Data protection

Adjust your consent

Privacy Policy

Responsible for the processing of your data:
Science Park Kassel GmbH
Universtitätsplatz 12
34127 Kassel
Germany
Telephone: 0561-95379600
E-Mail: info@sciencepark-kassel.de

We have appointed a Data Protection Officer for our company: You can reach our company Data Protection Officer Dr Marschall or his deputy Mr Blazy (GDPC GbR) by telephone at +49 (0) 561 830 99 165, by post at the above address with the addition – Data Protection Officer – as well as by e-mail at datenschutz@sciencepark-kassel.de.

Privacy information for visitors to the website

Privacy information for visitors to the website

Overview of processing

The following overview summarises the types of data processed and the purposes of their processing and indicates the Data Subjects.

Types of data processed

Inventory data.
Payment data.
Location data.
Contact data.
Content data.
Contract data.
Usage data.
Meta/communication data.

Categories of Data Subjects

Customers.
Interested parties.
Communication contacts.
Users.
Business and contractual partners.
Individuals in pictures.

Purposes of processing

Provision of contractual services and customer service.
Contact enquiries and communication.
Safety measures.
Direct marketing.
Reach measurement.
Office and organisational procedures.
Managing and responding to enquiries.
Feedback.
Marketing.
Profiles with user-related information.
Provision of our online services and user-friendliness.
Information technology infrastructure.

Relevant legal basis

Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal basis be relevant in individual cases, we will inform you of these in the Privacy Policy.

Consent (Art. 6 para. 1 p. 1 lit. a) GDPR) - The Data Subject has given consent to the processing of personal data relating to him or her for a specific purpose or purposes.
Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) GDPR) -Processing is necessary for the performance of a contract to which the Data Subject is party or for the implementation of pre-contractual measures taken at the Data Subject’s request.
Legal obligation (Art. 6 para. 1 p. 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the Controller is subject.
Legitimate interests (Art. 6 (1) p. 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests of the Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require the protection of personal data.

Transmission of Personal Data

In the course of our processing of personal data, the data may be transferred to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

Transfer of data within the organisation: We may transfer or provide access to personal data to other entities within our organisation. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate corporate and business interests or takes place insofar as it is necessary for the fulfilment of our contract-related obligations or if the consent of the Data Subjects or a statutory permission exists.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is only done in accordance with the legal requirements. We only process or allow the processing of data in third countries with a recognised standard of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de), subject to express consent or contractually or legally required transmission.

Erasure of Data

The data processed by us will be deleted in accordance with the statutory requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose). Unless the data are deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

As part of our privacy practices, we may provide users with further information about erasure and retention of data that is specific to the particular type of processing.

Use of Cookies

Cookies are small text files, or other storage notes, which store information on end users' devices and read information from the those devices. For example, to store the login status in a user account, the contents of a shopping basket in an e-shop, the content accessed or the functions used as part of an online service. Cookies can also be used for various purposes, e.g. for the functionality, security and comfort of online services as well as the creation of analyses of visitor flows.

Notes on consent: We use cookies in accordance with the legal requirements. We therefore obtain prior consent from users, except where this is not required by law. In particular, consent is not necessary if the storage and reading of the information, i.e. also of cookies, are absolutely necessary in order to provide the user with a telemedia service expressly requested by the user (i.e. our online services). Revocable consent will be clearly communicated to users and will include information about the particular cookie use.

Notes on the legal basis for data protection: The legal basis under data protection law on which we process users’ personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for the processing of their data is their declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online services and improvement of its usability) or, if this is done in the context of the performance of our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. We explain the purposes for which we process cookies in the course of this Privacy Policy or as part of our consent and processing procedures.

Storage duration: With regard to the storage duration, a distinction is made between the following types of cookies:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left a website and closed his or her end device (e.g. browser or mobile application).
Permanent cookies: Permanent cookies remain stored even after the terminal device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used to measure reach. Unless we provide users with explicit information about the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and can be stored for up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also lodge an objection to processing in accordance with the legal requirements in Art. 21 of the GDPR. Users can also declare their objection via their browser settings, e.g. by deactivating the use of cookies (although this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Cookie settings/ objection option:

To change your settings, please open the Cookie Consent Manager via the Usercentrics icon (grey circle with a fingerprint in a speech bubble) at the bottom left of the website (under the social media icons).

Functional
These technologies allow us to analyse the use of the website in order to measure and improve performance.

Google Maps
This is an integrated map service.

Processing company
Google Ireland Limited
Gordon House, 4 Barrow St, Dublin 4, Ireland

Data purposes
This list represents the purposes of data collection and processing.
· Displaying maps

Technologies used
· API

Data collected
This list represents all (personal) data collected by or through the use of this service.

Date and time of the visit
Location information
IP address
URL
Usage data
Search terms
Geographical location

Legal basis
The following constitutes the required legal basis for data processing.

· Art. 6 para. 1 p. 1 lit. a GDPR

Place of processing
European Union

Retention period
The retention period is the period of time during which the collected data is stored for processing purposes. The data shall be deleted as soon as they are no longer necessary for the aforementioned processing purposes.

Data are deleted as soon as they are no longer needed for the processing purposes.

Data recipient
· Google Ireland Limited, Google LLC, Alphabet Inc

Data Protection Officer of the processing company
Below you will find the e-mail address of the Data Protection Officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Transfer to third countries
This service may transfer the collected data to another country. Please note that this service may transfer the data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that your data will be processed by US authorities for control and monitoring measures, possibly without legal remedies. Below is a list of the countries to which the data will be transferred. For further information on protective measures, please refer to the Privacy Policy of the website provider or contact the website provider directly.

United States of America,Singapore,Taiwan,Chile

Click here to read the Privacy Policy of the Data http://www.google.com/intl/de/policies/privacy/

Click here to unsubscribe from this Processor for all https://safety.google/privacy/privacy-controls/

Click here to read the Cookie Policy of the Data https://policies.google.com/technologies/cookies?hl=en

fonts.com
This is a web font service.

Processing company
Monotype Imaging Holdings Inc.

600 Unicorn Park Drive, Woburn, Massachusetts 01801, United States of America

Data purposes
This list represents the purposes of data collection and processing.

· Provision of fonts

Data collected
This list represents all (personal) data collected by or through the use of this service.

Referrer URL
Customer ID
URL
Identifiers
Anonymised IP address

Legal basis
The following constitutes the required Legal basis for data processing.

· Art. 6 para. 1 p. 1 lit. a GDPR

Place of processing
European Union

The user data collected will be stored for up to 30 days from the date of collection.

Data recipient
· Monotype Imaging Holdings Inc.

Data Protection Officer of the processing company
Below you will find the e-mail address of the Data rotection Officer of the processing company.
privacy@monotype.com

United States of America

Click here to read the Privacy Policy of the Data https://www.monotype.com/legal/privacy-policy

Sendinblue
This is a marketing company that provides software platform services to businesses.

Processing company
Sendinblue Inc.
7 Rue de Madrid, 75008 Paris, France

Data purposes
This list represents the purposes of data collection and processing.

Marketing
Ensuring security, preventing fraud and correcting errors
User-journey analysis
Automation
Functionality
Statistics
Optimisation

Technologies used
· Cookies

· Web beacons

Data collected
This list represents all (personal) data collected by or through the use of this service.

First name
Last name
E-Mail address
Company name
Time of access or loading of page
IP address
Browser type
Information about the operating system

Legal basis
The following constitutes the required legal basis for data processing.

· Art. 6 para. 1 p. 1 lit. a GDPR

Place of processing
European Union

two years

Data recipient
· Sendinblue Inc.

Data Protection Officer of the processing company
Below you will find the e-mail address of the Data Protection Officer of the processing company.
dpo@sendinblue.com

Click here to read the Privacy Policy of the Data https://www.sendinblue.com/legal/privacypolicy/#privacysibinc

Click here to read the Cookie Policy of the Data https://www.sendinblue.com/legal/cookies/

Storage information
Below you can see the longest possible duration for storage on a device, how it is set when using the cookie storage method and whether other methods are used.

Maximum age of cookie storage: 2 years
Non-cookie storage: no

Stored Information
This service uses various means to store information on a user’s device as listed below.

cf_use_ob
This cookie is associated with websites that use CloudFlare. It is used to improve page load times and override any security restrictions based on the visitor’s IP address. It does not contain any user identification information.
Duration: session
Type: cookie
Domain: fr.sendinblue.com

Eupubconsent
This cookie is used by the IAB Europe Transparency & Consent Framework to store the user’s consent to the purposes of data collection. The cookie contains an encrypted consent string that providers participating in the framework can read and use to determine the user’s consent.
Duration: session
Type: cookie
Domain: academy.sendinblue.com

is_n2go_user
Duration: session
Type: cookie
Domain: pt.sendinblue.com

PHPSESSID
PHP cookie that is associated with the embedded content of this domain.
Duration: session
Type: cookie
Domain: apidocs.sendinblue.com

cf_chl_prog
Duration: session
Type: cookie
Domain: es.sendinblue.com

cf_chl_2, cf_chl_cc_, cf_chl_seq_xxxxxxxxxxxxxxx
Duration: session
Type: cookie
Domain: app.sendinblue.com

cf_chl_1, cf_chl_cc_xxxxxxxxxxxx
Duration: session
Type: cookie
Domain: de.sendinblue.com

__cfduid
Cookie linked to websites that use CloudFlare to speed up page loading times. According to CloudFlare, it is used to override any security restrictions based on the IP address the visitor is coming from. It does not contain any user identification information.
Duration: session
Type: cookie
Domain: developers.sendinblue.com

__cf_bm, __cfruid
The __cf_bm- cookie is a cookie that is required to support Cloudflare Bot Management and is currently in private beta. As part of our bot management service, this cookie helps manage incoming traffic that meets the criteria associated with bots.
Duration: session
Type: cookie
Domain: help.sendinblue.com

__cfduid
Duration: session
Type: cookie
Domain: cloudflare.com

country, tmpl_lang, ACCOUNTSESSID, additional_inboxes, additional_landing_pages, additional_users, advanced_email_features, sms-quantity, keen_anonymous_id, tmpl_lang, OptanonConsent, OptanonAlertBoxClosed, plan-type, selected_app, set_currency, user-currency, SIBPHPSESSID, sms-country, pricing_version, enterprise, email_volume
Duration: session
Type: cookie
Domain: sendinblue.com

__cf_bm, __cfruid
Duration: session
Type: cookie
Domain: sendinblue.zendesk.com

__cfduid
Duration: session
Type: cookie
Domain: cloudflareinsights.com, cookielaw.org

nQ_cookieId
This cookie is an analytics cookie that helps identify potential B2B customers and uniquely identifies their session.
Duration: session
Type: cookie
Domain: de.sendinblue.com

intercom-id-f8xnxnsj, localization
These cookies are set on pages with the Flickr widget
Duration: session
Type: cookie
Domain: sendinblue.com

_help_center_session, _zendesk_authenticated, _zendesk_session, _zendesk_shared_session
This cookie helps with the session for the Zendesk guide. This cookie is used to store a binary variable that determines whether a user has been authenticated
Duration: session
Type: cookie
Domain: help.sendinblue.com

sp_t
Duration: session
Type: cookie
Domain: spotify.com

__cfduid
Duration: session
Type: cookie

Domain: readme.io

player, vuid
Duration: session
Type: cookie
Domain: vimeo.com

__cfduid
Duration: session
Type: cookie
Domain: hcaptcha.com

__cfduid
Duration: session
Type: cookie
Domain: onetrust.com

__cfduid
Duration: session
Type: cookie
Domain: bufferapp.com

__cfduid
Duration: session
Type: cookie
Domain: usebouncer.com

_octo, logged_in
Duration: session
Type: cookie
Domain: github.com

__cfduid
Duration: session
Type: cookie
Domain: zdassets.com

Uuid
Duration: session
Type: cookie
Domain: sibautomation.com

em_cdn_uid
Duration: session
Type: cookie
Domain: cdn.embedly.com

YouTube Video
This is a video player service.

Processing company
Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data purposes
This list represents the purposes of data collection and processing.

· Show videos

Technologies use
· Cookies (if the “Privacy-Enhanced” mode is not activated)

Data collected
This list represents all (personal) data collected by or through the use of this service.

· Device information

· IP address

· Referrer URL

· Viewed videos

Legal basis
The following constitutes the required Legal basis for data processing.

· Art. 6 para. 1 p. 1 lit. a GDPR

Place of processing
European Union

Data are deleted as soon as they are no longer needed for the processing purposes.

Data recipient
· Alphabet Inc.

· Google LLC

· Google Ireland Limited

Data Protection Officer of the processing company
Below you will find the e-mail address of the Data Protection Officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Worldwide

Click here to read the Data Processor's Privacy https://policies.google.com/privacy?hl=en

Click here to unsubscribe from this Processor for all https://safety.google/privacy/privacy-controls/

Click here to read the Data Processor’s cookie https://policies.google.com/technologies/cookies?hl=en

Storage information
Below you can see the longest possible duration for storage on a device, how it is set when using the cookie storage method and whether other methods are used.

· Maximum age of cookie storage: 10 years, 2 days

Stored Information
This service uses various means to store information on a user’s device as listed below.

PREF
This cookie stores your preferences and other information, in particular your preferred language, how many search results you want displayed on your page and whether or not you want to activate Google’s SafeSearch filter.
Duration: 10 years, 2 days
Type: cookie
Domain:

VISITOR_INFO1_LIVE
This cookie measures your bandwidth to determine whether you are receiving the new player interface or the old one.
Duration: session
Type: cookie
Domain:

use_hitbox
This cookie increases the “views” counter of the YouTube video.
Duration: session
Type: cookie
Domain:

YSC
This is set on pages with embedded YouTube video.
Duration: session
Type: cookie
Domain:

YouTube Subscribe Button
This is a button to subscribe to a channel of the video platform YouTube.

Processing company
Google LLC, D/B/A YouTube
901 Cherry Ave. San Bruno, CA 94066, United States of America

Data purposes
This list represents the purposes of data collection and processing.

Analysis
Functionality
Improvement of the service
Statistics

Technologies used
· Cookies

Data collected
This list represents all (personal) data collected by or through the use of this service.

Browser type
GPS data
Information on website visit
IP address
Name of the website
Screen resolution
Statistical data
User behaviour
Language information
Usage of the website

Legal basis
The following constitutes the required Legal basis for data processing.

· Art. 6 para. 1 p. 1 lit. a GDPR

Place of processing
United States of America

Data are deleted as soon as they are no longer needed for the processing purposes.

Data recipient
· Google LLC, Google Ireland Limited, Alphabet Inc

Data Protection Officer of the processing company
Below you will find the e-mail address of the Data Protection Officer of the processing company.
https://support.google.com/policies/troubleshooter/7575787?hl=en

Worldwide

Click here to read the Data Processor’s Privacy https://policies.google.com/privacy?hl=en-GB&gl=uk

Click here to unsubscribe from this Processor for all https://safety.google/privacy/privacy-controls/

Click here to read the Data Processor’s Cookie Policy https://policies.google.com/technologies/cookies?hl=en

Matomo (self hosted)
This is a self-hosted web analytics platform.

Data purposes
This list represents the purposes of data collection and processing.

· Analysis

· Optimisation

Technologies used
· Cookies

· Device fingerprint

Data collected
This list represents all (personal) data collected by or through the use of this service.

Browser language
Browser type
Device operating system
Device type
Geographical location
IP address
Number of visits
Referrer URL
Screen resolution
Usage data
Visited subpages

The data will be deleted as soon as they are no longer needed for the processing purposes.

Essential
These technologies are required to enable the core functionality of the website.

Usercentrics Consent Management Platform
This is a consent management service. On the website, Usercentrics GmbH is used as an order processor for the purpose of consent management.

Processing company
Usercentrics GmbH
Sendlinger Str. 7, 80331 Munich, Germany

Data purposes
This list represents the purposes of data collection and processing.

· Compliance with legal obligations

· Consent storage

Technologies used
· Local Storage

· Pixel

Data collected
This list represents all (personal) data collected by or through the use of this service.

Opt-in- and Opt-out data

Referrer URL
User agent
User settings
Consent ID
Timepoint of consent
Consent type
Template version
Banner language
IP address

Legal basis
The following constitutes the required legal basis for data processing.

· Art. 6 para. 1 p. 1 lit. c GDPR

Place of processing
European Union

The consent data (consent given and revocation of consent) is stored for one year. The data will then be deleted immediately.

Data recipient
· Usercentrics GmbH

Data Protection Officer of the processing company
Below you will find the e-mail address of the Data Protection Officer of the processing company.
datenschutz@usercentrics.com

Click here to read the Data Processor’s Privacy policy https://usercentrics.com/privacy-policy/

Mittwald

This is a CMS service provider. This service offers optimised hosting solutions for content management and e-commerce solutions.

Processing company
Mittwald CM Service GmbH & Co. KG

Königsberger Straße 4-6, 32339 Espelkamp, Germany

Data purposes
This list represents the purposes of data collection and processing.

· Functionality

Technologies used
· Cookies

Data collected
This list represents all (personal) data collected by or through the use of this service.

Access status
Date and time of the visit
Host name of the accessing computer
IP address
Log file data
Transferred data volume
User agent
Websites visited

Legal basis
The following constitutes the required legal basis for data processing.

· Art. 6 para. 1 p. 1 lit. f GDPR

Place of processing
European Union

IP addresses are deleted after 60 days and error logs after 7 days

Data recipient
· Mittwald CM Service GmbH & Co. KG

Data Protection Officer of the processing company
Below you will find the e-mail address of the Data Protection Officer of the processing company.
datenschutz@mittwald.de

Click here to read the Privacy Policy of the Data https://www.mittwald.de/datenschutz

Storage information
Below you can see the longest possible duration for storage on a device, how it is set when using the cookie storage method and whether other methods are used.

· Non-cookie storage: no

Further information on processing operations, procedures and services:

Processing of cookie data on the basis of consent: We use a cookie consent management procedure (so-called interactive cookie banner), within the framework of which the consent of users to the use of cookies, or to the processing and providers named in the cookie consent management procedure, can be obtained and managed and revoked by users. The declaration of consent is stored so that it does not have to be repeated and the consent can be proven in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie or with the help of comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual details of cookie management service providers, the following information applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is created and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used.

Provider, realised by:
Usercentrics: Cookie consent management; Service provider: Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany; Website: https://usercentrics.com/de/; Privacy Policy: https://usercentrics.com/de/datenschutzerklaerung/.

Business services

We process the data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “Contractual Partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the Contractual Partners (or pre-contractual), e.g. to answer enquiries.

We process this data to fulfil our contractual obligations. This includes in particular the obligations to provide the agreed services, any update obligations and remedies in the event of SP warranty and other service disruptions. In addition, we process the data to safeguard our rights and for the purposes of the administrative tasks associated with these duties and the company organisation. Furthermore, we process the data on the basis of our legitimate interests in proper and operational business management as well as security measures to protect our Contractual Partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only disclose Contractual Partner data to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations. Contractual Partners will be informed about other forms of processing, e.g. for marketing purposes, within the framework of this Privacy Policy.

We inform the Contractual Partners which data are required for the above-mentioned purposes before or in the course of data collection, e.g. in online forms, through special labelling (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be kept for legal archiving reasons. The statutory retention period for documents relevant under tax law as well as for commercial books, inventories, opening balances, annual financial statements, the work instructions required to understand these documents and other organisational documents and accounting vouchers is ten years and for received commercial and business letters and reproductions of sent commercial and business letters six years. The period shall begin at the end of the calendar year in which the last entry was made in the books, the inventory, the opening balance sheet, the annual accounts or the management report was drawn up, the commercial or business letter was received or dispatched or the accounting voucher was created, furthermore the recording was made or the other documents were created.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy practices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Types of data processed: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. e-mail, telephone numbers); contract data (e.g. subject matter of contract, term, customer category).
Special categories of personal data: Health data (Art. 9 para. 1 GDPR); Data concerning one's sex life or sexual orientation (Art. 9 para. 1 GDPR); Religious or philosophical beliefs (Art. 9 para. 1 GDPR); Data revealing racial or ethnic origin (Art. 9 para. 1 GDPR).
Data Subject: Interested parties; Business and Contractual Partners; Customers.
Purposes of processing: Providing contractual services and customer service; contact requests and communication; office and organisational procedures; managing and responding to requests.
Legal basis: Contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 p. 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

Online courses and online training: We process the data of participants in our online courses and online training (collectively referred to as “Participants”) in order to provide our course and training services to them. The data processed in this context, the type, scope, purpose and necessity of their processing are determined by the underlying contractual relationship. The data generally includes information on the courses and services used and, if part of our range of services, personal specifications and results of the participants. The forms of processing also include the performance assessment and evaluation of our services and those of the course and training instructors; Legal basis: contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).

Events: We process the data of the participants of the events, functions and similar activities offered or hosted by us (hereinafter uniformly referred to as “Participants” and “Events”) in order to enable them to participate in the Events and to take advantage of the services or promotions associated with participation. If we process health-related data, religious, political or other special categories of data in this context, then this is done on a need-to-know basis. The required information includes the details needed for the provision of services and billing as well as contact information in order to be able to hold any consultations. Insofar as we obtain access to information of end customers, employees or other persons, we process this in accordance with the legal and contractual requirements; Legal basis: fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) GDPR). For detailed information on the processing of your personal data in the context of Events, please refer to the corresponding tab above at the beginning of this declaration.

Rental services: We process the data of our tenants and of prospective tenants in accordance with the underlying tenancy agreement. We may also process the details of the characteristics and circumstances of persons or property belonging to them if this is necessary within the framework of the rental agreement. This can be, for example, information on personal living circumstances, mobile or immobile material goods and the financial situation as well as the use of ancillary services (such as water or energy supply). If required for the fulfilment of the contract or required by law or approved by the tenants or on the basis of our legitimate interests, we disclose or transmit the tenants' data in the context of coverage enquiries, conclusion and processing of contracts, e.g. to financial service providers, credit institutions, utilities (e.g. electricity) or authorities. Furthermore, we process tenants' data if this is necessary to fulfil legal obligations (e.g. in the case of information obligations in connection with ancillary services as well as the ancillary costs); Legal basis: fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).

Provision of online services and web hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or terminal device.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Data Subject: Users (e.g. website visitors, users of online services).
Purposes of the processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.).); security measures.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Further information on processing, procedures and services:
Provision of online services on rented storage space: For the provision of our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also referred to as "web hoster"); Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Collection of access data and log files: Access to our online services is logged in the form of so-called “server log files”. The server log files may include the address and name of the web pages and files retrieved, the date and time of the retrieval, the amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used on the one hand for security purposes, e.g. to avoid overloading the servers (especially in the case of malicious attacks, so-called DDoS attacks) and on the other hand to ensure the utilisation of the servers and their stability; Legal basis: legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Erasure of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further retention is required for evidentiary purposes is exempt from erasure until the respective incident has been finally clarified.

Hosting of the website: Performed by our order processor MR Elektronik ; Website: MR Elektronik GmbH & Co. KG - Homepage (mr-elektronik.net)

Contact and enquiry management

When contacting us (e.g. by contact form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information of the person making the enquiry is processed insofar as this is necessary to respond to the contact enquiries and any measures requested.

Types of data processed: Contact data provided by you (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms, incl. factual information about your request); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Data Subject: Communication contact.

Purposes of processing: Contact requests and communication; managing and responding to requests; feedback (e.g. collecting feedback via online form); providing our online services and user experience.

Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) GDPR): Consent (Art. 6 para. 1 p. 1 lit. a GDPR).

Further information on processing operations, procedures and services:

Contact form: If users contact us via our contact form, e-mail or other communication channels, we process the data communicated to us in this context for the purpose of processing the communicated request; Legal basis: Contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) GDPR), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f) GDPR), Consent (Art. 6 para. 1 p. 1 lit. a GDPR).

Video conferencing, online meetings, webinars and screen sharing

We use third-party platforms and applications (hereinafter referred to as “Conferencing Platforms”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as “Conference”).

Data processed by Conferencing Platforms: On the one hand, the scope of the processing depends on which data is requested in the context of a specific Conference (e.g. access data or real names) and which optional information is provided by the Participants. In addition to processing for the purpose of conducting the Conference, Participants’ data may also be processed by the Conferencing Platforms for security or service optimisation purposes. The data processed includes personal data (first name, surname), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the Internet access, information on the Participants’ terminal devices, their operating system, the browser and its technical and linguistic settings, information on the content of communication processes, i.e. entries in chats and audio and video data, as well as the use of other available functions (e.g. surveys). The contents of the communications are encrypted to the extent technically provided by the conference providers. If the Participants are registered as users with the Conferencing Platforms, then further data may be processed in accordance with the agreement with the respective conferencing provider.

Logging and recordings: If text entries, participation results (e.g. from surveys) as well as video or audio recordings are logged, this will be transparently communicated to the Participants in advance and they will be asked – if necessary – for their consent.

Data protection measures of the Participants: Please note the details of the processing of your data by the Conferencing Platforms in their privacy notices and select the optimum security and privacy settings for you within the scope of the settings of the Conferencing Platforms. Furthermore, please ensure data and privacy protection in the background of your recording for the duration of a videoconference (e.g. by notifying roommates, locking doors and using the background obscuring function, if technically possible). Links to the conference rooms and access data may not be passed on to unauthorised third parties.

Notes on legal basis: If, in addition to the Conferencing Platforms, we also process users' data and ask users for their consent to use the Conferencing Platforms or certain functions (e.g. consent to a recording of conferences), the legal basis of the processing is this consent. Furthermore, our processing may be necessary for the fulfilment of our contractual obligations (e.g. in lists of participants, in the case of processing of interview results, etc.). In addition, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication contacts.

Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Data Subjects: Communication contacts; Users (e.g. website visitors, users of online services); Individuals in pictures.
Purposes of processing: Provision of contractual services and customer service; contact requests and communication; office and organisational procedures.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Newsletters and electronic notifications

We send newsletters, e-mails and other electronic notifications (hereinafter “Newsletter”) only with the consent of the recipients or statutory permission. Insofar as the contents of the Newsletter are specifically described in the course of subscription, they are relevant for the consent of the user. Furthermore, our Newsletters contain information about our services and us.

To subscribe to our Newsletters, it is generally sufficient to enter your e-mail address. However, we may ask you to provide a name, for the purpose of personal addressing in the Newsletter, or further information, if this is necessary for the purposes of the Newsletter (voluntary information).

Double-Opt-In procedure: Subscription to our Newsletter is always carried out in a so-called double opt-in procedure. I.e. you will receive an email after subscribing asking you to confirm your subscription . This confirmation is necessary so that no one can register with other people’s e-mail addresses. Subscriptions to the Newsletter are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes the storage of the login and confirmation time as well as the IP address. Likewise, changes to your data stored with the dispatch service provider are logged.

Erasure and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the e-mail address in a blocking list for this purpose alone.

The logging of the subscription process is carried out on the basis of our legitimate interests for the purposes of proving that it has been carried out properly.

Content of our Newsletter: Information about us, our services, promotions, events and offers.

Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); meta/communication data (e.g. device information, IP addresses); usage data (e.g. websites visited, interest in content, access times).
Data Subjects: Communication contacts / Newsletter recipients.
Purposes of processing: Direct marketing (e.g. by e-mail or post); reach measurement (e.g. access statistics, recognition of returning visitors).
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR).
Option to object (Opt-Out): You can cancel the receipt of our Newsletters at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the Newsletter either at the end of each Newsletter or you can use one of the contact options given above, preferably e-mail, for this purpose.

Further information on processing operations, procedures and services:

Measurement of open and click rates: The Newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the Newsletter is opened or, if we use a dispatch service provider, from their server. In the course of this retrieval, technical information, such as information on the browser and your system, as well as your IP address and the time of the retrieval, are initially collected. This information is used for the technical improvement of our Newsletters based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether Newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual Newsletter recipients and stored in their profiles until they are deleted. The evaluations help us to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of the open rates and the click rates as well as the storage of the measurement results in the profiles of the users and their further processing are based on the consent of the users. A separate revocation of the performance measurement is unfortunately not possible; in this case, the entire Newsletter subscription must be cancelled or must be objected to. In this case, the stored profile information will be deleted; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR).

SendinBlue: E-Mail marketing platform; Dienstanbieter: SendinBlue SAS, 55, rue d’Amsterdam, 75008 Paris, Frankreich; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); Website: https://de.sendinblue.com/; Privacy Policy: https://www.sendinblue.com/legal/privacypolicy/; Order processing agreement: Available.

Promotional communication via e-mail, post, fax or telephone

We process personal data for the purposes of promotional communication, which may take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.

Recipients have the right to revoke consent given at any time or to object to promotional communication at any time.

After revocation or objection, we store the data required to prove the previous authorisation for contacting or sending for up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defence against claims. On the basis of the legitimate interest in permanently observing the revocation or objection of the users, we also store the data required to avoid a renewed contact (e.g. depending on the communication channel, the e-mail address, telephone number, name).

Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers).
Data Subject: Communication contact.
Purposes of processing: Direct marketing (e.g. by e-mail or post).
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Web analysis, monitoring and optimisation

Web analytics (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our website and may include visitor behaviour, interests or demographic information, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognise at what time our website or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas need optimisation.

In addition to web analysis, we may also use testing procedures, e.g. to test and optimise different versions of our online services or its components.

Unless otherwise stated below, profiles, i.e. data summarised for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have agreed to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e., pseudonymisation by shortening the IP address) to protect users. In general, the data stored in the context of web analysis, A/B testing and optimisation are not clear user data (such as e-mail addresses or names), but pseudonyms. This means that we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Data Subject: Users (e.g. website visitors, users of online services).
Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles).
Security measures: IP-Masking (pseudonymisation of the IP address).
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

Matomo (without cookies): Matomo is a software that is used for the purposes of web analysis and reach measurement. It is a data protection-friendly web analysis software which is used without cookies and which recognises returning users with the help of a so-called “digital fingerprint” which is stored anonymously and changed every 24 hours; with the “digital fingerprint”, user movements within our online services are recorded with the help of pseudonymised IP addresses in combination with the user's browser settings in such a way that it is not possible to draw conclusions about the identity of individual users. The user data collected in the context of the use of Matomo is only processed by us and is not shared with third parties; Legal basis: Consent (via cookie banner, Art. 6 para. 1 p. 1 lit. a GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Website: https://matomo.org/.
Matomo: Matomo is a software that is used for the purposes of web analysis and reach measurement. Cookies are generated and stored on the user’s terminal device within the scope of the use of Matomo. User data collected through the use of Matomo is only processed by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); Erasure of data: The cookies have a maximum storage period of 13 months.

Presence on social networks (social media)

We maintain an online presence on social networks and process user data in this context in order to communicate with users who are active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This can result in risks to users because, for example, it could make it more difficult to enforce users’ rights.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the usage profiles irrespective of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the Privacy Policies and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of Data Subject Rights, we would like to point out that these can be asserted most effectively with the providers. Only the providers have access to users’ data and can directly take appropriate measures and provide information. If you still need help, you can contact us.

Types of data processed: Contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Data Subject: Users (e.g. website visitors, users of online services).
Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

Instagram: social network; Service provider: Meta Platforms Irland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
Facebook pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data of visitors to our Facebook page (so-called “Fanpage”). This data includes information about the types of content users view or interact with, or the actions they take (see under “Things You and Others Do and Provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Privacy Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called “Page Insights”, to page operators to provide them with insights into how people interact with their pages and with the content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfil the Data Subject Rights (i.e. users can, for example, send information or erasure requests directly to Facebook). The rights of users (in particular to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider:: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Standard contractual clauses (guaranteeing the level of data protection in the case of processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Further information: Shared responsibility agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. The shared responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
LinkedIn: social network; Service provider: LinkedIn Irland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Irland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Order processing agreement: https://legal.linkedin.com/dpa; Standard contractual clauses (guaranteeing the level of data protection in the case of processing in third countries): https://legal.linkedin.com/dpa; Option to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR) or consent (Art. 6 para. 1 lit. a GDPR); Privacy Policy: https://policies.google.com/privacy; Option to object (opt-out): https://adssettings.google.com/authenticated.
Additional note: On this website, we only use hyperlinks to refer to our own social media presence. This prevents the transmission of data to the social media providers when merely visiting our website.

Plugins and embedded functions and content

We integrate functional and content elements into our online services that are obtained from the servers of their respective providers (hereinafter referred to as “Third-party Providers”). This may include, for example, graphics, videos or city maps (hereinafter uniformly referred to as “Content”).

The integration always requires that the Third-party Providers of this Content process the IP address of the users, as without the IP address they would not be able to send the Content to their browsers. The IP address is thus required for the display of this Content or these functions We endeavour to only use Content whose respective providers only use the IP address to deliver the Content. Third-party Providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online services as well as be linked to such information from other sources.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); location data (information on the geographical position of a device or a person).
Data Subject: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online services and user-friendliness.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

Google Maps:We integrate the maps of the “Google Maps” service of the provider Google. The data processed may include, in particular, IP addresses and user location data; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Irland; Legal basis: Consent (via cookie banner, Art. 6 para. 1 p. 1 lit. a GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).; Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy
MyFonts: Fonts; data processed as part of font retrieval the webfont project identification number (anonymised), the URL of the licensed website associated with a customer number to identify the licensee and the licensed webfonts, and the referrer URL; the anonymised webfont project identification number is stored in encrypted log files with such data for 30 days to determine the monthly number of page views; After such extraction and storage of the number of page views, the log files are deleted;Service provider: Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); for the actual use and application of the fonts and the associated data processing, we make use of your consent (Art. 6 para. 1 p. 1 lit. a GDPR). Website: https://www.myfonts.com; Privacy Policy: https://www.myfonts.com/info/legal/#Privacy.
YouTube-Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Consent (via cookie banner, Art. 6 para. 1 p. 1 lit. a GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).; Website: https://www.youtube.com; Legal basis: https://policies.google.com/privacy; Option to object (opt-out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.

Note: Insofar as you consent – via the cookie banner – to the use of YouTube and Google Maps and the associated data processing, your consent also relates to the use of Google Fonts directly associated with the use of these services (reference/integration from Google). If you have not given your consent to the use of these services, no data processing takes place in connection with Google Fonts. Obtaining fonts (and symbols) for the purpose of technically secure, maintenance-free and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform presentation and consideration of possible restrictions under licensing law. The provider of the fonts is informed of the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted that are necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server of the provider of the fonts in the USA; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy.

Management, organisation and support tools

We use services, platforms and software from other providers (hereinafter referred to as “Third-party Providers”) for the purposes of organising, managing, planning and providing our services. When selecting Third-party Providers and their services, we observe the legal requirements.

In this context, personal data may be processed and stored on the servers of Third-party Providers. This may involve various data which we process in accordance with this Privacy Policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their content.

Where users are referred to Third-party Providers or their software or platforms as part of communications, business or other relationships with us, Third-party Providers may process usage data and metadata for security, service optimisation or marketing purposes. We therefore ask you to observe the privacy practices of the respective Third-party Providers.

Types of data processed: Content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Data Subject: Communication contacts; users (e.g. website visitors, users of online services).
Purposes of processing: Provision of contractual services and customer service; office and organisational procedures.

Rights of the Data Subject

As a data subject, you have various rights under the GDPR:

Right of objection: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
Right of withdrawal in the case of consents
Right to information
Right of correction
Right to erasure and restriction of processing
Right to data portability
Complaint to the supervisory authority: In accordance with the law, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you usually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you is in breach of the GDPR.
Supervisory authority responsible for us:

The Hessian Commissioner for Data Protection and Freedom of Information (Hessische Beauftragte für den Datenschutz und die Informationsfreiheit)
PO Box: 3163, 65021 Wiesbaden,
Contact/E-Mail: https://datenschutz.hessen.de/print_panel?nid=6

Data protection information for tenants and prospective tenants

This information provides you with an overview of the processing of your personal data within the framework of the admission and support contract concluded with our company, including the associated services (e.g. provision and mediation of start-up-related counselling) and the data protection rights resulting therefrom.

What data is processed on what legal basis?
The personal data provided/transmitted by you within the scope of the contract initiation for the admission and support contract within the meaning of §§ 3 and 4 of the German Data Protection Act (BGB). Art. 4 No. 1 GDPR, in particular
• Surname / first name, including name of company (if any)
• Contact information (telephone number, e-mail addresses), incl. address
• Bank details (if SEPA direct debit mandate)
• Information on the tenant / company (business registration, HR move-out, etc.)
• Bank guarantee documents (if available)
• Names of employees (locking system)
We process the following data within the framework of the management of prospective tenants and the processing of

Usage relationships for the following purposes:
a. for the implementation of pre-contractual measures (e.g. initiation and conclusion of the contract) and/or for the fulfilment of principal and secondary contractual obligations pursuant to Art. 6 (1) lit. b GDPR:
The collection, processing and storage of your personal data is carried out for such purposes that are described and listed in detail in your respective admission and support contract (e.g. rental of commercial premises and related data processing) and/or for the provision of advisory and support services) and are the subject of the contractual relationship.

b. Processing based on legal requirements in accordance with (Art. 6 para. 1 lit. c GDPR). Furthermore, we process your data within the scope of legal obligations. This includes, in particular, the requirements under tax and commercial law and related data processing, such as the transmission of your personal data to (financial) authorities.

c. Within the framework of the balancing of interests on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR): Insofar as necessary, we process personal data beyond the actual performance of the contract or the pre-contractual measures in order to protect the legitimate interests of us or of third parties. This includes:
o Assertion of legal claims and defence in legal disputes
o Ensuring IT security and IT operations
o Prevention and investigation of criminal offences (especially when operating video reconnaissance equipment)
o Measures for building and facility security (e.g. access controls, security guards)
o Measures to coordinate the use of Science Park premises.

Pursuant to Art. 21 (4) in conjunction with (1) and (2) of the GDPR, you may object to the processing of personal data relating to you in certain cases.
For further details on the type and scope of the processing of your personal data in individual cases, please refer to your admission and support contract, from which further contractual services and associated data processing also result.
Note: Insofar as we have been given consent to process certain personal data for specific, previously mentioned purposes, the legal basis for this processing is given on the basis of consent (Art. 6 para. 1 lit. a GDPR). Consent given can be revoked at any time. The revocation of consent does not affect the lawfulness of the data processed until revocation. Further details on data processing can be found in the respective declaration of consent.

Recipients to whom the data may be disclosed
Within our company, your data will be passed on to those departments that need it to process your application and in the event of the conclusion of a contract within the framework of the implementation and processing of the rental/occupancy relationship as well as legal obligations. The service providers and processors mentioned below may also receive data for these purposes, depending on the individual case:
• Kasseler Sparkasse (if commissioned for the SEPA Direct Debit Scheme)
• Tax advisor/RA and consulting firm (e.g. data protection)
• Billing and meter-reading service providers (e.g. for ancillary costs)
• IT and service providers (telephone and IT connection in the Science Park)
• Security guard service provider (Protex, provided that a contact person/telephone number for this is filed with us).
• Credit agencies and creditworthiness service providers (Creditreform)

Duration of storage
After the respective purpose of processing and use has ceased to apply, relevant statutory retention periods shall apply. Your personal data collected within the scope of the usage relationship will be deleted from our systems after termination of the usage relationship and after proper settlement of all services rendered (incl. ancillary and heating costs) as well as after the proper handover of the premises, unless other legal retention periods, e.g. according to tax law requirements, conflict with this or the retention of the data serves the assertion and defence of or against legal claims and thus legal prosecution.
Preservation of evidence within the framework of the statutory limitation provisions:
If it is necessary to preserve evidence, for example in the context of legal proceedings, attention is drawn to the following retention periods: The limitation periods of the German Civil Code (BGB) can be up to 30 years if a judicial title exists (§§195 ff. BGB). If no legal action has been taken against the Data Subject, the regular limitation period of 3 years applies.

Planned data transfer to third countries
If we transfer personal data to service providers outside the European Economic Area (EEA), e.g. through the Microsoft Office 365 (DE/EU) service we use in the U.S.A., the transfer will only take place under the premise of appropriate guarantees for the protection of personal data, such as the conclusion of EU standard contractual clauses, including the implementation of additional protective measures. You can request detailed information on this and on the level of data protection at our service providers in third countries using the contact information above.

Existing Data Subject Data Protection Rights
Every Data Subject has the following data protection rights under the GDPR and the BDSG:
- Right to information according to Article 15 GDPR
- Right to rectification of inaccurate data according to Article 16 GDPR
- Right to erasure according to Article 17 GDPR
- Right to restriction of processing according to Article 18 GDPR
- Right to data portability under Article 20 GDPR
- Right of objection under Article 21 GDPR
- Your right of appeal to a data protection supervisory authority: The supervisory authority responsible for us is “Der Hessische Beauftragte für Datenschutz und Informationsfreiheit” (The Hessian Commissioner for Data Protection and Freedom of Information) and is located at Gustav-Stresemann-Ring 1, 65189 Wiesbaden.

Voluntariness and obligation to provide personal data
Within the scope of our business relationship, those personal data must be provided which are necessary for the establishment and implementation of a business relationship (here: the establishment and implementation of the rental/support contract) and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data we are unable to enter into or perform a contract.

As a download
Updated: 02.09.2022

Data protection information for suppliers and service providers

Data protection information for suppliers and service providers
We, Science Park Kassel GmbH, Universitätsplatz 12, 34127 Kassel, Tel.: 0561 95379600, E-Mail: info@sciencepark-kassel.de would like to explain to you below what data we process from you and how.

Purpose of data processing
The purpose of the data processing is the initiation and execution of the contract on the basis of Art. 6 para. 1 lit. b. GDPR.

Categories of recipients
Within the scope of rendering the service, we use service companies separately committed to secrecy and data protection for special areas where access to personal data cannot be excluded. These categories of recipients are: IT service companies as well as consulting companies (e.g. tax consulting, data protection consulting). Data will only be passed on to the authorities if overriding legal provisions apply. A transfer to third countries does not take place.

Duration of storage and erasure of data
Your data will be stored for the duration of the contractual performance; after the end of the contractual relationship, we are obliged to keep the tax-relevant documents for 10 years after the annual financial statement and the end of the calendar year. The data is then deleted.

Your right to information, correction, erasure, objection and data portability
You can exercise your right to information, correction and erasure of data at any time. Simply contact us in one of the ways described above. If you wish your data to be deleted but we are still legally obliged to retain it, access to your data will be restricted (blocked). The same applies in the event of an objection. You can exercise your right to data portability insofar as the technical possibilities are available to the recipient and to us.

Right of appeal
You have the possibility to file a complaint with a data protection supervisory authority at any time.

Obligation of provide
Without correct information from you, the conclusion of a contract and the proper execution of the contract is not possible.

As a download

Updated: 21.07.2022

Data protection information for third parties

Data protection information for third parties
We, Science Park Kassel GmbH, Universitätsplatz 12, 34127 Kassel, Tel.: 0561 95379600, E-Mail: info@sciencepark-kassel.de would like to explain to you below what data we process from you and how.

Purpose of data processing
If you contact us and no contract has been initiated, we process your data on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR for the purpose of structuring our business operations. In doing so, we take into account that we do not process data without an overriding legitimate interest, for example when coordinating data protection issues with suppliers of our customers.

Categories of recipients
Within the scope of rendering the service, we use service companies separately committed to secrecy and data protection for special areas where access to personal data cannot be excluded. These categories of recipients include hosting providers, IT service providers as well as consulting companies (e.g. tax consulting, data protection consulting). Data will only be passed on to the authorities if overriding legal provisions apply. A transfer to third countries does not take place.

Duration of storage and erasure of data
Your data will be stored for the duration of processing and deleted after the purpose no longer applies; if there are legal requirements, the data will be stored until the end of these regulations and then deleted.

Your right to information, correction, erasure, objection and data portability

Right of appeal
You have the possibility to file a complaint with a data protection supervisory authority at any time.

Obligation to provide
Without correct information from you, the conclusion of a contract and the proper execution of the contract is not possible..

As a download

Updated: 21.07.2022

Data protection information on participation in events and taking photos of guests

We process the personal data you provide to us as part of the registration/application process for the purpose of preparing and implementing the respective event as well as for capacity planning on the basis of your consent granted through registration pursuant to Art. 6 (1) lit. a GDPR or for the implementation of the contract underlying participation pursuant to Art. 6 (1) lit. b GDPR. You can revoke your consent at any time with effect for the future without giving reasons. A revocation has the consequence that we can no longer use your personal data for the event and your participation in the event is therefore excluded.

Please note that photographs and videos will be taken at our events and the image and video material may be published on the Internet, on the pages operated by Science Park Kassel GmbH or its cooperation partners or in social media [Facebook, Instagram, LinkedIn] and/or in one of the publications of Science Park Kassel GmbH or its cooperation partners for the purpose of public relations (in particular reporting) on the respective event.

By participating in the event, you consent to the publication of photographs and video recordings made during the event (§§ 22, 23 KUG). The collection, i.e. the photographic recording and its processing, is carried out for the purpose of an illustrated report on the basis of Art. 6 para. 1 p. 1 lit. f GDPR. We would like to point out that you can object to this processing in accordance with Article 21 (1) of the GDPR for reasons arising from your particular situation.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. The objection must be sent to the above address.

Note: As we also frequently organise corresponding events by and/or with external institutions, it may be that we have no influence on the data processing carried out by the external institutions at such events. In these cases, please contact these institutions directly.

How long do we store your personal data?
As soon as your data, which you provided during registration for the event, is no longer required for the fulfilment of contractual, legal and internal processing purposes, it will be deleted unless you have given your consent for further storage or we have a legitimate interest in (further) storage.

The image data taken at the events will be stored and made publicly available on the respective social media platforms until you object to further processing/publication and provided there are no other conflicting reasons for further storage/publication.

What data protection rights can you assert as a Data Subject?
You can request information about the data stored about you free of charge at the above address. In addition, you can request the correction or erasure of your data under certain conditions. You may also have a right to restrict the processing of your data and a right to receive the data you have provided in a structured, commonly used and machine-readable format.

Right of objection
You have the right to object to the processing of your personal data for direct marketing purposes without giving reasons. If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. You can send your objection to the above address or – if you do not wish to be photographed in advance – directly to the person taking the pictures.

Would you like to complain about the handling of your data?

You have the option of contacting the Data Protection Officer mentioned above or a data protection supervisory authority. The data protection supervisory authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information
PO Box 3163
65021 Wiesbaden
Telephone: +49 611 1408 - 0

To the download

Data protection information for applicants

What categories of data do we use and where do they come from?
The categories of personal data processed include in particular your master data (such as first name, surname, name supplements such as academic degrees/titles, nationality), contact data (such as private address, (mobile) telephone number, e-mail address) as well as the data relating to the entire application process (cover letter, certificates, questionnaires, interviews as well as any performance evaluations, qualifications and previous activities, legal evidence). If you have also voluntarily provided special categories of personal data (such as health data, religious affiliation, degree of disability) in the letter of application or in the course of the application procedure, processing will take place on the basis of Section 26 (3) BDSG.

Your personal data is usually collected directly from you as part of the recruitment process. In addition, we may have received data from third parties (e.g. [the Arbeitsagentur, via which the data you entered there was forwarded to us). The personal data transmitted to us by third parties in this context are: Name, address.

If you have submitted your personal data to us through these entities, you can find more information on data processing at these entities.

For what purposes and on what legal basis is data processed?
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (DS-GVO), the German Federal Data Protection Act (BDSG) and all other relevant laws (e.g. BetrVG, AGG, etc.).

The primary purpose of processing this data is to carry out and manage the application process and to assess your suitability for the position in question, including related purposes such as processing for the purpose of contacting you and therefore for the purpose of communicating with you in relation to the contract (including making appointments). As a result, the processing of your applicant data is necessary in order to be able to decide on the establishment of an employment relationship. The primary legal basis for this is Art. 6 para. 1 lit. b) GDPR in conjunction with. § 26 para. 1 BDSG.

The processing of special categories of personal data is based on your consent pursuant to Art. 9 para. 2 a) GDPR in conjunction with § 26 para. 2 and para. 3 BDSG. If you have voluntarily provided us with such categories of personal data, the processing of which is not necessary for the decision on recruitment, the collection and processing will be based on your consent given with the submission. You can revoke this consent to data processing at any time with effect for the future and object to the processing. In this case, we will delete them.

Processing in the event of a successful application
Once an offer of employment has been made to you, we will process your personal data to create your employment contract. For this purpose, all information relevant to the contract (such as name, address, title, start/end of contract, place of work, salary, bank data, health insurance, etc.) is processed and forwarded internally to the employee of Human Resources Management who is responsible for it. Your data will be processed for the purpose of drawing up the employment contract on the basis of Art. 6 I S. 1 lit. b) GDPR, § 26 I S. 1 BDSG.
In the context of your employment, we also process special categories of personal data (such as your denomination for church tax) and personal data about criminal convictions and offences (such as your police clearance certificate). We process this data for the purpose of establishing and implementing your employment contract on the basis of Art. 9 para. 2 lit. b) GDPR, § 26 para. 3 p. 1 BDSG and Art. 10 p. 1 Alt. 2 GDPR, § 26 para. 1 p. 1 BDSG.
If your application was successful, we will therefore continue to process the data you have provided to us for the pending employment relationship. We will inform you separately about the data processing within the scope of the subsequent employment contract when you are hired.

Processing on the basis of our legitimate interests – Art. 6 para. 1 lit. f GDPR
Beyond the actual fulfilment of the (pre-) contract, we process your data – if necessary – to protect legitimate interests of us or third parties. Your data will only be processed if and insofar as there are no overriding interests on your part that speak against such processing, such as for the following purposes in particular: building and facility security (e.g. through access controls and video surveillance), insofar as this goes beyond the general duties of care; internal and external investigations.
In addition, the disclosure of personal data may become necessary in the context of official/court measures for the purpose of collecting evidence, criminal prosecution or the enforcement of civil claims.

Processing for compliance with legal requirements – Art. 6 para. 1 lit. c GDPR
Like anyone involved in business, we are subject to a wide range of legal obligations. Primarily, these are legal requirements (e.g. Works Constitution Act, Social Code, commercial and tax laws), but also, if applicable, supervisory or other official requirements (e.g. employers’ liability insurance association). The purposes of processing may include identity and age verification, the fulfilment of control and reporting obligations under tax law and the archiving of data for data protection and data security purposes as well as for the purposes of auditing by tax advisors/auditors, tax and other authorities.

Who receives your data?
Your applicant data will be treated confidentially at all times. Within our company, only those persons and positions (e.g. management and HR manager) receive your personal data that need them for the recruitment decision and to fulfil our contractual and legal obligations.
In addition, we may transfer your personal data to recipients outside the company. This includes our order processors in accordance with Art. 28 GDPR (host and service providers), who provide us with purely administrative/technical support in the processing of your personal data.

Right of objection
If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

How long will your data be stored?
We delete your personal data no later than six months after the application process has been completed. This does not apply if legal provisions prevent erasure or if further storage is necessary for the purpose of providing evidence or if you have consented to longer storage.

The storage for this period is for the defence of legal claims (in particular from the AGG) and is based on Art. 6 para. 1 lit. f GDPR. This does not apply if legal provisions prevent erasure or if further storage is necessary for the purpose of providing evidence or if you have consented to longer storage.

If we are unable to offer you a vacancy, but believe on the basis of your profile that your application could possibly be of interest for future vacancies, we will process and further store your personal application data in our applicant database, provided you wish to do so and we have your express consent to do so.

How we transfer data outside Europe
We do not transfer your personal data to third countries outside the EU or EEA. If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees are in place (e.g. binding internal company data protection regulations or agreement of the EU Commission’s standard contractual clauses). You can request detailed information on this and on the level of data protection at our service providers in third countries using the contact information above.

Are you obliged to provide your data?
As part of your application, you must provide the personal data that is required for the application process and the suitability assessment. Without this data, we will not be able to carry out the application process and make a decision on the establishment of an employment relationship.

Would you like to complain about the handling of your data?
You have the option of contacting the Data Protection Officer mentioned above or a data protection supervisory authority. The supervisory authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information.
PO Box: 3163, 65021 Wiesbaden,
Contact/e-mail: https://datenschutz.hessen.de/print_panel?nid=6

These notes correspond to the legal status as of 02.09.2022. We reserve the right to adapt our privacy practices to changes in regulations or case law.

To the Download