Personal data (usually referred to in the following simply as “data”) is only processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

In accordance with Article 4 (1) of Regulation (EU) 2016/679, i.e., the General Data Protection Regulation (referred to in the following simply as the “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The following Privacy Notice is intended to inform you in particular about the type, scope, purpose, duration and lawful basis of the processing of personal data, insofar as we decide, either alone or in conjunction with others, on the purposes and means of processing. In the following, we also inform you about the third-party components we use to optimise our website and improve the user experience, insofar as this results in third parties being responsible for processing data.

Our Privacy Notice is structured as follows:

I. Information about us as controllers of your data
II. Rights of users and data subjects
III. Information about the data processing

I. Information about us as controllers of your data

The provider responsible for this website for purposes of data protection law is:

Weizenbaum-Institut e.V.
Hardenbergstraße 32
10623 Berlin
Germany
Tel.: +49 30 700141-001
Email: info[at]weizenbaum-institut.de

The provider’s data protection officer is:

LOROP GmbH
Oliver Grampp
Landgrafenstraße 16
10787 Berlin
Tel.: +49 30 3309626-27
Email: datenschutz[at]lorop.de

II. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right

  • to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing and copies of the data (see also Article 15 GDPR);
  • to correct or complete incorrect or incomplete data (see also Article 16 GDPR);
  • to the immediate deletion of data concerning them (see also Article 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Article 17 (3) GDPR, to restrict said processing in accordance with Article 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (see also Article 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the provider in breach of data protection provisions (see also Article 77 GDPR).

In addition, the provider is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same, in accordance with Articles 16, 17 (1), 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Article 21 GDPR, users and data subjects have the right to object to future processing of their data, insofar as the data is processed by the provider in accordance with Article 6 (1) (f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the data is not in breach of any statutory data retention obligations or unless otherwise stipulated below.

Server data

For technical reasons, in particular to ensure a secure and stable website, your internet browser transmits data to us or to our web space provider. These “server log files” collect data including the type and version of your internet browser, the operating system, the website you were on before you landed on our website (referrer URL), the page(s) of our website that you visit, the date and time of access and the IP address from which you access our website.

The data collected in this way is stored temporarily, but not together with other data of yours.

The lawful basis for this storage is Article 6 (1) (f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data will be deleted again after seven days at the latest, unless it needs to be stored for longer for evidence purposes. Otherwise, the data will be wholly or partially excluded from deletion until an incident has been fully resolved.

Events registration

If you register for one of our events from this website, we will store the data collected from you with the registration exclusively for the purposes of managing the event. If we run the event jointly with another institution or on behalf of another institution, we will also share your data with this partner so that they can plan and organise the event.

The lawful basis for this data processing is Article 6 (1) (b) GDPR and Article 6 (1) (f) GDPR, based on our interest in carrying out the events.

Contact requests / contact option

If you contact us using the contact form or by email, the data you provide will be used to process your request. You need to provide this data in order for us to process and respond to your request – without it, we will not be able to respond in full, if at all.

The lawful basis for this processing is Article 6 (1) (b) GDPR.

We will delete your data once we have finished responding to your request, unless there are legal obligations to retain the data, such as for a subsequent performance of a contract.

Use of service providers

We use service providers to provide services and process your data (known as commissioned data processing). The service providers process the data exclusively on the instruction of the Weizenbaum Institute and have a duty to comply with the applicable data privacy legislation. All processors have been carefully selected and receive access to your data only to the extent and for the period of time necessary to provide the services.

Current job vacancies

You can find current job vacancies advertised on our website under Jobs. If you send your application by email, your applicant and application data will be processed by us electronically to carry out the application process.

The lawful basis for this processing is § 26 (1) (1) of Germany’s Federal Data Protection Act (BDSG) in conjunction with Article 88 (1) GDPR.

If an employment contract is signed following the application process, we will store the data you submitted with your application in your personnel file for the purpose of the usual organisational and administrative process – naturally in compliance with broader legal obligations.

The lawful basis for this processing is likewise § 26 (1) (1) BDSG in conjunction with Article 88 (1) GDPR.

When an application is rejected, we automatically delete the data sent to us six months after the announcement of the rejection. The data retention period was set so that we can satisfy our obligations to provide evidence under Germany’s General Act on Equal Treatment (AGG).

The lawful basis in this case is Article 6 (1) (f) GDPR and § 24 (1) (2) BDSG. Our legitimate interest lies in legal defence and/or law enforcement.

If you expressly consent to your data being stored for a longer period of time, e.g., to be added to a database of applicants or interested parties, your data will be processed further on the basis of your consent. In this case, the lawful basis is Article 6 (1) (a) GDPR. You may, of course, withdraw your consent with future effect at any time in accordance with Article 7 (3) GDPR by notifying us.

Twitter

We maintain an online presence on Twitter to present our organisation and our services and to communicate with customers/interested parties. Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. It can only be accessed by Twitter.

You can find the Twitter Privacy Policy at

https://twitter.com/en/privacy

YouTube

We maintain an online presence on YouTube to present our organisation and our services and to communicate with customers/interested parties. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. It can only be accessed by YouTube.

You can find the YouTube Privacy Policy at

https://policies.google.com/privacy

Matomo (formerly Piwik)

Our website uses Matomo (formerly Piwik). Matomo is open-source software that lets us analyse use of our website. The data processed includes your IP address, the page(s) you visit on our website, the website you were on before you landed on our website (referrer URL), the length of time you spend on our website and how frequently you access our website.

The lawful basis is Article 6 (1) (f) GDPR. Our legitimate interest lies in the analysis and optimisation of our website.

However, we use Matomo with the “Automatically Anonymize Visitor IPs” function. This anonymisation function shortens your IP address by two bytes so that it is not possible to associate it with you or with the internet connection you use. No cookies are set.

Newsletter and Sendinblue (formerly Newsletter2Go)

If you sign up to our free newsletter, the data we request from you for this, i.e., your email address and – optionally – your name and address, are transferred to us. At the same time, we store the IP address of the internet connection you use to access our website and the date and time of registration. Later on in the registration process, we obtain your consent to send you the newsletter, describe the content in detail and refer to this Privacy Notice. We use the data we collect in this context exclusively for sending the newsletter – in particular, it will not be shared with third parties.

The lawful basis for this is Article 6 (1) (a) GDPR.

We use Sendinblue to send our newsletter. Sendinblue is a service provided by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany (referred to in the following as “Sendinblue”).

If you register to receive our newsletter, the data requested during the registration process (your email address) will be processed by Sendinblue. In addition, your IP address and the registration date and time will be stored. Later on in the registration process, your consent is obtained to send you the newsletter, the content is described in detail and reference is made to this Privacy Notice.

In addition, Sendinblue provides further data protection information at

https://nl2go-prod-api-account.s3.eu-central-1.amazonaws.com/app_files/en/N2G_DSE.pdf

https://www.sendinblue.com/legal/privacypolicy/

https://www.sendinblue.com/information-for-email-recipients/

The newsletters sent by Sendinblue contain technologies that let us analyse whether and when an email is opened and whether any links contained in the newsletter are clicked on and, if so, which. We store this data alongside the technical data (system data and IP address) so that the newsletter can be optimally tailored to your wishes and interests. The data collected in this way is therefore used to keep improving the quality of our newsletters.

The lawful basis for sending the newsletter and for the analysis is Article 6 (1) (a) GDPR.

You may withdraw your consent to receiving the newsletter with future effect at any time in accordance with Article 7 (3) GDPR. To do so, you simply need to inform us of the withdrawal or click on the unsubscribe link that is included in each newsletter