The data processing on this website is carried out by the website operator. The website operator’s contact details can be found in the legal notice of this website.
Your data will be collected on the one hand when you provide it to us. This may, for example, include the data you enter in a contact form. Other data is automatically collected when you visit the site through our IT systems. This includes above all technical data (e.g. Internet browser, operating system or time of the page request). The collection of this data occurs automatically as soon as you enter our website.
Part of the data is collected to ensure flawless provision of the website. Other data can be used to analyse your user behaviour.
We use service providers for on-site services. These service providers are carefully chosen – especially with regard to data protection and data security – and take all measures required by data protection law for permissible data processing. The data you provide us for your visit will generally not be passed on to further third parties. In particular, your data will not be passed on to third parties for their advertising purposes.
The responsible controller for data processing on this website is:
Phone: +49 6221 533 533
The responsible controller is the natural or legal person who, alone or in concert with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
We have appointed a data protection officer for our company.
Phone: +49 611 950008-33
Many data processing operations are only possible with your express consent. You can revoke given consent at any time. An informal message by e-mail to us is sufficient for this purpose. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
In the event of violations of the GDPR, you are entitled to exercise your right of appeal to a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The right of appeal is without prejudice to any other administrative or judicial remedies.
You have the right to have data submitted to us or to a third party, based on your consent or in the performance of a contract, provided to you in a standard, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done as far as technically feasible.
This site uses, for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as a site operator, an SSL or TLS encryption. You can recognise an encrypted connection by the changing of the address bar of the browser from “http: //” to “https: //” and the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties.
Within the scope of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, the right to correct, block or delete this data. For this purpose as well as for further questions on the subject of personal data, you can always contact us at the address given in the legal notice.
You have the right to demand the restriction of the processing of your personal data. You can contact us at any time at the address given in the legal notice for this purpose. The right to restriction of the processing exists in the following cases: If you deny the accuracy of your personal data stored with us, we usually need time to check this. For the duration of the review, you have the right to request that your personal data be restricted. If the processing of your personal data is unlawful, you may request the restriction of data processing instead of deletion. If we no longer need your personal data but you require it for the purpose of exercising, defending or asserting legal claims, you have the right to demand, instead of the deletion, the restriction of the processing of your personal data. If you have filed an objection pursuant to Art. 21 (1) GDPR, a balance must be made between your and our interests. If it is not certain whose interests prevail, you have the right to demand that your personal data be restricted. If you have restricted the processing of your personal data, this data may only be used with your consent or for the assertion, processing or defence of legal rights or the protection of the rights of another natural or legal person or for the sake of a major public interest of the European Union or a Member State.
The use of contact data published in the context of the legal notice obligation for sending unsolicited advertising and information materials is hereby rejected. The site operators expressly reserve the right to take legal action in the event of unsolicited advertising such as spam e-mails.
Personal data will be deleted after expiry of the statutory retention period, if it is no longer required for contract fulfilment or contract initiation.
If you have given us consent to process your personal data for a specific purpose, the processing is performed based on Art. 6 (1) (a) GDPR. If such processing is necessary in order to fulfil or initiate a contract with you, the processing is based on Art. 6 (1) (b) GDPR. In some cases, for example, in order to fulfil tax obligations, we may be subject to a legal obligation to process personal data. The legal basis for this in such cases is Art. 6 (1) (c) GDPR. In rare cases, processing may also be done to protect vital interests of you or another natural person. In this exceptional case, processing takes place based on Art. 6 (1) (d) GDPR. Finally, processing operations can also be based on Art. 6 (1) (f) GDPR. This is the case if the processing is to safeguard a legitimate interest of our company or a third party, unless your interests, fundamental rights or fundamental freedoms prevail. Such a legitimate interest can already be assumed if you are a customer of ours. If the processing of personal data is based on Art. 6 (1) (f) GDPR, our legitimate interest is the performance of our business activities.
We as the controller have taken technical and organisational security measures in accordance with Art. 32 GDPR. This includes in particular measures to ensure the confidentiality, integrity and availability of the data. In addition, we have established processes that ensure the protection of data subject rights, the deletion of personal data and an immediate response to the threat to such data. In addition, we ensure the protection of personal data already in the development and selection of hardware and software in accordance with the principles of Art. 25 GDPR. All our employees and persons involved in data processing are obliged to comply with the General Data Protection Regulation and other data protection laws and the confidential handling of personal data. In the case of the collection and processing of personal data, the information is transmitted in encrypted form in order to prevent misuse of the data by third parties. Our security measures are continually being revised in line with technological developments. However, Internet-based data transmissions can generally have security gaps such that absolute protection cannot be guaranteed.
Persons under the age of 16 should not submit any personal data to us without the consent of their parents or guardians. We do not request personal data from children and adolescents, do not collect it and do not disclose it to third parties.
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:
A combination of this data with other data sources does not occur. The collection of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and the optimisation of its website, which requires the server log files to be recorded.
If you contact us by e-mail, telephone or fax, your request, including any resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not disclose this data without your consent. The processing of this data is based on Art. 6 (1) (b) GDPR, if your request relates to the fulfilment of a contract or is required to carry out pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 (1) (a) GDPR) and/or on our legitimate interests (Art. 6 (1) (f) GDPR), as we have a legitimate interest in the effective processing of any inquiries addressed to us. The data you send to us via contact requests remains with us until you request us to delete it, you revoke your consent to the storage, or the purpose for data storage no longer applies (e.g. after completed processing of your concern). Compulsory statutory provisions – in particular statutory retention periods – remain unaffected.
On our pages, plugins of the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated. The Facebook plugins can be recognized by the Facebook logo or the “Like Button” (“Like”) on our site. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE
If you do not wish Facebook to associate your visit to your Facebook user account, please log out of your Facebook user account. The use of the Facebook plugins is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in having as much visibility as possible in social media.
This website uses the open source web analytics service Matomo. Matomo uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymised prior to storage. Matomo cookies remain on your device until you delete them. Matomo cookie storage and use of this analysis tool occurs based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the anonymous analysis of user behaviour in order to optimise its online offer. The information generated by the cookie about the use of this website will not be disclosed to third parties. You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to fully use all functions of this website.
If you disagree with the storage and use of your data, you can deactivate the storage and use.
Klicken Sie auf den unteren Button, um den Inhalt von piwik.h-its.org zu laden.
We offer you the opportunity to apply with us (e.g. by e-mail, by post or via the online application form). In the following, we will inform you about the scope, purpose and use of your personal data collected during the application process. We guarantee that the collection, processing and use of your data will be in accordance with applicable data protection law and all other applicable laws and that your data will be kept strictly confidential.
If you submit an application to us, we process your related personal data (such as contact and communication information, application materials, job interview notes, etc.) to the extent necessary to decide on the employment relationship. The legal basis for this is § 26 BDSG-new according to German law (initiation of an employment relationship), Art. 6 (1) (b) GDPR (general contract initiation) and – if you have given your consent – Art. 6 (1) (a) GDPR. The consent is revocable at any time. Your personal data will be passed on within our company exclusively to persons who are involved in the processing of your application. If the application is successful, the data submitted by you based on § 26BDSG-new and Art. 6 (1) (b) GDPR will be stored for employment purposes in our data processing systems.
If we cannot make you a job offer, if you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you provide, including any remaining physical application documents, will be stored for a maximum of 6 months after completion of the application process (retention period) in order to be able to clarify the details of the application process in the event of disagreement (Art. 6 (1) (f) GDPR). THIS STORAGE CAN BE DISPUTED TO THE EXTENT THAT YOU HAVE LEGAL INTERESTS THAT TAKE PRECEDENCE OVER OUR INTERESTS. After expiry of the retention period, the data will be deleted unless there is a statutory retention obligation or any other legal reason for further storage. If it is apparent that the retention of your data will be required after the expiry of the retention period (e.g. due to a pending or pending legal dispute), deletion will not take place until the data has become invalid. Other statutory storage obligations remain untouched.
We use online conference tools, among other things, for communication with our customers and audiences. The tools we use are listed in detail below. If you communicate with us by video or audio conference or attend one of our our talks using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata). Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
Should content be exchanged, uploaded or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.
The conference tools are used to communicate with prospective or existing contractual partners and audiences or to offer certain services in Public Relations (Art. 6 para. 1 sentence 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our institution (legitimate interest in the meaning of Art. 6 para. 1 lit. f GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.
Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact directly the operators of the conference tools. https://zoom.us/de-de/privacy.html.
Our contractual partner KT Abrechnungsdienste e.K. have entered into a contract data processing agreement with the provider of Zoom and implemented equally the strict provisions of the German data protection supervisory agencies to the fullest when using Zoom. In addition, there is a contractual arrangement between KT Abrechnungsdienste e.K. and HITS gGmbH.
The HITS and its representatives offer various events, for example in the form of workshops, lectures, and conferences. For some of these events, we ask you to register in advance, during the course of which mandatory information is requested. This includes in particular your name, title, email address, and data required for participation in and implementation of the event. A detailed overview can be found in the respective registration form. The data will be processed for the purpose of fulfilling the contractual obligations, including billing and the preparation of supporting material for the event, such as lists of participants. For sending information about the corresponding event as well as important changes, for example in the scope of the offer or due to technical requirements, we use the email address provided during registration to contact you.
The data entered in the registration form is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts (Art. 6 (1) (b) GDPR).
The data collected during registration will be stored by us until the purpose for data processing ceases to apply or it is no longer required for the purpose. Unless the data is deleted because it is required for other and legally permissible purposes, its processing will be limited to these purposes. Accordingly, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural person or legal entity. If users request the deletion of their personal data, their data will be deleted unless there is a legal obligation to retain it. This does not apply to data that has already been printed and distributed.
For some events we charge a participation fee. For more information, please visit the respective event page. As part of this contractual relationship, we offer data subjects an efficient and secure payment option and use payment service providers for this purpose. The data processed by the payment service providers includes data such as your name and address, bank data, in particular account numbers or credit card numbers, as well as the contract and sum details. The information is required to perform the respective transactions. However, the data entered will only be processed by and stored with the payment service provider. If you use the payment service PayPal, we do not receive any account or credit card related information, but only information on confirmation or rejection of the payment. The respective contractual and data protection provisions of the respective provider apply to these transactions. The use of the payment service provider is based on Art. 6 (1) (b) GDPR (commissioned data processing) and in the interest of a smooth, convenient, and secure payment process (Art. 6 (1) (f) GDPR). Insofar as your consent is required for further data processing and this is given, the legal basis for the processing is Art. 6 (1) (a) GDPR; consents can be revoked at any time for the future.
In addition, you have the option to pay the participation fee by bank transfer. The payment information you enter with your payment service provider, in particular your account data, is processed and stored there. We receive your account-related information and the amount of the payment from your payment service.
Photographs, group photos and films (including audio recordings) are taken to support public relations, media accompaniment for conferences, events and other activities of HITS. These recordings are generally published on HITS websites, social media channels, and in print media.
Below you will find an overview of the purposes and legal bases of data processing in the context of our (virtual) events.
The purpose of data processing is to prepare and conduct the (virtual) event. Your data will be processed in order to carry out
Pursuant to Art. 6 (1) (b) GDPR, the legal basis for this processing may be a contractual relationship that may exist with you, if you are acting as a presenter, moderator or similar.
In cases where you have given your consent to the processing of personal data concerning you, the data processing is based on Art. 6 (1)(a) GDPR.
Even if you have not yet given your consent prior to the event, this can also be explicitly obtained at our event by asking you or can be implied by your willing participation. If you do not wish to be photographed, please let us know before the event or contact the photographer at the event. More detailed information will be provided at the respective events.
You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation. Already with your registration you confirm that you have been informed accordingly about your rights.
In the event of revocation, HITS will remove the images and videos from all websites to which HITS has access. In the case of group photos, only individual persons are anonymized. Please note that the revocation of consent does not apply to print media that have already been printed and passed on. Furthermore, it must be taken into account that photos and film recordings can be accessed worldwide when published on the Internet or in social networks. Further use and/or modification by third parties cannot be ruled out. Therefore, complete deletion of the published photos and video recordings on the Internet can only be ensured on the pages of the controller.
As of 03/2021