Data privacy statement

Data privacy statement

Data protection information

according to article 13 and article 14 GDPR

We are pleased that you are visiting our website and that you are interested in us. The protection of your personal data, which we store on the occasion of your Internet visit, is important to us.

With the following information, we would like to inform you in general about the processing of your personal data by us, insofar as it arises when you visit our website, and inform you of your rights in this respect.

I. General data protection information

1. Responsible body

The responsible body is:

saaris – saarland innovation und standort GmbH 
Neumarkt 15
66117 Saarbrücken

Telephone: 0681 210 66 100
Fax: 0681 210 66 099
E-mail: info@saaris.saarland

Our data protection officer can be reached

by e-mail: datenschutzbeauftragter@saaris.saarland
or by letter at the postal address, with the addition “for the attention of the Data Protection Officer”.

2. Purposes and legal bases of processing

2.1 Automatically processed webserver data

When you visit our website, our web server automatically stores a range of log information. We evaluate this data for statistical purposes, for reasons of system security (e.g. to protect against misuse) and for error diagnosis. Automatically processed data include:

  • domain name or IP address of the requesting computer,
  • name of the called page,
  • access status (file transmitted, file not found, etc.),
  • operating system used,
  • language used and name of the Internet service provider,
  • time of the call,
  • transmitted data volume,
  • type and version of the browser used,
  • Internet page from which the file was called.

This data is only stored temporarily, which usually means 7 days and only longer in special problem situations until the problems are solved. The legal basis for the processing is Article 6 (1)(f) GDPR, because the functionality of the website is in the special interest of our company.

2.2 Cookies

Our website uses cookies. Cookies are small files that are stored by the Internet browser on the user’s terminal device. If a user calls up a website, a cookie can be stored on the user’s operating system and used when the website is called up again.

So-called session cookies are automatically deleted after you leave our website. All other cookies remain permanently stored on the user’s terminal device until the user deletes them himself or the Internet browser deletes them automatically.

Users have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Stored cookies can be deleted at any time. This can take place automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

Some of the cookies used are absolutely necessary to provide the service requested by the user. These include, for example, cookies for

  • the necessary session management (e.g. for login) and remembering the consent status,
  • user entries that extend over several online pages,
  • settings desired by the user that differ from the default settings (e.g. language),
  • security functions to prevent multiple user entries, for example.

The legal basis for the processing of these strictly necessary cookies is Article 6(1)(b) GDPR where a contract is involved and otherwise in our legitimate interest under Article 6(1)(f) GDPR; the legitimate interest here being to be able to securely provide the service requested by the user.

(Here, the actual cookies used are entered with their runtime)

Further information on cookies is presented below under the respective processing.

2.3 Consent manager

Our websites use a so-called consent manager if part of our processing requires consent. With the help of the consent manager, we store the consent status, i.e. whether a user has agreed, refused or not yet decided to process their personal data. We use cookies for this. This serves to be able to carry out the processing steps that are individually necessary due to the consent status in a targeted manner.

The legal basis for the consent manager’s processing operations is Article 6(1) (c) GDPR, as they are carried out for consent required by law, as well as our legitimate interest in the legally secure execution of processing operations requiring consent.

As a matter of principle, we only store the respective consent status for as long as is necessary for the purpose and then delete it automatically, unless further processing is required or permitted by law.

Users can change their consent status themselves at any time by clicking on “Cookie settings” at the bottom of the website and activating or deactivating the switch appropriate to the setting in question.

3. Processing security

In order to be able to operate our IT systems securely and to prevent misuse, we log accesses and other security-relevant personal data. We only use this log data for error diagnosis, security checks and to track misuse. The legal basis for this is Article 6(1)(f) GDPR; the legitimate interest lies in the secure provision of our Internet offer.

If you send us personal data, for example by e-mail or online form, this data is sometimes sent to us unencrypted. Therefore, we ask that you do not send us any special categories of personal data (e.g. health data) in this way; use secure channels such as the post or encrypted attachments for this purpose.

4. Recipients of your data

As a matter of principle, we only use your personal data internally. Recipients are the persons entrusted with the respective project implementation.

In addition, we have commissioned specialised service providers to support us in the operation of our IT applications, including, for example, web hosts, software providers, system administrators and data centre operators. They have access to personal data only to the extent strictly necessary for the provision of the services.

5. Deletion of data

We generally delete personal data when the purpose of the processing has been fulfilled, unless further processing is required or permitted by law.

Personal data that we receive via electronic communication (e.g. e-mails, online forms) are generally deleted when this communication with the user has been completed. A communication is closed when it is clear from the circumstances that the matter in question has been conclusively clarified.

If there are legal retention periods, we may only delete your data after these periods have expired. For example, the statutory retention periods are up to ten years for commercial and tax documents, and six years for contracts and business letters. There are further limitation periods of three to thirty years.

Insofar as the processing is based on consent, we delete as soon as the consent is revoked or we are requested to delete, unless there is another legal provision according to which the further processing is prescribed or permitted.

6. Is data transmitted to a third country?

As a matter of principle, we do not transfer personal data to countries outside the European Union.

7. Does automatic decision-making or profiling take place?

We do not operate any automatic decision-making or profiling.

8. Your rights

You have the right to information about the data stored about you at any time; in addition, you can demand the correction and deletion of your data under certain conditions.

In addition, you have a right to data portability and you may have a right to restrict the processing of your data. You also have the right to object to the processing of your data and to profiling in given circumstances. You also have the right to lodge a complaint with a data protection authority.

Consent given to us can be revoked at any time by sending an email to the email address provided in the legal information. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

II: Special processing

Web analysis tool Matomo (formerly Piwik)  

We use the open-source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. If individual pages of our website are called up, the following data is stored:

  1. Two bytes of the IP address of the calling user system
  2. The called website
  3. The website from which the user has reached the accessed website (referrer)
  4. The subpages that are accessed from the accessed website
  5. The time spent on the website
  6. The frequency of website calls

The software runs exclusively on the servers of our website. Personal data of the users is only stored there. Transfer to third parties does not take place

The software is set so that the IP addresses are not stored completely, but rather two bytes of the IP address are masked (ex: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.

The processing of users’ personal data enables us to analyse the reach of our website. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data pursuant to Article 6 (1)(f) GDPR.

The anonymisation of the IP address sufficiently takes into account the users’ interest in the protection of their personal data.

The data is deleted as soon as it is no longer required for our recording purposes.

Contact form  

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask together with metadata (e.g. IP address, time) are transmitted to us and processed.

The processing of the personal data from the input mask allows us to process the request for contact. The metadata is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of the data is Article 6 (1)(a) GDPR if the user has given his consent. If a contract is involved, this is based on Article 6 (1)(b) GDPR. Otherwise, Article 6 (1)(f) GDPR applies as the legal basis, whereby the legitimate interest of the company lies in the proper processing of communication data sent to it.

Contact by e-mail

The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6 (1)(f) GDPR; our legitimate interest lies in the proper handling of the request of the e-mail. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Article 6 (1)(b) GDPR.

Newsletter

On our website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us together with metadata (e.g. IP address, time).

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy. The data is used for sending the newsletter. The legal basis for the processing of data after registration for the newsletter is consent in accordance with Article 6 (1)(a) GDPR.

We have commissioned specialised service providers to carry out the newsletter mailing. We pass the collected data on to them.

The subscription to the newsletter can be cancelled at any time. For this purpose, there is a corresponding link in every newsletter.  

The personal data of subscribers are generally stored for as long as the subscription to the newsletter is active, and thereafter for 3 years for verification purposes.  

Application form

An application form is available on our website, which can be used for electronic applications. If a user takes advantage of this option, the data entered in the input mask is processed together with metadata (e.g. IP address, time).

The legal basis for processing the data is Article 6(1)(b) and Article 88 GDPR in conjunction with § 26 of the German Federal Data Protection Act (BDSG) for the implementation of pre-contractual measures. An additional legal basis is the company’s interest in safeguarding its legal interests pursuant to Article 6 (1)(f) GDPR; these consist in the proper handling of applications.

If a contract is concluded, the data is generally stored for up to 10 years after termination of the contractual relationship. If no employment relationship is established, the data is generally deleted six months after the process has been completed.

Registration forms for events

There are forms on our website that can be used to register for events. If a user takes advantage of this option, the data entered in the input mask is processed together with metadata (e.g. IP address, time).

The legal basis for the processing of data is Article 6 (1)(b) GDPR for the implementation of pre-contractual measures, if applicable consent according to Article 6 (1)(a) or Article 9 (2)(a) GDPR, and furthermore the legitimate interest of the company in the proper preparation and implementation of events according to Article 6 (1)(f) GDPR.

The data is generally deleted as soon as it is no longer required to achieve the purpose for which it was collected; this usually happens six years after the conclusion of the event, or ten years after the booking year in the case of tax-relevant data.

Sustainability quick-check

We process the personal data requested in the web form. The information marked with an “*” is absolutely necessary for your participation; without this information, an evaluation is not possible. All other information is voluntary.

The purpose of the processing is to provide targeted and individual advice to increase sustainable activities in companies. The legal basis for this is Article 6 (1) (b) (contract and initiation) and our legitimate interest, which lies in the efficient design of our project.

Internal recipients of the data are the employees responsible for the project, management and IT. 

External recipients are the funding bodies (State Chancellery of the Saarland; European Social Fund+; Ministry of Labour, Social Affairs, Women and Health) as well as involved advisory partners.

Personal data will be deleted 10 years after the end of the project. 

For the implementation of the project, we use the services of the IT service provider Microsoft. In the process, personal data is processed on Microsoft’s servers. Cookies will be placed on your computer by Microsoft. The legal basis for this processing is the consent given by clicking on the “Execute now” button. The legal situation regarding the use of Microsoft services is assessed inconsistently. Microsoft explains its privacy policy here.

Friendly Captcha

We use the “Friendly Captcha” tool to protect our website from misuse through spying, spam and hacker attacks. This tool analyzes data provided by your browser, such as IP address, referrer and time of visit. This data is anonymized and transmitted to Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. The legal basis for processing and forwarding is our legitimate interest in securing our website (Art. 6 para. 1 letter f GDPR). Further information about the tool can be found at https://friendlycaptcha.com/de/legal/privacy-end-users/

Last update: 22nd April 2024