Statement of Data Protection

Data Protection Information

-MITIGATE Multidimensional, integrated, risk assessment framework and dynamic, collaborative Risk Management tools for critical information infrastructure

MITIGATE is a collaborative research project co-funded by the European Commissions under its biggest Research and Innovation program Horizon 2020.

As the party responsible for the data processing, we process the personal data collected via our website and store them for the period, which is required to achieve the specified purpose and to comply with the statutory requirements. The following text informs you of the data we collect and the way we process the collected data. We also inform you on your data privacy rights as they pertain to the use of our website. Pursuant to Article 4 No. 1 GDPR, personal data are all data referring to a specific or identifiable natural person.

  1. Scope of Agreement

This data protection information shall apply to the project website located at www.mitigateproject.eu providing we refer to this data protection information.

Privacy Information

Fraunhofer Center for Maritime Logistics and Services CML

In the context of the use of this website, personal data will be processed by us as the person responsible for data processing and stored for the duration necessary to fulfil the defined purposes and legal obligations. In the following we will inform you about what data is involved, how it is processed and what rights you are entitled to in this respect.

In accordance with Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is all information that relates to an identified or identifiable natural person.

 

  1. Name and contact details of the controller and the company data protection officer
  2. Processing of personal data and purposes of processing
  3. a) When visiting the website
  4. b) For registration for events
  5. c) If you subscribe to our newsletter NEWS[month].[Year]
  6. d) When registering for our press distribution list
  7. e) When using contact forms
  8. Passing on of personal data
  9. Cookies
  10. Eeb analysis/ tracking
  11. a) LeadLab (wiredminds GmbH)
  12. b) Matomo
  13. Social Plugins
  14. YouTube
  15. Rights of the persons concerned

Information about your right of objection according to Art. 21 GDPR

  1. Data security
  2. Up-to-dateness and changes of this data protection information
  3. Severability Clause

 

  1. Name and contact details of the controller and the company data protection officer

This data protection information applies to the data processing on our institute website https://www.cml.fraunhofer.de/ by the person responsible:

Fraunhofer-Gesellschaft

for the Promotion of Applied Research e.V.

Hansastrasse 27 c,

80686 Munich

 

for the Fraunhofer CML:

E-mail: info@cml.fraunhofer.de

Phone: +49 (0)40 42878 4451

Fax: +49 (0)40 42878 4452

 

The data protection officer of Fraunhofer can be contacted at the above address, or at datenschutz@zv.fraunhofer.de.

If you have any questions regarding data protection law or your rights as a data subject, you can contact our data protection officer directly at any time.

  1. Processing of personal data and purposes of processing

 

  1. a) When visiting the website

When you visit our websites, the web servers of our website temporarily store each access of your terminal device in a log file. The following data is recorded and stored until it is automatically deleted:

  • IP address of the requesting computer
  • date and time of access
  • Name and URL of the retrieved data
  • Amount of data transferred
  • Message as to whether the retrieval was successful
  • Browser and operating system used
  • Name of the Internet access provider
  • Website from which access is made (referrer URL)
  • If necessary, further or other data].

These data are processed for the following purposes

  1. Enabling the use of the website (establishing a connection)
  2. Administration of the network infrastructure
  3. Adequate technical-organisational measures for IT system and information security, taking the state of the art into account
  4. Ensuring user-friendliness of use
  5. Optimization of the internet offer

 

The legal bases for the above processing are

  • for the processing for the visit of the web pages according to the numbers 1-2 Art. 6 Abs. 1 S.1 lit. b (Lawfulness of Processing),
  • for the processing operations under point 3 Art. 6 para. 1 sentence 1 lit. c GDPR (Security of Processing under Art. 32 GDPR) and Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interests in data processing for network and information security) as well as for
  • processing in accordance with paragraphs 4-5 Art. 6 para. 1 letter f GDPR (legitimate interests). The legitimate interests of our data processing are to make our website user-friendly and to optimise it.

The above-mentioned data are automatically deleted from the web server after a defined period of time, which is 4 days. If data are processed for a longer period of time for the purposes specified in points 2-5, they will be made anonymous or deleted when storage is no longer necessary for the respective purpose.

In addition, we use cookies and analysis services when you visit our website. For more information, please refer to sections 4 and 5 of this data protection information.

  1. b) For registration for events

General information

We regularly offer a wide variety of events via our website for which you can register online.

When registering for an event, some mandatory information must be provided. This includes

  • First and last name
  • Address
  • e-mail address

Any other mandatory information is marked as such (e.g. by *). In addition, further information can often be provided voluntarily.

In order to identify you as a participant of the event, to reserve your place at the event, to establish or implement the contract for participation with you and to provide you with information on the event before, during and after the event, which should enable you to participate optimally and enable us to plan and guarantee a smooth course of events. Providing voluntary data enables us to plan and carry out the event according to your interests and age.

Data processing is carried out at the request of the interested participants and is required for the purposes mentioned in Art. 6 para. 1 sentence 1 lit. b GDPR for the fulfilment of the participant contract and the pre-contractual measures.

The personal data collected by us for the event will be stored by us for up to 6 months, unless you have consented to further storage in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

  1. c) If you subscribe to our newsletter NEWS[month].[Year]

If you have expressly consented according to art. 6 para. 1 sentence 1 a GDPR, we will use your e-mail address to regularly send you our newsletter, which will inform you about the work at our institute and about other Fraunhofer e.V. institutions and events. For the receipt of the newsletter we collect the following mandatory information:

  • e-mail address

We need your name and title in order to address you personally with our newsletter.

After your registration you will receive a registration notification by e-mail, which you must confirm in order to receive the newsletter (so-called double opt-in). This serves as proof that the registration was actually initiated by you.

You can unsubscribe at any time, e.g. via a link at the end of each newsletter. Alternatively, you are welcome to send your unsubscription request at any time at info@cml.fraunhofer.de by e-mail or by clicking on the following link: https://www.cml.fraunhofer.de/en/Publikationenunddownloads.html.

Your e-mail address will be deleted immediately after revocation of your consent to receive the newsletter.

  1. d) When registering for our press distribution list

If you have expressly consented according to Art. 6 para. 1 sentence 1 a GDPR, we will use your e-mail address to regularly send you our press newsletter. For the reception of the press newsletter we collect the following mandatory data:

  • e-mail address.

You may also voluntarily provide your name, salutation, company and/or press medium.

We use your name and salutation to address you personally in our press newsletter.

We use your company and/or your press medium to assign you as a member of the press and, if necessary, to send you press invitations by post.

Once you have registered, you will receive a registration notification by e-mail, which you must confirm in order to receive the press newsletter (so-called double opt-in). This serves as proof that the registration was actually initiated by you.

You can unsubscribe at any time, e.g. via a link at the end of each press newsletter. Alternatively, you are welcome to send your unsubscription request at any time to  info@cml.fraunhofer.de by e-mail.

Your e-mail address will be deleted immediately after revocation of your consent to receive the newsletter.

  1. e) When using contact forms

We offer you the opportunity to contact us using the forms provided on the website. The following information is required:

  • First and last name and
  • e-mail address.

We need your data to determine who sent the inquiry and to be able to answer and process it.

The data will be processed upon your request and is based on our legitimate interests pursuant to Art. 6 Par. 1 S. 1 lit. f GDPR when responding to a contact request.

The personal data collected by us for the use of the contact form will be automatically deleted after your request has been processed.

  1. Disclosure of personal data

Except in the cases mentioned above (registration for events, registration for a newsletter,…) we will only pass on your personal data to third parties, i.e. other natural or legal persons than you (the person concerned), the person responsible or the processor and their employees authorised to process the data, if:

  • You have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR;
  • This is necessary for the fulfilment of a contract with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR,
    • Passing on to shipping companies for the purpose of delivering the goods ordered by you,
    • Transfer of payment data to payment service providers or credit institutions in order to carry out a payment transaction;
  • in the event that a legal obligation exists for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, e.g. to financial or criminal prosecution authorities;
  • the disclosure is required under Art. 6 para. 1 sentence 1 f GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data; such disclosure may take place, for example, in the event of attacks on our IT systems to state institutions and law enforcement authorities.

The data passed on may be used by the third party exclusively for the purposes mentioned.

If you have registered for an event, it may be necessary for the fulfilment of the contract that your personal data must be transmitted to an external organiser. When you register for an event, you will be informed who is the organizer and whether this is an external organizer. This will process personal data within the framework of the event and in particular for the administration of participants.

A transfer of personal data to a third country (outside the EU) or an international organisation is excluded.

  1. Cookies

We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do no damage to your end device, do not contain viruses, Trojans or other malware.

Information is stored in the cookie that results in each case in connection with the specifically used terminal device. However, this does not mean that we immediately become aware of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to enable session control, e.g. to save form entries or shopping baskets during the session. Session cookies are deleted at the latest when you close your web browser.

In addition, we also use temporary cookies that are stored on your end device for a specified period of time to optimize user-friendliness. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for you for the purpose of optimising our offer (see section 4). These cookies enable us to automatically recognize when you return to our site that you have already been with us. These cookies are automatically deleted after 90 days.

The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies can lead to the fact that you cannot use all functions of our website.

5 Web Analysis/Tracking

 

  1. a) LeadLab (wiredminds GmbH)

We use the Leadlab service of Wiredminds GmbH (https://www.wiredminds.de/ ) and its counting pixel technology on our website to analyze usage behavior and optimize our site based on it. In particular, the service allows us to recognize which companies have visited our site. We do not receive any information that identifies you directly.

In connection with the use of Leadlab, cookies and tracking pixels are used, which enable a statistical analysis of the use of this website by your visits. Information – including personal information – about your visitor behaviour is stored in the cookie and transmitted to Wiredminds or collected directly by Wiredminds. The information is processed by Wiredminds using a pseudonym in a user profile for the purpose of analysis and made as anonymous as possible.

The data obtained in this way will not be used to identify you personally without your separate consent and the data will not be combined with personal data about you as the bearer of the pseudonym.

If IP addresses are collected, they will be made anonymous immediately after collection by deleting the last number block.

Information on data protection at Wireminds can be found on its website https://www.wiredminds.de/datenschutz/ .

Data processing is carried out on the basis of our legitimate interest in optimising our online offer and our website in accordance with Art. 6 para. 1 lit. f GDPR. Wiredminds processes the data on our behalf and we have concluded an order processing agreement with Wireminds. This ensures that the data processing on our behalf is carried out in accordance with the Basic Data Protection Ordinance and guarantees the protection of the rights of the data subjects.

If you do not wish to have your user behaviour recorded and analysed, you can object to this by means of an opt-out cookie. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

  1. b) Matomo

We use the opera source service Matomo from InnoCraft Ltd https://matomo.org/ from New Zealand on our website to analyze user behavior when visiting our site and to optimize our site and its content accordingly. We do not receive any information that identifies you directly.

In connection with the use of Matomo, cookies are used which enable a statistical analysis of the use of this website by your visits. Information – including personal information – about your visitor behaviour is stored in the cookie and processed using a pseudonym in a user profile for the purpose of analysis. Because Matomo is hosted on our own server, third party processing is not required for analysis.

The data obtained in this way will not be used to identify you personally without your separate consent and the data will not be combined with personal data about you as the bearer of the pseudonym.

If IP addresses are collected, they will be made anonymous immediately after collection by deleting the last number block. Other personal data in the cookie will be deleted after 90 days.

Data processing is carried out on the basis of our legitimate interest in optimising our online offer and our website in accordance with Art. 6 para. 1 lit. f GDPR.

Your visit to this website is currently recorded by Matomo Webanalyse. You can find instructions for implementing the opt-out cookie at: https://matomo.org/docs/privacy/.

  1. Social Plugins

We use so-called Social-Media-Buttons (also Social-Media-Plugins) on our website. These are small buttons that allow you to publish content from our website on social networks under your profile.

If you activate such a button, a connection will be established between our website and the social network. In addition to the relevant content, the operator of the social network receives further information, some of which is personal. This includes, for example, the fact that you are currently visiting our site.

The social media buttons are integrated using the so-called Shariff solution. This solution prevents a connection to a social network from being established simply because you access a page with a social media button without activating it. This means that information is not sent to the social network until you use the button.

We use the following social media plugins:

  1. a) Facebook Sharing Facebook Ireland Limited

In some cases, information is transmitted to the parent company Facebook Inc. based in the USA. This complies with the data protection regulations of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights and setting options for the protection of your privacy can be found in Facebook’s data protection information at https://www.facebook.com/about/privacy/ .

  1. b) Twitter Sharing of Twitter International Company

In some cases, information is transmitted to the parent company Twitter Inc. based in the USA. This complies with the data protection regulations of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce.

Further information on data protection on Twitter can be found in the Twitter data protection declaration at https://twitter.com/privacy .

  1. c) Google+ share the Google LLC

Google complies with the data protection regulations of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce.

For more information about Google’s privacy practices, please see Google’s Privacy Policy at https://www.google.com/intl/de/policies/privacy/ .

  1. d) Xing parts of Xing SE

Further information on data protection at Xing can be found in XING’s data protection declaration at https://www.xing.com/privacy .

  1. e) LinkedIn share the LinkedIn Ireland Unlimited Company

For more information about LinkedIn’s privacy policy, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy .

  1. YouTube

We use components (videos) of the company YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter: “YouTube”), a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”), on our Internet pages on the basis of consent pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

Here we use the option of the “extended data protection mode” provided by YouTube.

When you access a page that has an embedded video, it connects to the YouTube servers and displays the content on the website by notifying your browser.

According to YouTube, in “extended data protection mode”, your data – in particular which of our Internet pages you have visited and device-specific information including the IP address – will only be transmitted to the YouTube server in the USA when you watch the video. By clicking on the video you consent to this transmission.

If you are logged in to YouTube at the same time, this information will be associated with your YouTube account. You can prevent this by logging out of your member account before visiting our website.

Google complies with the data protection regulations of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce.

  1. Rights of the persons concerned

You have the right:

  • in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future;
  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
  • in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect or complete personal data stored by us;
  • to request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 GDPR;
  • to receive your personal data, which you have provided to us, in a structured, current and machine-readable format in accordance with Art. 20 GDPR or to request the transmission to another person in charge and
  • to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual location or workplace or our company headquarters.

 

Information about your right of objection according to Art. 21 GDPR

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f GDPR (data processing on the basis of a balance of interests), including profiling under Article 4(4) GDPR based on this provision.

If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your objection is directed against a processing of data for the purpose of direct advertising, we will immediately stop the processing. In this case, it is not necessary to specify a particular situation. This also applies to profiling insofar as it is connected with such direct advertising.

If you wish to exercise your right of objection, simply send an e-mail to datenschutz@zv.fraunhofer.de .

  1. Data security

All data transmitted by you personally is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that is also used in online banking, for example. You can recognize a secure TLS connection by the attached s on the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

  1. Up-to-dateness and amendment of this data protection information

This data protection information is currently valid and has the status as of May 2018.

Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to change this data protection information. You can call up and print out the current data protection information at any time on the website under https://www.cml.fraunhofer.de/de/datenschutzerklaerung.html .

  1. Severability clause

Should individual provisions of this data protection declaration be or become invalid or impracticable in whole or in part, this shall not affect the validity of the remaining provisions. The same applies in the case of gaps.