Data Protection

Privacy Statement
Fraunhofer Institute for Cell Therapy and Immunology IZI

 

When using this website, your personal data will be handled by us as the entity responsible for data processing, also referred to as the “controller”. This data will be stored for the duration necessary for fulfilling the determined purposes and legal obligations. The text below will provide you with information on the specific data referred to here, how it is processed and what rights you have in this regard.

 

1. Name and contact details of the controller and the data protection officer at Fraunhofer


This privacy statement shall apply to data processing for the following websites operated by Fraunhofer IZI:

  • www.izi.fraunhofer.de 
  • www.foodallergen.de
  • www.fs-leipzig.com
  • www.neurorepair.de
  • www.neurorepair-2012.de
  • www.ribolution.de
  • www.ribolution.eu
  • www.ribolution.info
  • www.ribolution.net
  • www.ribolution.org
  • www.wcrm-leipzig.com
  • www.west-nile-shield-project.eu
  • www.crossseeds.eu
  • www.lion-conference.com
  • www.lion-conference.de
  • www.lion-conference.org
  • www.mature-nk.eu
  • www.wirsinddiana.de
  • www.saxocov.de

 

performed by the controller:

Fraunhofer-Gesellschaft
zur Förderung der angewandten Forschung e.V.

Hansastraße 27 c,
80686 München
Germany

on behalf of the Fraunhofer Institute for Cell Therapy and Immunology IZI
(hereinafter referred to as “Fraunhofer IZI”.) 

 

Email:         datenschutz@izi.fraunhofer.de
Telephone:              +49 341 35536-1000
Fax:                         +49 341 35536-9921

 

Fraunhofer’s data protection officer Mr. Ralph Harter can be contacted at the postal address provided above, FAO Data Protection Officer, or at datenschutz@zv.fraunhofer.de.

Please feel free to contact our data protection officer directly at any time with questions concerning data protection law or your rights as a data subject.

2. Specific terminology


“Personal data”
means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers virtually all instances of data handling.

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

3. Processing personal data and purposes of processing

a) When visiting our websites

When you visit our websites, the web servers temporarily record each instance your terminal accesses the website and stores this information in a log file.

The following data are gathered and saved until their automatic deletion:

  • IP address of the computer requesting access
  • date and time of access
  • name and URL of the retrieved data
  • relayed volume of data
  • notification as to whether the retrieval was successful
  • browser and operating system used
  • name of the internet access provider
  • websites from which our website was accessed (referrer URL)

This data is processed for the following purposes:

  1. to enable the use of the website (establish a connection)
  2. to facilitate the administration of the network infrastructure
  3. to take appropriate technical and organizational measures for IT system and information security taking the state of the art into account
  4. to guarantee user friendliness
  5. to optimize the websites

The legal bases of data processing as stated above are:

  • processing for visits to websites in accordance with numbers 1-2, Art. 6 (1) clause 1 letter b GDPR (requirement to fulfill the contractual relationship governing the use of the website),
  • processing in accordance with number 3, Art. 6 (1) clause 1 letter c GDPR (legal obligation to implement technical and organizational measures to protect data processing in accordance with Art. 32 GDPR) and Art. 6 (1) clause 1 letter f GDPR (legitimate interests for processing data for the purposes of ensuring network and information security), and
  • processing in accordance with numbers 4-5, Art. 6 (1) clause 1 letter f GDPR (legitimate interests). The legitimate interests with regard to our data processing are based on our desire to make our online presence user friendly and as optimal as possible.

The data referred to above are automatically deleted from the web server after a defined 30-day period. If data are processed for a longer period of time for the purposes stated under numbers 2-5, they will be anonymized or erased as soon as storage is no longer necessary for the respective purpose.

Furthermore, we use cookies and analysis services when documenting visits to our website. For more details, please refer to items 4 and 5 of this privacy statement.
 

b) When registering for our newsletter  

If you have given your explicit consent in accordance with Article 6 (1) clause 1 letter a GDPR, we will use your email address to send you our newsletter on a regular basis, keeping you up to date with the work being carried out at our institute and with other Fraunhofer e.V. facilities and events. We have to collect the following information to be able to send out the newsletter:

  • email address,
  • title,
  • first name,
  • surname,
  • in the case of press mailing lists: also company name and/or press medium.

We need your name and title to be able to address you personally when sending our newsletter. 

You are also welcome to volunteer additional personal details such as your address and telephone number. We use this data to contact you by phone or post (e.g. for press invitations or information letters).

Once registered, you will receive a registration notification by email, which you then have to confirm in order to receive the newsletter (so-called double opt-in). This serves as proof that the registration was indeed initiated by you.

You can unsubscribe from the newsletter at any time, e.g. by following the respective link at the end of each newsletter. Alternatively, you are welcome to send an email to datenschutz@izi.fraunhofer.de asking to unsubscribe, or to click the following link: https://newsletter.fraunhofer.de/-optout/20136/23/1/1/cGHPHVWZ

Your email address will be deleted as soon as you withdraw your consent to receive the newsletter.

Our newsletter is distributed by the provider mailingwork GmbH, Birkenweg 7, 09569 Oederan, Germany (“MAILINGWORK”). The email addresses of our newsletter recipients are stored by the MAILINGWORK servers in Germany on our behalf.

MAILINGWORK uses this information to send and evaluate the newsletter for us. To this end, we have concluded an order processing contract with MAILINGWORK. Under this contract, MAILINGWORK assures that it shall process the data in conformity with the General Data Protection Regulation and protect the rights of data subjects.

MAILINGWORK assures that personal data are comprehensively protected against unauthorized access. MAILINGWORK itself will not utilize the data of our newsletter recipients to contact them itself and it will not disclose the data to third parties.
 

c) When registering for our press mailing list

If you have given your explicit consent in accordance with Article 6 (1) clause 1 letter a GDPR, we will use your email address to send you our press newsletter on a regular basis. We have to collect the following information to be able to send out the press newsletter:

  • title,
  • surname, first name,
  • email address.

You may also volunteer your company name and/or press medium.

We need your name and title to be able to address you personally when sending our press newsletter.

We use your company name and/or press medium to designate you as a member of the press and to send you press invitations by post, as appropriate.

After you have registered, you will receive a registration notification by email, which you then have to confirm in order to receive the press newsletter (so-called double opt-in). This serves as proof that the registration was indeed initiated by you.

You can unsubscribe from the newsletter at any time, e.g. by following the respective link at the end of each press newsletter. Alternatively, you are welcome to send an email to datenschutz@izi.fraunhofer.de asking to unsubscribe.

Your email address will be deleted as soon as you withdraw your consent to receive the newsletter.
 

d) When using contact forms

You have the opportunity to contact us using a form available on our website. The following information must be provided when completing the form:

  • title
  • first and last name, and
  • email address.

We require your data in order to determine who has sent the request and to be able to answer and process it.

The data are processed at your request; data processing within the context of responding to contact requests is based on our legitimate interests pursuant to Article 6 (1) clause 1 letter f GDPR.

The personal data collected by us to enable the use of the contact form will automatically be deleted as soon as your request has been dealt with in full.

4. Disclosure of personal data

With the exception of the previously stated instances of data processing commissioned by us (registration for a newsletter, ...), we will only disclose your personal data to third parties, i.e. other natural or legal persons besides you (the data subject), the controller or the processor and its members of staff authorized to process data, if:

  • you have given your explicit consent enabling us to do this pursuant to Article 6 (1) clause 1 letter a GDPR;
  • this is necessary pursuant to Article 6 (1) clause 1 letter b GDPR to fulfil a contract with you;
  • they are required by shipping companies for the purpose of delivering goods you have ordered;
  • payment data are required by payment service providers or banks in order to carry out a payment transaction;
  • there is a legal obligation for such disclosure in accordance with Article 6 (1) clause 1 letter c GDPR, for instance to financial or law enforcement authorities; such disclosure is necessary to assert, exercise or defend legal claims in accordance with Article 6 (1) clause 1 letter f GDPR and there is no reason to assume that you have an overwhelming interest worthy of protection in the non-disclosure of your data. Such disclosure may occur, for example, if attacks are carried out on our IT systems at governmental institutions and prosecutorial authorities.

The disclosed data may be used by the third party for the stated purposes only.

The transfer of personal data to a third country (outside the EU) or an international organization is excluded.

5. Cookies

We use cookies on our website. Cookies are small files that are automatically generated by your browser and stored on your terminal (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your terminal and do not contain any viruses, Trojan horses or other malware.

Information that emerges in connection with the specific terminal used is stored in the cookie. This does not mean, however, that we are then directly made aware of your identity.

The use of cookies serves, on the one hand, to make it easier for you to use our online presence. In this respect, we use so-called session cookies to be able to manage the session, e.g. to save form entries or shopping carts during the session. Session cookies are deleted when you close your web browser at the latest.

Besides this, we also use temporary cookies to optimize user-friendliness; these cookies are stored on your terminal for a determined amount of time. If you visit our website anew to utilize our services, it will be automatically detected that you have visited our site in the past and your previous entries and settings will be recalled to avoid you having to enter them again.

On the other hand, we use cookies to gather statistics on the use of our website and in order to evaluate how we have optimized our online presence for you (see item 6). If you visit our website anew, these cookies allow us to automatically recognize that you have visited our site in the past. These cookies will be automatically deleted after a defined period of time.

The data processed by cookies are required for the stated purposes of safeguarding our legitimate interests and those of third parties in accordance with Article 6 (1) clause 1 letter f GDPR.

Most browsers accept cookies automatically. You can, however, configure your browser in such a way that no cookies are stored on your computer or that a notice always appears before a new cookie is created. Please note that the complete deactivation of cookies may result in you being unable to use some of the functions of our website.

6. Web analysis / tracking

We utilize the Leadlab service provided by Wiredminds GmbH besides the company’s tracking pixel technology to analyze user behavior and to optimize our website based on these analyses. In particular, the service allows us to identify which companies have visited our website. We do not, however, receive any information which would directly identify you.

In connection with the use of Leadlab, cookies and tracking pixels are utilized that enable a statistical analysis of the use of this website through your visits. Information, including personal information, on your behavior as a visitor is stored in the cookie and transmitted to Wiredminds or collected by Wiredminds directly. The information is processed by Wiredminds, using a pseudonym, in a use profile for analysis purposes and anonymized as far as possible.

The data gathered here will not be used to personally identify you, unless you have given separate consent to this end, nor will they be combined with personal data about you as the bearer of the pseudonym.

Where IP addresses are collected, they will be anonymized immediately by deleting the final block of numbers.

Please refer to the Wiredminds website for further information on the company’s data protection measures: https://www.wiredminds.de/en/data-protection/

Data are processed based on our legitimate interest pursuant to Article 6 (1) letter f GDPR in optimizing our online services and website. Wiredminds processes the data on our behalf and we have concluded an order processing contract with the company. This assures that the data processing services commissioned by us are performed in accordance with the General Data Protection Regulation and ensures that the rights of the data subject are protected.

If you do not wish to have your user behavior recorded and analyzed, you may object to this through a so-called opt-out cookie. An opt-out cookie will then be generated that prevents your data from being collected when visiting this website in future: The opt-out cookie is valid only for this browser and only for our website and will be stored on your device. If you delete the cookies in this browser, you will have to generate a new opt-out cookie

Exclude from tracking

7. Social plug-ins

We use so-called social media buttons on our website. These are small buttons that you can use to publish content from our website in social networks under your profile.

If you click one of these buttons, a connection is established between our website and the respective social network. Besides the content concerned, the operator of the social network also receives additional information, some of which contains personal data. This includes, for instance, the fact that you are currently accessing our website.

We use the following social media plug-ins:

  • Share on Facebook, provided by Facebook Ireland Limited
    Information will be relayed in part to the parent company Facebook Inc. with its registered office in the US. This company observes the data protection provisions of the “U.S. Privacy Shield” and is registered with the “U.S. Privacy Shield” program administered by the U.S. Department of Commerce. Please see Facebook’s data privacy statements for further information on the purpose and scope of data collection and the further processing and use of the data by Facebook as well as on your respective rights and configuration options for protecting your privacy. https://www.facebook.com/about/privacy/

  • Share on Twitter, provided by Twitter International Company
    Information will be relayed in part to the parent company Twitter Inc. with its registered office in the US. This company observes the data protection provisions of the “U.S. Privacy Shield” and is registered with the “U.S. Privacy Shield” program administered by the U.S. Department of Commerce. Please refer to Twitter’s Data Privacy Statement for more information on data protection at Twitter. https://twitter.com/privacy

  • Share on Google+, provided by Google LLC
    Google observes the data protection provisions of the “U.S. Privacy Shield” and is registered with the “U.S. Privacy Shield” program administered by the U.S. Department of Commerce. Please refer to Google’s Data Privacy Statement for more information on data protection at Google. https://www.google.com/intl/de/policies/privacy/
     
  • Share on Xing, provided by Xing SE
    Please refer to Xing’s Data Privacy Statement for more information on data protection at Xing. https://www.xing.com/privacy
     

8. Data subject rights

You have the right:

  • to withdraw your one-time consent previously granted to us pursuant to Article 7 (3) GDPR at any time. If you do this, we will no longer be able to continue processing the data collected based on this consent in the future;
  • to request that information be provided on your personal data processed by us pursuant to Article 15 GDPR. In particular, you may ask to be provided with information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage time, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, provided they were not collected by us, and the use of automated decision-making including profiling and, if applicable, meaningful information on their particulars;
  • to request, without delay, the rectification of inaccurate or the completion of your personal data stored by us pursuant to Article 16 GDPR;
  • to request the erasure of your personal data stored by us, provided processing is not necessary in order to exercise the right of freedom of expression and information, to comply with a legal obligation, on the grounds of public interest or to establish, exercise or defend legal claims pursuant to Article 17 GDPR;
  • to request that the processing of your personal data be restricted, provided the accuracy of the data is contested by you and the processing is unlawful, however you oppose the erasure of the data and we no longer require the data however you require them in order to establish, exercise or defend legal claims pursuant to Article 18 GDPR or you have objected to processing pursuant to Article 21 GDPR.
  • to receive your personal data, which you have made available to us, in a structured, commonly used and machine-readable format pursuant to Article 20 GDPR, or to request that they are transferred to another controller, and to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. In this case, you can normally seek advice from the supervisory authority of your usual place of residence or workplace or of our company headquarters.

 

Information on your right to object in accordance with Article 21 GDPR
  • You have the right to object to the processing of personal data that concerns you, performed based on Article 6 (1) letter e GDPR (data processing for reasons of public interest) and Article 6 (1) letter f GDPR (data processing based on the weighing of interests), at any point in time on grounds arising from your specific situation; this also applies to profiling based on this provision arising from Article 4 number 4 GDPR.
  • If you object, we will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or unless such processing aims to assert, exercise or defend legal claims.
  • If your objection is directed against the processing of data for the purpose of direct marketing, we will cease such processing immediately. In this case, you are not required to provide details of a specific situation. The same applies to profiling if it is similarly related to direct marketing.
  • If you wish to make use of your right to object, simply send an email to datenschutz@zv.fraunhofer.de.
  • 9. Data security

    All data transmitted by you personally will be done so in encrypted form using the commonly used and secure TLS (Transport Layer Security) standard. TLS is a secure and approved standard which is also used, for instance, in online banking. You can identify a secure TLS connection, among other things, from the additional “s” on the http (i.e. https://...) in your browser’s address bar, or from the lock symbol in the lower part of your browser.

    Besides this, we make use of appropriate technical and organizational security measures in order to protect your data against accidental or intentional instances of manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures will be continuously improved in line with technological development.

    10. Updates and changes to this privacy statement

    This privacy statement is currently valid and was last updated in September 2019.

    It may be necessary to amend this privacy statement as our website and the services offered continue to be developed or due to changes to the legal and/or official guidelines. You can retrieve and print an up-to-date privacy statement at any time from our website under https://www.izi.fraunhofer.de/en/data-protection.html.

    11. Severability clause

    Should individual provisions of this data privacy statement be or become invalid or unenforceable, either in whole or in part, this shall not affect the validity of the remaining provisions. The same shall apply in the case of loopholes.