Responsible for data processing is:
CISPA - Helmholtz-Zentrum für Informationssicherheit gGmbH
Phone: + 49 681 302 71900
Fax: +49 681 302 71942
CISPA is represented by the managing directors Prof. Dr. Dr. h. c. Michael Backes and Bernd Therre.
You can reach our data protection officer at:
Data Protection Officer CISPA - Helmholtz-Zentrum für Informationssicherheit gGmbH
1. Data processing
On our website, the following data are subject to processing: inventory data (e.g. names), contact data (e.g. e-mail addresses, telephone numbers, fax numbers, postal address), content data (e.g. text entries), contract data and meta and communication data (e.g. device information, browser information, IP addresses of website users).
Persons affected by the processing of the data are all visitors and users of our website as well as employees, former employees and communication partners. The data processing depends on this and on the user behaviour. For example, by visiting this website alone, only meta and communication data of the website users are processed. In the case of contact via e-mail, the user's personal data transmitted with the e-mail is processed.
2. Purpose of the data processing
We collect and use data of our users only to the extent necessary to provide our content and a functional and user-friendly website. In the case of contact via e-mail, the purpose of processing is to handle the communication.
3. Legal basis for data processing
Data processing is only carried out on a strictly legal basis. This is the case if the data subject has given his or her consent (Art. 6 para. 1 letter a, Art. 7 DSGVO), if we are obliged to fulfil contractual or pre-contractual obligations (Art. 6 para. 1 letter b DSGVO), if we have to fulfil legal obligations (Art. 6 para. 1 letter c DSGVO) or if we protect our legitimate interests (Art. 6 para. 1 letter f DSGVO). Special regulations such as those of the Federal Data Protection Act ( Bundesdatenschutzgesetz - BDSG) may also apply.
4. Recipients of data
Your data will not be transferred to processors or other third parties for purposes other than those listed below.
We only pass on your data to third parties if:
We conclude contracts for commissioned data processing with contract processors in accordance with Art. 28 DSGVO, according to which these also undertake to comply with data protection.
5. Data security
In accordance with Art. 32 DSGVO and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
In addition, we take the protection of personal data into account as early as the development and selection of hardware, software and processes, in accordance with the principle of data protection by design and through data protection-friendly default settings (Art. 25 DSGVO).
6. Storage of data
The data processed by us is stored as long as it is necessary for the purpose of processing. It will be deleted as soon as the purpose for processing this data ceases to apply or consent is revoked.
Data may also be stored if this is necessary for other legally permissible purposes. Processing is then limited to these purposes. This applies, for example, to data that must be stored for reasons of commercial or tax law, or that must be stored to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. Here too, the data will be deleted as soon as the purpose no longer applies.
1. Data processing
The purpose of the hosting services used by us is to provide infrastructure and platform services, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this website.
3. Legal basis
The legal basis for the use of hosting services is the protection of our legitimate interests in the optimization and secure operation of our website (Art. 6 para. 1 sentence 1 lit. f DSGVO).
We have signed a corresponding data processing agreement with our hosting provider.
1. Data processing
When you access our website and the associated sub-pages, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a log file. The following information is recorded without your involvement and stored until it is automatically deleted: IP address, name of the accessed website, file, date and time of access, URL/subpage accessed, protocol, status, as well as the report about the successful access.
The above-mentioned data is processed by us for the following purposes: Making our online offer available, ensuring a problem-free connection to the website, system security and stability.
3. Legal basis
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest results from the above listed purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your identity.
For security reasons (e.g. for the clarification of cases of abuse), the data is stored for a period of 7 days. If longer storage is necessary for evidence purposes, the data will be deleted after the final clarification of the matter.
1. Data processing
When you use our website, cookies are stored on your computer. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Technologically required cookies (session cookies) store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website. These are cookies issued by us, so-called "first-party cookies".
We need cookies for the following application:
The user data collected through technologically essential cookies is not used to create user profiles.
3. Legal basis
The legal basis is Art. 6 para. 1 lit. f DSGVO (our legitimate interest). In the above-mentioned purposes, our legitimate interest lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f DSGVO.
4. Storage and possibility of objection and removal
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website. The cookie we set to store the user preference towards light mode or dark mode expires after one month.
We maintain online presences within social networks, e.g. Twitter and Facebook, in order to be able to communicate with people actively using them and to inform them about our research and events. User data may be processed outside the European Union.
When accessing the respective networks and platforms, the terms, conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
We do not use social plug-ins of social networks on our website. The integration of our online presences in social media is only carried out by means of external links in order to protect the visitors of our website from tracking in the best possible way.
You have the following rights in relation to the processing of your data by CISPA:
If you wish to revoke your consent or exercise your right of objection, simply send an e-mail to firstname.lastname@example.org.
It may become necessary to amend this data protection declaration as a result of the further development of our website and further offers or due to changes in legal or official requirements. You can access and print out the current data protection declaration at any time.