A) General information
Name and contact details of person responsible
Bavarian Research Institute for Digital Transformation (bidt) – an institute of the Bavarian Academy of Sciences
Tel. +49 89 540 235 640
Contact details for the data protection officer
Our data protection officer can be reached at:
Official data protection officer of the bidt –
Bavarian Research Institute for Digital Transformation
– confidentially –
Tel. +49 89 608 076 00
Aims of, and legal basis for, the processing of personal data
The purpose of the data processing is to fulfil the official responsibilities assigned to us by the legislature – in particular to inform the public.
Unless otherwise stated, the legal basis for the processing of personal data is derived from Art. 4 para. 1 of the Bavarian Data Protection Act (BayDSG) in conjunction with Art. 6 para. 1 subpara. 1 (e) of the General Data Protection Regulations (GDPR), in accordance with which we are permitted to process data to the extent necessary to meet our obligations.
Recipients of personal data
Our data processing systems are operated by the Leibniz-Rechenzentrum (LRZ), Boltzmannstraße 1, 85748 Garching.
If necessary, your data will be transferred to supervisory and/or auditing authorities for checking.
In the event of electronic transmission, and in order to avert IT security risks, data may be forwarded to the State Office for IT Security and processed there on the basis of Art. 12 ff. of the Bavarian E-Government Act.
Duration of storage of personal data
Your data will be stored only for as long as is necessary for the fulfilment of our responsibilities in compliance with legal retention periods.
Insofar as we process your personal data, you have the following rights:
- You have the right to information about the data stored about you (Art. 15 GDPR).
- Should your personal data be inaccurate, you have the right to have it corrected (Art. 16 GDPR).
- If the legal requirements are met, you can request the deletion of your data or the restriction of processing (Art. 17 and 18 GDPR).
- If you have consented to the processing or if a contract for data processing exists and the data processing is carried out using automated procedures, you may have a right to data transferability (Art. 20 GDPR).
- If you have consented to the processing and the processing is based on this consent, you can revoke your consent at any time with future effect. The legality of the data processing carried out on the basis of consent prior to revocation shall remain unaffected.
If your data is processed exclusively on the basis of Article 6 paragraph 1 letter e or f GDPR (Article 21 paragraph 1 sentence 1 GDPR), you have the right to object at any time, on grounds of your personal circumstances, to the processing of your data.
Right of appeal to the supervisory authorities
You also have the right to complain to the Bavarian State Commissioner for Data Protection at:
Postal address: Postfach 22 12 19, 80502 Munich
Street address: Wagmüllerstr. 18, 80538 Munich
Tel. +49 89 212 672 0
Fax: +49 89 212 672 50
For further information on the processing of your data and on your rights, please contact us at the above addresses.
B) Information about this website
Our web server is operated by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany, who therefore process on our behalf the personal data you provide when visiting our website.
When you access this or other pages of our website, you transmit data to our web server via your Internet browser. During an ongoing connection for communication between your Internet browser and our web server, the following data are recorded:
- IP address of the user
- Directory protection user
- Pages accessed
- Status code
- Data volume
- User Agent
- Host name
IP addresses are anonymised at domain level so that they cannot be linked to individual users. Anonymised IP addresses are kept for sixty days. Information on the directory protection user is anonymised after one day.
Error logs, which record incorrect page views, are deleted after seven days. In addition to the error messages, these logs contain the accessing IP address and, depending on the error, the website accessed.
Access via FTP is logged with anonymised information on username and IP address and kept for sixty days.
The mail logs for sending e-mails from the web environment are anonymised after one day and then retained for sixty days. During anonymisation, all data regarding the sender/recipient etc. is removed. Only data on the time of sending and information on how the e-mail was processed (queue ID or not sent) are retained.
Mail logs for mail sent via our mail servers are deleted after four weeks. The longer retention period is necessary to ensure the functionality of mail services and prevent spam.
Integration of YouTube videos and social plugins
When you visit our website, additional services from YouTube and social plugins (e.g. LinkedIn) are offered via a two-click process. When the website is first accessed, no data are transmitted to the operators. Only after users have agreed to the LinkedIn logo by clicking on it in the opt-in procedure will data (including the URL of the page you are on and your IP address) be transmitted to the operator, including for subsequent visits. As a user, you can therefore decide for yourself whether to use these services and whether your data are transferred. You can revoke this consent at any time and stop further data transmission to the operators by clicking on the relevant link on the homepage (opt-in procedure).
Integration of YouTube videos
Videos from the external video platform YouTube are integrated on our website. By default, only deactivated images, which do not establish an automated connection with YouTube’s servers, are embedded from YouTube. This means that the operator does not receive any data from the user when the user accesses the websites.
You can decide for yourself whether to activate YouTube videos. Only when you approve the playing of videos by clicking on “Permanent activation” do you give your consent for your data (including the Internet address of the page you are on and your IP address) to be transmitted to the operator.
In order to save the settings you request, we will create a cookie that stores parameters. However, when these cookies are set, no personal data are stored by us; they contain only anonymised data for browser adjustment. The videos are then active and you can play them. If you wish to deactivate the automatic loading of YouTube videos, you can untick the consent box under the data protection symbol. This will also update your cookie settings.
YouTube is a service provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google Inc. 1600 Amphitheater Parkway, Mountainview, California 94043, USA. For more information on the purpose and scope of data processing (including outside the EU and the US) and information on options for protecting your privacy, please refer to the data protection statement at https://policies.google.com/privacy?hl=de&gl=de. Google processes your personal data in the US (and elsewhere) and has therefore complied with the EU-US Privacy Shield.
Integration of Google Maps
We integrate Google Maps in such a way that data are not automatically sent to Google. On our events page there is a link to Google Maps. If you click on the Google Maps logo, a new browser window will open and you will find the venue on a Google map.
Evaluation of user behaviour (web tracking systems; coverage measurement)
Use of Matomo (formerly PIWIK)
To design our website in line with requirements, we use the Matomo works analysis tool to evaluate user behaviour. Your IP address is first anonymised and then evaluated by us. You can deactivate this function by adjusting your browser settings.
You can decide whether a unique web analysis cookie can be stored in your browser to enable the operator of the website to collect and analyse various statistical data.
To opt out, click the following link to place the Matomo deactivation cookie in your browser.
C) Information on processing operations
If you send us application documents, we will use this personal data solely to meet your wishes and requirements and to process your application. Personal data will be shared only within the bidt, only with persons involved in the application process and only as part of the application process.
We will use and store your data only as long as is strictly necessary for the processing of your application. Our right to use data to establish an employment relationship is based on Art. 6 para. 1 para. 1 (b) GDPR. As part of the application procedure, we also process special categories of personal data. The legal basis for this is Art. 9 para. 2 (b) and (h) GDPR, Art. 88 para. 1 GDPR and Art. 8 para. 1 sentence 1 nos. 2 and 3 BayDSG. Applicant data will be deleted at the end of the procedure (i.e. six months after the acceptance or rejection of the application). We comply with the time limits for bringing an action before the employment courts, as we always have to consider the possibility of impending proceedings.
Newsletter, requesting publications
You can have our regular newsletter sent to you. Your e-mail address will be stored for the purpose of sending the newsletter and will be processed solely for that purpose.
You can stop receiving the newsletter at any time by e-mailing email@example.com or by simply clicking on the “Unsubscribe” link in the newsletter. Your e-mail address will then be deleted from the newsletter distribution list.
At present, we do not use a contractor for the administration and dispatch of newsletters. This is done by us in-house.
You can register for events via our website, in which case the legitimacy of our data processing is based on Art. 6 Par. 1 (b) and (e) GDPR. We will use your data solely for the purpose of the event and will not share it with any third parties. However, we may be obliged by law to disclose your data to third parties (e.g. as part of an inspection process).
We store the data you provide when registering for a maximum of two years and allow us to invite you to follow-up events, provided we have not received any objection from you. If we are obliged to store documents for tax reasons, we can only delete relevant data, including personal data, after a period of ten years.
For registration for bidt events, we have commissioned contractors to process your data solely in accordance with our instructions and not for their own purposes. We currently use the following contractor for event management:
- eveeno, Andreas Bothe, Ellenbogen 8, D-91056 Erlangen. eveeno is an event management platform that enables event organisers to organise events and sell tickets.
Video conferencing by Zoom
In order to hold virtual events or video conferences per online meeting or webinar (hereinafter referred to collectively as “video conferences”), we require suitable technologies. We have evaluated various providers and found that the services offered by certified EU providers are not suitable for reliably holding video conferences. However, the US provider of Zoom does offer us the appropriate technology. Zoom is a service operated by Zoom Video Communications, Inc., a business located at 805 Broadway Street Suite 800 Vancouver, WA 98660, USA.
We use Zoom in what is referred to as the ‘EU Cluster’. This means that the entire account we use to hold video conferences is located in the EU. Not only is the data centre region for the video conferences in the EU, but all the data processing also takes place exclusively in the EU.
You do not need your own Zoom license to take part in our video conferences. You receive your access link from us by email in advance of a video conference. Simply clicking on the link is all you need to do to take part in the video conference. However, to do so, you also have to provide details of your name and email address at least. You can also use a nick name in this case if you so wish. You can only join a video conference after providing a name and email address.
If you take part in one of our video conferences, we process the name and email address you provide as part of the process. We also process information about the duration of the video conference. Moreover, the scope of the data we process also depends on the information you provide in advance (e.g. in your personal Zoom profile or when participating without registering) or when taking part in (e.g. in the chat or Q&A section) a video conference.
We use Zoom to hold video conferences. If we want to record individual video conferences, we will tell you clearly up front and – if necessary – ask for your consent. The fact that we are recording is also displayed in the actual application. In this case, we may also process questions asked by participants for the purpose of recording and following up on video conferences.
If we do we record a video conference, we process the following data: the MP4 file of all video, audio and presentation recordings, the M4A file of all audio recordings and the text file of the chat.
If you do not connect over a browser but instead by telephone, we process the information on the incoming and outgoing telephone number, the country name plus the time when your participation started and ended.
If we provide you with the option of using the chat, question or survey features in a video conference, we process the text submissions you make in order to display and, if necessary, log them in the video conference. If we hold an interactive video conference and give you the option to view the video and listen to the audio, the data from the microphone and any video camera on your device will be processed accordingly for the duration of the video conference. You can switch off the camera or microphone yourself at any time in the application.
If you are registered as a user with Zoom, reports about video conferences (metadata, telephone connection data, questions and answers in video conferences, survey function in video conferences) can be stored with Zoom for up to one month. An option for software-based “attention monitoring” (“attention tracking”) is available in Zoom, but this is permanently disabled.
Purpose and legal basis
Processing your data serves exclusively for holding the virtual event, i.e. the video conference. The legal basis for processing the data processed in the course of participating in one of the video conferences we organise is formed by Art. 6 (1) (f) GDPR.
Your data is not disclosed or transferred to third parties. As a matter of principle, your data is not transferred to the USA or any other third country.
By means of a data processing agreement and via the conclusion of EU standard contractual clauses owing to the third-country transfers that cannot be ruled out, Zoom is obliged to process your data within the bounds of our instructions only and not for its own purposes. This means that Zoom processes the data provided for the purpose of providing the service, i.e. for holding the video conference and if support is provided, in compliance with the applicable data security measures as a processor within the meaning of Art. 28 GDPR on our behalf and guarantees the level of protection by using the standard data protection clauses, including the data transfer impact assessment which has been conducted.
You can find more information about how Zoom works here.
As a participant in our video conferences, your data, and in particular the name and email address you provide and the amount of time you spend in a video conference, are not stored.
You are free to stop taking part in the video conference at any time.
- As part of our press and public relations work, photos are taken at events and on dates where you may be personally recognisable.
- To opt out of such recording and publication, please contact us at the addresses provided above.
Last updated: 04-08-2022