policy.

c) Share Google+ with Google LLC
Google complies with the US Privacy Shield and is registered with the US Department of Commerce’s US Privacy Shield program.
For more information about privacy at Google, please see Google’s Privacy Statement.

d) Xing share the Xing SE
Further information on data protection at Xing can be found in XING’s Privacy Policy.

e) Pinterest share with Pinterest Europe Ltd.
For more information about privacy at Pinterest, please see Pinterest’s Privacy Policy.

7. YouTube

We use components (videos) of the company YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA (hereinafter: “YouTube”), a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”), on our Internet pages on the basis of a consent in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.

We use the “enhanced privacy mode” option provided by YouTube for this purpose.

When you visit a page that has an embedded video, YouTube connects to the YouTube servers and displays the content on the website by notifying your browser.

According to YouTube, in “extended data protection mode”, your data – in particular which of our websites you have visited and device-specific information including your IP address – will only be transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission.

If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your account before you visit our site.

Google complies with the US Privacy Shield and is registered with the US Department of Commerce’s US Privacy Shield program.

For more information about YouTube privacy, please see Google’s Privacy Policy.

8. Rights of data subjects

You have the right:

in accordance with Art. 7 para. 3 DSGVO to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
in accordance with Art. 16 DSGVO, to immediately request the correction of incorrect or incomplete personal data stored by us;
to demand the deletion of your personal data stored by us in accordance with Art. 17 DSGVO, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
to demand the restriction of the processing of your personal data in accordance with Art. 18 DSGVO if the correctness of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 DSGVO;
in accordance with Art. 20 DSGVO, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request the transfer to another responsible party, and
to complain to a supervisory authority pursuant to Art. 77 DSGVO. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.

Information about your right to object according to Art. 21 DSGVOSie have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Article 6 paragraph 1 letter e DSGVO (data processing in the public interest) and Article 6 paragraph 1 letter f DSGVO (data processing on the basis of a weighing of interests); this also applies to profiling of Article 4 No. 4 DSGVO based on this provision.

If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

If your objection is against the processing of data for the purpose of direct marketing, we will immediately cease processing. In this case it is not necessary to indicate a special situation. This also applies to profiling as far as it is connected with such direct advertising.

If you wish to make use of your right of objection, simply send an e-mail to:

9. Data security

All data transmitted by you personally is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that can also be used for online banking, for example. You can recognize a secure TLS connection by the s attached to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

10. Actuality and modification of this data protection information

This data protection information is currently valid and as of May 2018.

Due to the further development of our website and offers about it or due to changed legal or official requirements, it may be necessary to change this data protection information. The current data protection information can be accessed at any time on the website at

can be retrieved and printed by you.