Events
Events
Main Menu

Information on
data protection

This data protection notice informs you about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Responsible for data processing is Science City Hamburg Bahrenfeld GmbH (hereinafter referred to as "we" or "us").

Contents

  • I. General information
  1. Contact us
  2. Legal basis
  3. Duration of storage
  4. Categories of recipients of the data
  5. Data transfer to third countries
  6. Processing when exercising your rights
  7. Your rights
  8. Right of objection
  • II Data processing on our website
  1. Processing of server log files
  2. Cookies
  3. Consent Management Tool
  4. Matomo
  5. Google Maps
  6. Google Fonts
  7. Translation service Weglot
  • III Data processing on our social media pages
  1. Visiting a social media page
  2. Communication via social media sites
  • IV. Further data processing
  1. Contact by e-mail
  2. Data from interested parties
  3. Applications
  4. Use of the e-mail address for marketing purposes
  • V. Further information for data subjects in Switzerland

I. General information

1. contact

If you have any questions or suggestions regarding this information or would like to contact us to assert your rights, please send your request to

Science City Hamburg Bahrenfeld GmbH


2. legal bases

The data protection term "personal data" refers to all information relating to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of legal permission. We only process personal data with your consent (Section 25 (1) TDDDG or Art. 6 (1) (a) GDPR), to fulfill a contract to which you are a party or at your request to carry out pre-contractual measures (Art. 6 (1) (b) GDPR), to fulfill a legal obligation (Art. 6(1)(c) GDPR) or if processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6(1)(f) GDPR).

If you apply for an open position in our company, we will also process your personal data to decide on the establishment of an employment relationship (Section 26 (1) sentence 1 BDSG).

3. duration of storage

Unless otherwise stated in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will store such personal data contained in our accounting data for eight years and store personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof and with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

4. categories of recipients of the data

We use processors within the scope of processing your data. The processing operations carried out by such processors include, for example, hosting, e-mail dispatch, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures or file and data carrier destruction. A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the controller and are contractually obliged to guarantee suitable technical and organizational measures for data protection. We may also transfer your personal data to bodies such as postal and delivery services, your bank, tax consultants/auditors or the tax authorities. Data may be transferred to the responsible health authority for infection tracking purposes. Further recipients may result from the following information.

5. data transfer to third countries

Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is required in such a third country. If there is no such adequacy decision by the European Commission, personal data will only be transferred to a third country if there are suitable guarantees in accordance with Art. 46 GDPR or if one of the requirements of Art. 49 GDPR is met.

Unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option of receiving or viewing a copy of these EU standard data protection clauses. Please contact us at the address given under Contact.

If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49 para. 1 letter a GDPR

6. processing in the exercise of your rights

If you exercise your rights in accordance with Art. 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this. We will only process data stored for the purpose of providing and preparing information for this purpose and for the purposes of data protection monitoring and will otherwise restrict processing in accordance with Art. 18 GDPR.

This processing is based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with. Art. 15 to 22 GDPR and § 34 para. 2 BDSG.

7. your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

 

  • In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not we process personal data relating to you and, if so, to what extent.
  • You have the right to demand that we rectify your data in accordance with Art. 16 GDPR.
  • You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
  • You have the right to restrict the processing of your personal data in accordance with Art. 18 GDPR.
  • In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller.
  • If you have given us separate consent to process your data, you can withdraw this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.
  • If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

8. right of objection

In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 (2) and (3) GDPR.

II Data processing on our website

When you use the website, we collect information that you provide yourself. In addition, certain information about your use of the website is automatically collected by us during your visit to the website. Under data protection law, the IP address is also considered personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.

1. processing of server log files

When using our website for purely informational purposes, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). By default, this includes: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code.

The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f GDPR. This processing serves the technical administration and security of the website. The stored data will be deleted after seven days unless there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not in a position to identify you as a data subject on the basis of the stored information. Art. 15 to 22 GDPR therefore do not apply in accordance with Art. 11 para. 2 GDPR, unless you provide additional information that enables your identification in order to exercise your rights set out in these articles.

2. cookies

We use cookies and similar technologies ("cookies") on our website. Cookies are small data records that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies through your browser settings in principle or for certain cases.

The use of cookies is in part technically necessary for the operation of our website and is therefore permitted without the user's consent. We may also use cookies to offer special functions and content and for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third-party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 25 (1) TDDDG and, if applicable, Art. 6 (1) (a) GDPR. Information on the purposes, providers, technologies used, stored data and the storage duration of individual cookies can be found in the cookie settings of our Consent Management Tool.

3. consent management tool

This website uses a consent management banner to control cookies. The consent banner enables users of our website to give their consent to certain data processing operations or to withdraw their consent. By confirming the "Accept" button or by saving individual cookie settings, you consent to the use of the associated cookies. The legal basis under data protection law is your consent within the meaning of Art. 6 para. 1 letter a GDPR.

The banner also helps us to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data for this declaration. Cookies are also used to collect this data.

The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 GDPR).

You can revoke your consent for cookies by clicking on the white button at the bottom right. 

4. matomo

We use the Matomo service from the provider InnoCraft Ltd (New Zealand) on our website.

Matomo is a web analysis service that enables us to collect and analyze data about the behavior of users on our website.

Matomo uses cookies for this purpose, which enable us to analyze the use of our website. InnoCraft Ltd also processes personal data on our behalf in the form of IP addresses and information about interaction with our website. The IP address is anonymized immediately after processing and before storage.

The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for data processing in connection with the Matomo service is therefore Article 6(1)(a) GDPR. You can revoke this consent at any time via our Consent Management Tool with effect for the future.

Further information on data protection at Matomo can be found in the privacy policy of InnoCraft Ltd at https://matomo.org/matomo-cloud-privacy-policy/.

5. google maps

We use Google Maps from Google Ireland Limited (Ireland, EU) on our website to display maps and for virtual tours. For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Google and Google may set its own cookies.

Your data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

When using the service, a transfer of your data to the USA cannot be ruled out. Please also note the information in the section "Data transfer to third countries". Further information on data protection at Google can be found in Google's privacy policy at https://www.google.com/policies/privacy.

6. google fonts

We use Google Web Fonts from Google Ireland Limited (Ireland, EU) on our website to display fonts. For such integration, your IP address must be processed so that the content can be sent to your browser. Your IP address is therefore transmitted to Google. 

Your data is processed on the basis of your consent. The legal basis for data processing is therefore Art. 6 (1) (a) GDPR. You can revoke this consent at any time via our Consent Management Tool with effect for the future.

When using the service, a transfer of your data to the USA cannot be ruled out. Please also note the information in the section "Data transfer to third countries". Further information on data protection at Google can be found in Google's privacy policy at https://policies.google.com/privacy?hl=de.

7. translation service Weglot

We use the Weglot translation service from the provider Weglot SAS (France, EU) on our website. Weglot enables us to automatically translate our content into different languages and provide our users with a multilingual website. Weglot SAS processes your personal data, such as your IP addresses and your interaction with our website, to ensure the functionality of the language switcher. In addition, cookies are set by the service provider to integrate the service on your device, in particular to store content that has already been translated and to store your language preferences.

The legal basis for data processing and the setting of cookies in connection with the Weglot service is your consent in accordance with Art. 6 para. 1 letter a GDPR. You can revoke this consent at any time via our Consent Management Tool with effect for the future.

Further information on data protection at Weglot can be found in Weglot's privacy policy at https://www.weglot.com/privacy.

III Data processing on our social media pages

We have a company page on several social media platforms. In this way, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:

  • LinkedIn of LinkedIn Ireland Unlimited Company, (Ireland, EU), hereinafter referred to as "LinkedIn";
  • XING of NEW WORK SE, (Germany, EU), hereinafter referred to as "XING".

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit to a social media profile, which may also constitute personal data.

1. visiting a social media page

When you visit our social media page, which we use to present our company or individual products from our range, certain information about you is processed. The operators of the social media platforms are solely responsible for this processing of personal data. Further information on the processing of personal data can be found in their privacy policies, which we link to below:

The operators of the social media platforms collect and process event data and profile data and provide us with statistics and insights for our pages in anonymized form, with the help of which we gain knowledge about the types of actions that people take on our site (so-called "page insights"). These Page Insights are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by the social media operators and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings. The legal basis for this processing is Article 6(1)(f) GDPR.

We cannot assign the information obtained via Page Insights to individual user profiles that interact with our pages. We have entered into agreements with the operators of the social media platforms on processing as joint controllers, in which the distribution of data protection obligations between us and the operators is defined. Details on the processing of personal data for the creation of Page Insights and the agreement concluded between us and the operators can be found under the following links:

You also have the option of asserting your rights against the operators. You can find further information on this under the following links:

We have agreed with LinkedIn that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

2. communication via social media sites

We also process information that you have provided to us via our company page on the respective social media platform. Such information may include the username used, contact details or a message to us. This processing is carried out by us as the sole controller. We process this data on the basis of our legitimate interest in contacting people who make inquiries. The legal basis for data processing is Article 6(1)(f) GDPR. Further data processing may take place if you have given your consent (Art. 6 para. 1 letter a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 letter c GDPR).

 

IV. Further data processing

1. contact by e-mail

If you send us a message via the contact email provided, we will process the data transmitted for the purpose of responding to your request. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is Art. 6 para. 1 letter f GDPR.

2. data of interested parties

If you contact our company as an interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of the personal master, contract and payment data provided to us as well as contact and communication data of our contact persons for commercial prospects and business partners. The legal basis for this processing is Article 6(1)(f) GDPR.

We also process interested party data for evaluation and marketing purposes. This processing takes place on the legal basis of Art. 6 para. 1 letter f GDPR and serves our interest in further developing our offer and informing you specifically about our offers.

Further data processing may take place if you have given your consent (Art. 6 (1) (a) GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 (1) (c) GDPR).

3. applications

If you apply to our company, we will process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and acknowledged by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have submitted for up to six months after any rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage. The legal basis for data processing is § 26 para. 1 sentence 1 BDSG. If we store your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.

4. use of the e-mail address for marketing purposes

We may use your e-mail address provided in the course of our cooperation to inform you about similar products and services offered by us.

The legal basis is Art. 6 para. 1 letter f GDPR in conjunction with. § Section 7 (3) UWG. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an email to info@sciencecity.hamburg.

V. Further information for data subjects in Switzerland

If you are a data subject within the scope of the Swiss Federal Act on Data Protection, the information under this point also applies.

The legal references made in this data protection information are aimed at data subjects in Switzerland in accordance with the comparable provisions of the Federal Act on Data Protection. This applies in particular to the applicable rights of data subjects pursuant to Art. 25-29, 32 FADP.

We guarantee an appropriate level of data protection. This is ensured by

  • an established adequate level of data protection pursuant to Art. 16 para. 1 FADP for the recipient country;
  • Standard data protection clauses that the FDPIC has previously approved, issued or recognized, in particular the standard contractual clauses of the European Commission;
  • certification in accordance with the principles of the data protection framework between Switzerland and the USA (Data Privacy Framework), if the data processing is carried out by a certified organization in the USA;
  • an international treaty in which an appropriate level of data protection is regulated.
Brand/Signet/Brand-Signet-ColorInverted Copy

Science City Hamburg Bahrenfeld GmbH

Infocenter Science City

Follow us

  • Opening hours
    Wednesdays from 10 am to 2 pm
    Thursdays from 2 pm to 6 pm

Made with ❤️ by DevLabor

Logo Hanseatic City of Hamburg
Skip to content