Fraunhofer Institute for Applied and Integrated Security
Fraunhofer Institute for Applied and Integrated Security

Data Protection

The

Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11
85748 Garching
Phone: +49 89 322 99 86-0
Email: anfragen(at)aisec.fraunhofer.de

is a legally non-autonomous institution of the

Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e. V.
Hansastraße 27 c
80686 Munich
Internet: www.fraunhofer.de
Email: info(at)zv.fraunhofer.de

Responsible Editor: Prof. Dr. Claudia Eckert

When you use this website, we, as the data controller, process your personal data and store it for the period necessary to fulfill the specified purposes and legal obligations. Below, we inform you about what data is involved, how it is processed, and what rights you have in this regard.

According to Article 4(1) of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.

1. Name and contact details of the data controller and the company data protection officer

This privacy policy applies to data processing on the website www.aisec.fraunhofer.de by the data controller:

Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e. V.
Hansastraße 27c,
80686 Munich

for its Fraunhofer Institute for Applied and Integrated Security AISEC (hereinafter »Fraunhofer AISEC«)

Phone +49 89 322 99 86-0
presse@aisec.fraunhofer.de
www.aisec.fraunhofer.de

Fraunhofer’s Data Protection Officer can be reached at the above address, for the attention of the Data Protection Officer datenschutz@zv.fraunhofer.de.

You may contact our Data Protection Officer directly at any time with questions regarding data protection law or your rights as a data subject.

2. Processing of Personal Data and Purposes of Processing

a) When Visiting the Website

You can access our website without having to disclose any information about your identity. The browser used on your device automatically sends information to our website’s server (e.g., browser type and version, date and time of access) to enable a connection to the website. This also includes the IP address of your requesting device. This is temporarily stored in a so-called log file and automatically deleted after 30 days:

The IP address is processed for technical and administrative purposes related to establishing and maintaining the connection, to ensure the security and functionality of our website, and to be able to investigate any unlawful attacks on it if necessary.

The legal basis for processing the IP address is Art. 6(1)(f) GDPR. Our legitimate interest stems from the aforementioned security concerns and the necessity of ensuring the uninterrupted provision of our website.

We cannot draw any direct conclusions about your identity from the processing of the IP address and other information in the log file.

In addition, we use tracking pixels and analytics services when you visit our website. You can find further details on this in Section 4 of this Privacy Policy.
 

b) When registering for events

We regularly offer a wide variety of events via our website for which you can register online. When registering for an event, certain mandatory information must be provided. This includes

  • Title
  • First and last name
  • Address
  • Email address
  • Payment details (only for paid events and depending on the payment method you select)

Any additional required information is marked as such (e.g., with an *). In addition, you can often provide further information on a voluntary basis.

The processing of the required information is carried out to identify interested parties as event participants, to reserve a spot, to process the participation agreement, and to provide participants with information about the event before, during, and after the event. This is intended to ensure an optimal experience for you and to enable us to plan and ensure a smooth event. If we collect your payment information for paid events, we require this to bill the participation fee.

Providing optional information allows us to plan and conduct the event in a manner appropriate to participants’ interests and age groups.

Data processing is carried out at the request of interested participants and is necessary, pursuant to Art. 6(1)(b) GDPR, for the fulfillment of the participation agreement and pre-contractual measures for the purposes stated.

The personal data we collect for the event will be stored by us for a period of 2 years, unless you have consented to further storage in accordance with Article 6(1)(a) of the GDPR.

In connection with event registration via our web forms, we collaborate with the service provider Positive Group Chemnitz GmbH, Schönherrstr. 8, 09113 Chemnitz (»Mailingwork«). The purpose of this collaboration is the professional management of online registrations. To this end, the data entered is stored on Mailingwork’s servers in Germany.

We have entered into a data processing agreement with Mailingwork. Through this agreement, the service provider assures that it processes the data on our behalf in accordance with the General Data Protection Regulation and ensures the protection of the rights of the data subjects.

For the processing of financial services for paid events, we collaborate with eveeno GmbH, Ellenbogen 8, D-91056 Erlangen. The data is stored on servers within the EU in Strasbourg.

A data processing agreement is in place. Through this agreement, the service provider assures that they process the data on our behalf in accordance with the General Data Protection Regulation and ensure the protection of the rights of data subjects.

Photos and videos are taken to document the event visually. It cannot be ruled out that you may be directly or indirectly identifiable in the recordings, meaning that this constitutes personal data.

The recordings are created for Fraunhofer AISEC and used for news directly related to the event and for internal and external reporting by and on behalf of Fraunhofer AISEC.

In addition, the recordings will be published for follow-up coverage on our media platforms such as LinkedIn, Instagram, YouTube, or our website. This processing is necessary in particular to document our event and to promote future events.

Data processing is based on Art. 6(1)(f) of the GDPR. The purposes mentioned constitute legitimate interest within the meaning of the aforementioned provision.

The recordings will be stored for 2 years.

Furthermore, in the context of contract fulfillment, it may be necessary to transfer your personal data to an external event organizer. In connection with an event registration, you will be informed in such a case about who the organizer is and whether it is an external organizer. The organizer will process personal data in the context of the event and, in particular, for participant management.
 

c) When subscribing to a newsletter or other email distribution list

We offer various opportunities on our website to subscribe to a newsletter or press distribution list. Provided you have given your explicit consent in accordance with Article 6(1)(a) of the GDPR, we will use your email address to send you regular information based on your selection.

The topics and content of the information sent to you depend on the mailing list to which you have subscribed. You may voluntarily provide additional personal information (e.g., address and phone number). We use this data to contact you by phone or mail (e.g., for press invitations).

You will then receive a registration confirmation via email, which you must confirm in order to receive the newsletter (so-called double opt-in). This serves as proof to us that the registration was actually initiated by you.

You can unsubscribe at any time, e.g., via a link at the end of each newsletter. Alternatively, you are welcome to send your request to unsubscribe at any time by email to presse@aisec.fraunhofer.de.

Your email address will be deleted immediately after you revoke your consent to receive the newsletter.

We send our newsletter via the provider Positive Group Chemnitz GmbH, Schönherrstr. 8, 09113 Chemnitz (»Mailingwork«). The email addresses and data of our newsletter recipients are stored on Mailingwork’s servers in Germany on our behalf.

Mailingwork uses this information to send and analyze the newsletters on our behalf. We have entered into a data processing agreement with Mailingwork for this purpose. Through this agreement, Mailingwork assures us that it processes the data in accordance with the General Data Protection Regulation and ensures the protection of the data subject’s rights.

Mailingwork guarantees that personal data is comprehensively protected against unauthorized access. Mailingwork itself does not use the data of our newsletter subscribers to contact them directly or pass the data on to third parties. As a reputable email sender, Mailingwork is also certified by the Certified Senders Alliance.
 

d) When using the contact form for tenders

For inquiries regarding our tenders, we offer you the option to contact us via a form provided on the website. The following information is required:

  • Title
  • First and last name
  • Email address

We require your data to verify that the inquiry originates from a business and to be able to respond to and process it. Additionally, you may voluntarily provide your title, company name, department, address, phone number, fax number, and website. Processing is carried out exclusively for the purpose of handling your inquiry and will not be considered in any subsequent procurement process.

Data processing is carried out at your request and is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR in the context of responding to a contact request.

The personal data we collect when you use the contact form will be deleted once your request has been processed.
 

e) When using contact forms

We offer you the option to contact us via a form provided on the website. The following information is required:

  • Title
  • First and last name
  • Email address

We need your data to determine who the inquiry is from and to be able to respond to and process it.

Data processing is carried out at your request and is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR in the context of responding to a contact request.

The personal data we collect when you use the contact form will be deleted once your request has been processed.
 

f) Fraunhofer Location Map (OpenStreetMap)

We embed map data from OpenStreetMap on our website at www.maps.fraunhofer.de. OpenStreetMap is a project of the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands B72 1JU, United Kingdom, which collects freely usable geodata and makes it available in a database for free use.

When you visit the website, no connection to the OpenStreetMap servers is initially established. Instead of the embedded map, you will initially see only a preview image, which we retrieve from our web server.

Any subsequent interactions on this website (such as searching for an institution, region, continent, or organizational unit) will establish a connection to the OpenStreetMap Foundation’s servers and transmit data to the OpenStreetMap Foundation in order to display embedded maps. For more information on data protection in connection with OpenStreetMap, please refer to the privacy policy of the OpenStreetMap Foundation.

When establishing a connection to display the maps, the following data is transmitted to OpenStreetMap servers:

  • IP address,
  • browser and device used,
  • operating system,
  • the webpage from which you were redirected to the OpenStreetMap Foundation website (referring webpage), and
  • the date and time of your visit to the website.

If you have a user account with OpenStreetMap and are logged in there when visiting our website, the following additional data is transmitted to OpenStreetMap’s servers:

  • User ID,
  • email address associated with your account, and
  • content blocked by the user and associated messages.

The integration is based on Art. 6(1)(f) of the GDPR. This is done to make our website more user-friendly and interesting. This constitutes a legitimate interest within the meaning of the aforementioned provision.

You can prevent any data transfer to OpenStreetMap’s servers by disabling JavaScript in your browser. In this case, however, you will not be able to use the map display.

Further information on data protection in connection with OpenStreetMap can be found here.

3. Disclosure of Personal Data to Third Parties

Except in the cases mentioned above (registration for events, subscription to a newsletter), we will only disclose your personal data to third parties if:

  • you have given your explicit consent in accordance with Art. 6(1)(a) GDPR,
  • this is necessary for the performance of a contract with you in accordance with Art. 6(1)(b) GDPR,
  • there is a legal obligation to do so pursuant to Article 6(1)(c) of the GDPR.

If personal data is transferred to a third country (outside the EU) or an international organization, this is specifically excluded.

4. Web Analytics via Leadlab (Wiredminds GmbH)

We use the Leadlab service from Wiredminds GmbH and its tracking pixel technology on our website to analyze user behavior and optimize our site accordingly. In particular, the service allows us to identify which companies have visited our site. We do not receive any information that directly identifies you.

In connection with the use of Leadlab, tracking pixels are employed to enable a statistical analysis of how visitors use this website. Wiredminds processes this information using a pseudonym in a usage profile for the purpose of analysis and anonymizes it as much as possible.

The data obtained in this process is not used to personally identify you without your separate consent, and the data is not merged with personal data about you as the holder of the pseudonym.

To the extent that IP addresses are collected, they are anonymized immediately after collection by deleting the last block of numbers.

Information on data protection at Wiredminds can be found on their website.

Data processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in optimizing our online offerings and our website. Wiredminds processes the data on our behalf, and we have entered into a data processing agreement with Wiredminds. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation and guarantees the protection of the rights of data subjects.

5. Social Plugins

We use so-called social media buttons (also known as social media plugins) on our website. These are small buttons that allow you to share content from our website on social networks via your profile.

If you click on such a button, a connection is established between our website and the social network. In addition to the relevant content, the operator of the social network receives further information, some of which is personal. This includes, for example, the fact that you are currently visiting our site.

The social media buttons are integrated using the so-called Shariff solution. This solution, developed by Heise and c’t, prevents a connection from being established with a social network simply because you visit a page with a social media button without activating it. This means that information is only transmitted to the social network when you use the button.

We use the following social media plugins:

a) Meta Platforms Ireland Limited: Share on Facebook

In some cases, information is transmitted to the parent company Meta Platforms Inc., based in the U.S., to other Meta companies, and to external partners of Meta, all of which may be located outside the European Union. Meta uses standard contractual clauses approved by the European Commission for this purpose and relies on the adequacy decisions issued by the European Commission regarding certain countries.

For information on the purpose and scope of data collection, as well as the further processing and use of data by Facebook, and your rights and privacy settings in this regard, please refer to Meta’s Privacy Policy.

b) X Internet Unlimited Company (formerly Twitter): Sharing on X

In some cases, information is transferred to the parent company X Corp., based in the U.S., to other X companies, and to external partners of X, all of which may be located outside the European Union. X uses standard contractual clauses approved by the European Commission for this purpose and relies on your consent.

You can find more information at X’s privacy policy.

c) NEW WORK SE (formerly XING SE): Sharing on Xing

In some cases, information is transferred to other NEW WORK companies and to external partners of NEW WORK, which may be located outside the European Union. NEW WORK uses Standard Contractual Clauses approved by the European Commission or other appropriate safeguards in accordance with Art. 46 of the GDPR for this purpose and relies on the adequacy decisions issued by the European Commission regarding certain countries as well as your consent.

For information on the purpose and scope of data collection, as well as the further processing and use of data by NEW WORK, and your related rights and settings options for protecting your privacy, please refer to the XING Privacy Policy.

d) LinkedIn Corporation: Sharing on LinkedIn

In some cases, information is transferred to the parent company LinkedIn Corporation, based in the U.S., to other LinkedIn companies, and to external partners of LinkedIn, all of which may be located outside the European Union. LinkedIn uses standard contractual clauses approved by the European Commission for this purpose.

For more information on data protection at LinkedIn, please refer to their Privacy Policy.

6. YouTube

We embed videos from the »YouTube« video portal, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: »Google«), on our website. This is done in accordance with Art. 6(1)(f) of the GDPR, whereby our interest lies in the seamless integration of the videos and the resulting appealing design of our website.

In doing so, we use the »enhanced privacy mode« option provided by Google.

When you visit a page that contains an embedded video, a connection is established with Google’s servers, and the content is displayed on the website by being transmitted to your browser.

According to Google, in »enhanced privacy mode«, your data – specifically which of our web pages you have visited as well as device-specific information, including your IP address – is only transmitted to the YouTube server in the U.S. when you watch the video. By clicking on the video, you consent to this transmission.

If you are logged into Google at the same time, this information will be associated with your YouTube account. You can prevent this by logging out of your account before visiting our website.

In some cases, information is transmitted to the parent company Google Inc., based in the U.S., to other Google companies, and to external partners of Google, all of which may be located outside the European Union. Google uses standard contractual clauses approved by the European Commission for this purpose and relies on the adequacy decisions issued by the European Commission regarding certain countries.

For more information on data protection in connection with YouTube, please refer to the Google Privacy Policy.

7. Data Subject Rights

You have the right:

  • pursuant to Art. 7(3) GDPR, to withdraw your consent at any time. As a result, we may no longer continue processing data based on this consent in the future;
  • pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as information regarding the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details;
  • to request, pursuant to Art. 16 GDPR, the immediate rectification of inaccurate personal data or the completion of your personal data stored by us;
  • to request the erasure of your personal data stored by us pursuant to Art. 17 GDPR, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims;
  • pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, provided that you contest the accuracy of the data, the processing is unlawful but you oppose its erasure and we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transmission of such data to another controller; and
  • pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority at your usual place of residence or workplace, or at our company headquarters.

8. Information Regarding Your Right to Object Under Article 21 of the GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) of the GDPR (data processing in the public interest) and Article 6(1)(f) of the GDPR (data processing based on a balancing of interests); this also applies to profiling based on this provision under Article 4(4) of the GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

If your objection is directed against the processing of data for the purpose of direct marketing, we will cease processing immediately. In this case, it is not necessary to specify a particular situation. This also applies to profiling, insofar as it is related to such direct marketing.

If you wish to exercise your right to object, simply send an email to presse@aisec.fraunhofer.de.

9. Data Security

All data you personally transmit is encrypted using the standard and secure TLS (Transport Layer Security) protocol. TLS is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure TLS connection by the “s” appended to “http” (e.g., https://..) in your browser’s address bar or by the lock icon at the bottom of your browser.

We also employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

10. Validity and Changes to This Privacy Policy

This Privacy Policy is currently valid and is effective as of March 2026.

Due to the further development of our website and the services offered through it, or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. You can access and print the most current version of this Privacy Policy at any time on our website at Data Protection - Fraunhofer AISEC