Send email Copy Email Address

Data privacy policy

This privacy policy informs about the manner, scope and purpose of processing personal data (hereinafter referred to as data) as well as your rights regarding this data processing within our online service.

Quick Start Application Process  Events  Social Media


I. Responsibility for data processing

Responsible for data processing is:
CISPA - Helmholtz-Zentrum für Informationssicherheit gGmbH
Stuhlsatzenhaus 5
66123 Saarbrücken

Phone: +49 681 87083 1521
Fax: +49 681 87083 8801

CISPA is represented by the managing directors Prof. Dr. Dr. h. c. Michael Backes and Chief Operating Officer and Member of the Executive Board Dr. Kevin Streit.

II. Data Protection Officer

You can reach our data protection officer at:

Phone: +49 681 87083 1521

If you have questions about data privacy, you can also contact our staff unit corporate data protection & information security department:

III. General information on data processing on this website

1. Data processing

On our website, the following data are subject to processing: inventory data (e.g. names), contact data (e.g. e-mail addresses, telephone numbers, fax numbers, postal address), content data (e.g. text entries), contract data and meta and communication data (e.g. device information, browser information, IP addresses of website users).

Persons affected by the processing of the data are all visitors and users of our website as well as employees, former employees and communication partners. The data processing depends on this and on the user behaviour. For example, by visiting this website alone, only meta and communication data of the website users are processed. In the case of contact via e-mail, the user's personal data transmitted with the e-mail is processed.

2. Purpose of the data processing

We collect and use data of our users only to the extent necessary to provide our content and a functional and user-friendly website. In the case of contact via e-mail, the purpose of processing is to handle the communication.

3. Legal basis for data processing

Data processing is only carried out on a strictly legal basis. This is the case if the data subject has given his or her consent (Art. 6 para. 1 letter a, Art. 7 DSGVO), if we are obliged to fulfil contractual or pre-contractual obligations (Art. 6 para. 1 letter b DSGVO), if we have to fulfil legal obligations (Art. 6 para. 1 letter c DSGVO) or if we protect our legitimate interests (Art. 6 para. 1 letter f DSGVO). Special regulations such as those of the Federal Data Protection Act ( Bundesdatenschutzgesetz - BDSG) may also apply.

4. Recipients of data

Your data will not be transferred to processors or other third parties for purposes other than those listed below. 

We only pass on your data to third parties if: 

  • you have given your explicit consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO 
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f DSGVO is necessary to protect our legitimate interests or those of a third party and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data, 
  • in the event that there is a legal obligation for disclosure under Art. 6 para. 1 sentence 1 letter c DSGVO, and 
  • this is legally permissible and required under Art. 6 para. 1 sentence 1 lit. b DSGVO for the processing of contractual relationships with you. 

We conclude contracts for commissioned data processing with contract processors in accordance with Art. 28 DSGVO, according to which these also undertake to comply with data protection.

5. Data security

In accordance with Art. 32 DSGVO and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk. 

In addition, we take the protection of personal data into account as early as the development and selection of hardware, software and processes, in accordance with the principle of data protection by design and through data protection-friendly default settings (Art. 25 DSGVO).

6. Storage of data

The data processed by us is stored as long as it is necessary for the purpose of processing. It will be deleted as soon as the purpose for processing this data ceases to apply or consent is revoked. 

Data may also be stored if this is necessary for other legally permissible purposes. Processing is then limited to these purposes. This applies, for example, to data that must be stored for reasons of commercial or tax law, or that must be stored to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. Here too, the data will be deleted as soon as the purpose no longer applies.

IV. Hosting

1. Data processing

This website is hosted on the servers of SHE Informationstechnologie AG, Donnersbergweg 3, 67059 Ludwigshafen. Here we, or rather our hosting provider, processes meta and communication data, content data, inventory data, contact data and contract data. Here, too, the provisions described under III. 1. of this privacy policy apply.

2. Purpose

The purpose of the hosting services used by us is to provide infrastructure and platform services, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this website.

3. Legal basis

The legal basis for the use of hosting services is the protection of our legitimate interests in the optimization and secure operation of our website (Art. 6 para. 1 sentence 1 lit. f DSGVO).

We have signed a corresponding data processing agreement with our hosting provider.

V. Access data/Server log files

1. Data processing

When you access our website and the associated sub-pages, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a log file. The following information is recorded without your involvement and stored until it is automatically deleted: IP address, name of the accessed website, file, date and time of access, URL/subpage accessed, protocol, status, as well as the report about the successful access.

2. Purpose

The above-mentioned data is processed by us for the following purposes: Making our online offer available, ensuring a problem-free connection to the website, system security and stability.

3. Legal basis

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest results from the above listed purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your identity.

4. Storage

For security reasons (e.g. for the clarification of cases of abuse), the data is stored for a period of 7 days. If longer storage is necessary for evidence purposes, the data will be deleted after the final clarification of the matter.

VI. Cookies

1. Data processing

When you use our website, cookies are stored on your computer. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Technologically required cookies (session cookies) store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website. These are cookies issued by us, so-called "first-party cookies".

2. Purpose

The purpose of using technologically required cookies is to ensure the user-friendliness and readability of websites for the users. Some functions of our website cannot be offered without the use of cookies. For these functions it is necessary that the browser is recognized even after a page change.

We need cookies for the following application:

  • Storage of the user preference towards light mode/dark mode

The user data collected through technologically essential cookies is not used to create user profiles.

3. Legal basis

The legal basis is Art. 6 para. 1 lit. f DSGVO (our legitimate interest). In the above-mentioned purposes, our legitimate interest lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f DSGVO.

4. Storage and possibility of objection and removal

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website. The cookie we set to store the user preference towards light mode or dark mode expires after one month.

VII. Application process and event registrations

We process your applicant data provided via the online form or by e-mail as part of the application process on a separate website, which provides a seperate privacy policy.

We process the data you provide by email or via the online form when registering for events on a separate website, which provides a separate privacy policy.

VIII. Social media pages

We maintain online presences within social networks, e.g. Twitter and Facebook, in order to be able to communicate with people actively using them and to inform them about our research and events. User data may be processed outside the European Union.

When accessing the respective networks and platforms, the terms, conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.

We do not use social plug-ins of social networks on our website. The integration of our online presences in social media is only carried out by means of external links in order to protect the visitors of our website from tracking in the best possible way.

Here, users can find detailed data protection information for social media activities of CISPA.

IX. Podcast                                                                

We use the podcast hosting service Podigee of the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded by Podigee or transmitted via Podigee.

The usage is based on our legitimate interests, i.e. interest in a secure and efficient hosting, analysis as well as optimization of our podcast offer according to Art. 6 para. 1 lit. f. DSGVO.

Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data, such as access figures. This data is anonymized or pseudonymized before being stored in Podigee's database, unless it is necessary for the provision of the podcasts.

Further information and objection options can be found in Podigee's privacy policy:


X. Rights of data subjects

You have the following rights in relation to the processing of your data by CISPA:

  • You have the right to obtain confirmation as to whether data that concerns you is being processed and the right to obtain information on such data and to receive further information and a copy of the data in accordance with Art. 15 of the DPA.
  • In accordance with Art. 16 DSGVO, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
  • In accordance with Art. 17 DSGVO, you have the right to demand that data relating to you be deleted immediately, or alternatively, in accordance with Art. 18 DSGVO, to demand that the processing of the data be restricted.
  • You have the right to demand that you receive the data concerning you which you have provided us with in accordance with Art. 20 DSGVO and to demand that it be passed on to other responsible parties.
  • You have the right to revoke consents granted in accordance with Art. 7 Para. 3 DSGVO with effect for the future.
  • Right of objection: You may object to the future processing of data concerning you in accordance with Art. 21 DSGVO at any time (see below).
  • In accordance with Art. 77 DSGVO, you may lodge a complaint with the supervisory authority responsible for data protection. As a rule, you can contact the supervisory authority of your place of residence or the Independent Data Protection Centre Saarland for this purpose:
    Unabhängiges Datenschutzzentrum Saarland
    Die Landesbeauftragte für Datenschutz und Informationsfreiheit
    Fritz-Dobisch-Straße 12
    66111 Saarbrücken
    Telefon: (0681) 94781-0
    Telefax: (0681) 94781-29

    Right of objection
    If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO if there are reasons for doing so arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without indicating any special situation.

If you wish to revoke your consent or exercise your right of objection, simply send an e-mail to

XI. Validity and amendment of this privacy policy

This privacy policy is currently valid and reflects the state of July 2020.

It may become necessary to amend this data protection declaration as a result of the further development of our website and further offers or due to changes in legal or official requirements. You can access and print out the current data protection declaration at any time.