Send email Copy Email Address


Under Articles 13 and 14 DSGVO – This privacy policy informs about the manner, scope and purpose of processing personal data (hereinafter referred to as data) as well as your rights regarding this data processing within our application process.

Responsibility for data processing

Responsible for data processing is:
CISPA - Helmholtz-Zentrum für Informationssicherheit gGmbH
Stuhlatzenhaus 5
66123 Saarbrücken

Phone: +49 681 87083 1521
Fax: +49 681 302 71942

CISPA is represented by the managing directors Prof. Dr. Dr. h. c. Michael Backes and Chief Operating Officer and Member of the Executive Board Dr. Kevin Streit.

You can reach our data protection officer at:
Jens Engelhardt (deputy Erdem Durmus)
c/o NOTOS Xperts GmbH
Heidelberger Str. 6
64283 Darmstadt

+49 681 87083 1521

Processing of personal data and purpose of processing

The following data may be subject to processing: Name, address, date of birth, application documents, telephone number, e-mail address and other data, such as disability, age, gender, place of residence, citizenship, job, availability, current job title, multiple degrees, supervisor of the degree, date of graduation, university of the degree, topic and title of the thesis, summary of the research career, link to the DBLP profile, link to the Google Scholar profile, citation statistics (h-index, i10-index, honours, publication statistics), cover letter, CV, research statement, certificates, letters of recommendation, references, teaching statement, work permit.

We process your applicant data provided by email or via the online form only for the purpose and within the scope of the application process. We process the data you send us in connection with your application in order to check your suitability for the position (or other open positions in our companies, if applicable) and to conduct the application process. This may include arranging appointments for job interviews, pre-contractual measures at the applicant's request, and the decision on whether to establish an employment relationship.

Legal basis

The processing of the applicant data is carried out to fulfil our (pre-)contractual obligations within the framework of the application process in accordance with Art. 6 Par. 1 letter b. DSGVO, to fulfil a legal obligation of the responsible person according to art. 6 para. 1 sentence 1 letter c. DSGVO, to safeguard a legitimate interest of the responsible person/ third party, unless interests, fundamental rights and fundamental freedoms of the applicant, which affect the protection of personal data
are predominant according to Art. 6 para. 1 sentence 1 lit. f DSGVO. A legitimate interest in this context is data protection and data archiving as technical and organisational measures for the purpose of ensuring data availability, resilience and recoverability in accordance with Art. 32 para. 1 lit. b, c DSGVO. Processing for the purpose of deciding on the establishment of an employment relationship is carried out in accordance with Article 26 Paragraph 1 Sentence 1 BDSG. The provision of data is necessary for the application procedure of the responsible person. Alternatively, the consent of the applicant may be the legal basis.

Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 DSGVO are voluntarily disclosed during the application procedure, their processing is additionally carried out in accordance with Art. 9 Para. 2 letter b DSGVO (e.g. health data, such as severely disabled status or ethnic origin).

By submitting their application to us, applicants declare that they agree to their data being processed for the purposes of the application procedure in accordance with the type and scope set out in this data protection declaration.

If the applicants provide names and addresses of references, the applicant must first obtain the consent of the persons concerned and draw their attention to our data protection declaration. In this case, the contact data of the reference persons will be processed. These will not be passed on and will be deleted as soon as the reference has been obtained.

Data security

Applicants may submit their applications using an online form on our website. The data will be transmitted to us in encrypted form according to the state of the art. Applicants can also send us their applications by e-mail. In this case, the applicants themselves must ensure the encryption and signature of the e-mail and any attachments in order to guarantee the confidentiality and integrity of the application data during transmission.


The data provided by the applicants may be processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicants' data is deleted. The applicants' data is also deleted if an application is withdrawn, which the applicants are entitled to do at any time.
Subject to a justified revocation or objection by the applicants, the data will be deleted after the expiry of a period of six months after the position has been filled (conclusion of the application process), so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

Receiver / forwarding of data

Your applicant data will be reviewed by the Onboarding and Talent Management department after receipt of your application. Suitable applications are forwarded internally to the department managers responsible for the respective open position. In the context of the cooperation between CISPA and Saarland University (UdS), applicant data of faculty and PhD will be forwarded to the UdS, as far as this is necessary for the recruitment of PhDs through the so-called Graduate School of the UdS, or as far as professors of the UdS participate in applicant committees for the recruitment of faculty. In principle, only those persons who need access to your data for the proper processing of our application procedure have access to your data.

Data processing outside the European Union

Data is not processed outside the European Union.

I. Rights of data subjects

You have the following rights in relation to the processing of your data by CISPA:

  • You have the right to obtain confirmation as to whether data that concerns you is being processed and the right to obtain information on such data and to receive further information and a copy of the data in accordance with Art. 15 of the DPA.
  • In accordance with Art. 16 DSGVO, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
  • In accordance with Art. 17 DSGVO, you have the right to demand that data relating to you be deleted immediately, or alternatively, in accordance with Art. 18 DSGVO, to demand that the processing of the data be restricted.
  • You have the right to demand that you receive the data concerning you which you have provided us with in accordance with Art. 20 DSGVO and to demand that it be passed on to other responsible parties.
  • You have the right to revoke consents granted in accordance with Art. 7 Para. 3 DSGVO with effect for the future.
  • Right of objection: You may object to the future processing of data concerning you in accordance with Art. 21 DSGVO at any time (see below).
  • In accordance with Art. 77 DSGVO, you may lodge a complaint with the supervisory authority responsible for data protection. As a rule, you can contact the supervisory authority of your place of residence or the Independent Data Protection Centre Saarland for this purpose:
    Unabhängiges Datenschutzzentrum Saarland
    Die Landesbeauftragte für Datenschutz und Informationsfreiheit

    Fritz-Dobisch-Straße 12
    66111 Saarbrücken
    Telefon: (0681) 94781-0
    Telefax: (0681) 94781-29

    Right of objection
    If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO if there are reasons for doing so arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without indicating any special situation.

If you wish to revoke your consent or exercise your right of objection, simply send an e-mail to

II. Validity and amendment of this privacy policy

This privacy policy is currently valid and reflects the state of August 2020.

It may become necessary to amend this data protection declaration as a result of the further development of our website and further offers or due to changes in legal or official requirements. You can access and print out the current data protection declaration at any time.