The controller within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
fortiss GmbH
State Research Institute of the Free State of Bavaria for Software-Intensive Systems
Guerickestraße 25
80805 Munich
Germany
Phone: +49 89 3603522 0
Fax: +49 89 3603522 50
E-mail: info@fortiss.org
You can exercise the following rights at any time using the contact details provided by our data protection officer:
Information about your data stored by us and its processing (Art. 15 GDPR),
Rectification of inaccurate personal data (Art. 16 GDPR),
Deletion of your data stored by us (Art. 17 GDPR),
Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
Objection to the processing of your data by us (Art. 21 GDPR) and
Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR).
If you have given us your consent, you can revoke it at any time with effect for the future.
You may at any time lodge a complaint with a supervisory authority, such as the competent supervisory authority of the federal state of your residence or the competent authority for us as the responsible body.
A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
Promenade 18
91522 Ansbach
Postal address:
P.O. Box 1349
91504 Ansbach
Phone: 0981/180093-0
E-Mail: poststelle@lda.bayern.de
Type and purpose of processing:
When you access our website, i.e. if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.
In particular, they are processed for the following purposes:
Ensuring that the website can be connected without any problems,
Ensuring a smooth use of our website,
Evaluation of system security and stability as well as
to optimize our website.
We do not use your data to draw conclusions about your person. Information of this kind may be collected by us. anonymized statistically evaluated in order to optimize our website and the technology behind it.
Legal basis and legitimate interest:
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
Receiver:
The recipient of the data is STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, which acts as a processor for the operation of our website.
Third country transfer:
For more information, please refer to the listings of the individual display, tracking, remarketing and web analytics providers.
Storage period:
The data will be deleted as soon as they are no longer required for the purpose of collection. This is generally the case for the data used to provide the website when the respective session has ended; unless a security-related event occurs (e.g. a DDoS attack).
In the event of such an event, server log files are stored until the safety-relevant event has been eliminated and fully clarified.
Provision required or required:
The provision of the aforementioned personal data is not required by law or contract. However, without this data, the service and functionality of our website is not guaranteed. In addition, individual services may not be available or restricted.
Like many other websites, we also use so-called "cookies". Cookies are small text files that are stored on your device (laptop, tablet, smartphone or similar) when you visit our website.
You can delete individual cookies or the entire cookie inventory. In addition, you will receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you will find the necessary information under the following links:
Type and purpose of processing:
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page has changed.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
We need cookies for the following applications:
Legal basis and legitimate interest:
In this respect, data processing is carried out solely on the basis of our legitimate interest in improving the stability and functionality of our website as well as ensuring system security and misuse detection and in documenting consent in accordance with Art. 6 (1) (f) GDPR.
Receiver:
The recipients of the data are rexx Systems GmbH, Süderstraße 75-79, 20097 Hamburg, which is responsible for the operation of our career website, and STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, which is responsible for the operation of our website, who act as processors.
Provision required or required:
The provision of the aforementioned personal data is not required by law or contract. However, without this data, the service and functionality of our website is not guaranteed. In addition, individual services may not be available or restricted.
Contradiction:
Read the information about your right to object under Art. 21 GDPR below.
Storage period and cookies used:
If you allow us to use cookies through your browser settings or consent, the following cookies may be used on our websites:
www.fortiss.org
Name | Purpose | Expiry | Type | Provider |
cookieConsent | Stores your consent to the use of cookies. | 1 Year | HTML | Website |
recruitment.fortiss.org
Name | Purpose | Expiry | Type | Provider |
cookieconsent_status | Stores your consent to the use of cookies. | 1 Year | HTML | REXX |
_pk_ses.632.6e9a | Short-term cookie to store temporary data of the visit. | 30 Minutes | REXX | |
_pk_id.632.6e9a | Used to store a few details about the user such as the unique visitor ID. | 13 Months | REXX | |
sid | Stores an anonymous visitor ID to assign requests sot the same session. | 60 Minutes | HTML | REXX |
Type and purpose of processing:
Furthermore, we use cookies to better tailor the offer on our website to the interests of our visitors or to generally improve it on the basis of statistical evaluations.
To find out which providers set cookies, please refer to the information below on the display, tracking, remarketing and web analysis technologies used.
Legal basis:
In this respect, data processing is carried out solely on the basis of our legitimate interest in a user-friendly design of our website and in the documentation of consent in accordance with Art. 6 (1) (f) GDPR.
Receiver:
For the recipients, please refer to the information below on the display, tracking, remarketing and web analysis technologies used.
Third country transfer:
For more information, please refer to the listings of the individual display, tracking, remarketing and web analytics providers.
Provision required or required:
Of course, you can also view our website without cookies and the provision is voluntary. Web browsers are regularly set to accept cookies. In general, you can disable the use of cookies at any time through the settings of your browser (see Withdrawal of consent).
Please note that individual features of our website may not work if you have disabled the use of cookies.
Withdrawal of consent:
You can withdraw your consent at any time via our cookie consent tool.
Profiling:
To what extent we analyse the behaviour of website visitors with pseudonymised user profiles, please refer to the information below on the display, tracking, remarketing and web analysis technologies used.
Storage period and cookies used:
If you allow us to use cookies through your browser settings or consent, the following cookies may be used on our websites:
www.fortiss.org
Name | Purpose | Expiry | Type | Provider |
m2c_accepted_hosts | Stores your consent to the integration of external content | 1 Year | HTML | Webseite |
_pk_id | Used to store a few details about the user such as the univque visitor ID. | 13 Months | HTML | Matomo |
_pk_ref | Used to store the information of the user's website of origin. | 6 Months | HTML | Matomo |
_pk_ses | Short-term cookie to store temporary data of the visit | 30 Minutes | HTML | Matomo |
_pk_cvar | Short-term cookie to store temporary data of the visit | 30 Minutes | HTML | Matomo |
_pk_hsr | Short-term cookie to store temporary data of the visit | 30 Minutes | HTML | Matomo |
Type and purpose of processing:
Personal data that we only need to process your application will only be stored if you provide it to us voluntarily as part of your application. Your personal information and data will be collected, stored and used only for the intended purpose with the utmost care and integrity. The provisions of the Federal Data Protection Act are observed. In doing so, we only collect the data that is necessary in the course of your application to fortiss GmbH. However, other technically necessary data, such as the IP address, cookies, etc., are necessary for the use of the service and the functionality of the website and are stored by the data processor.
You agree to the processing and transmission of your data exclusively for the application process.
Legal basis:
The processing of the data entered during registration is based on the user's consent (Art. 6 para. 1 lit. a GDPR).
Receiver:
The recipient of the data is rexx Systems GmbH, Süderstraße 75-79, 20097 Hamburg, which acts as a processor for the operation of our career website.
Storage period:
The data will be deleted as soon as they are no longer required for the purpose of collection. Further information on data protection at rexx Systems GmbH can be found in the provider's privacy policy at: www.rexx-systems.com/datenschutz/
Provision required or required:
The provision of your personal data is voluntary, solely on the basis of your consent. Without providing your personal data, we will not be able to provide you with access to the content we offer.
Contradiction
Read the information about your right to object under Art. 21 GDPR below.
Type and purpose of processing:
To register for an event on our website, we require some personal data (salutation, title, first name, surname, company (optional), e-mail address), which is transmitted to us via an input mask. Your registration is required for the provision of certain content and services on our website. For this purpose, we use the CRM software from Salesforce, Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States. This software instance is operated in a Telekom data centre in Germany.
Legal basis:
The data entered during registration is processed on the basis of the user's consent (Art. 6 para. 1 lit. a GDPR).
Recipient:
The recipient of the data is curexus GmbH, Nordostpark 3, D - 90411 Nuremberg, in order to carry out maintenance and support for the Saleforce software instance as a processor.
Storage period:
Data will only be processed in this context for as long as the corresponding consent is available.
Provision prescribed or required:
The provision of your personal data is voluntary, solely on the basis of your consent. Without the provision of your personal data, we cannot grant you access to the content we offer.
Type and purpose of processing:
For the delivery of our newsletter, we collect personal data, which is transmitted to us via an input mask. For this purpose, we use the CRM software from Salesforce, Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States, whose software instance is operated in a Telekom data center in Germany in accordance with the Data Processing Adendum.
For effective registration, we need a valid e-mail address. You will then receive a confirmation of registration.
Legal basis:
On the basis of your explicit consent (Art. 6 para. 1 lit. a GDPR), we will regularly send you our newsletter or comparable information by e-mail to the e-mail address you have provided.
You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time with effect for the future. There is a corresponding link in every newsletter. In addition, you can also unsubscribe at any time directly on this website or inform us of your revocation via the contact option given at the end of this data protection notice.
Receiver:
The recipients of the data are curexus GmbH, Nordostpark 3, D - 90411 Nuremberg, Germany, in order to carry out the maintenance and support for the Saleforce software instance as a processor, and Salesforce, Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States.
Transfer to third countries:
The data collected may be used. transferred to the following third countries:
The following data protection guarantees are in place:
The transfer is based on an adequacy decision of the European Commission in accordance with Art. 45 GDPR. Salesforce Inc., as our processor, is certified under the EU-U.S. Data Privacy Framework (DPF) and is committed to upholding appropriate data protection standards. To learn more about Salesforce certification, visit: https://www.dataprivacyframework.gov.
In addition, a data processing agreement has been concluded with Salesforce in accordance with Art. 28 GDPR, which provides suitable guarantees for the protection of your data.
Storage period:
In this context, the data will only be processed as long as the appropriate consent has been obtained. After that, they will be deleted.
Provision required or required:
The provision of your personal data is voluntary, solely on the basis of your consent. Unfortunately, we cannot send you our newsletter without existing consent.
Withdrawal of consent:
You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time with effect for the future. The unsubscribe can be requested via the link contained in each e-mail or by contacting the Data Protection Officer or the person responsible for data protection listed below.
Type and purpose of processing:
As part of the cooperation with project partners, personal contact details (title, title, first name, last name, e-mail address, company and project reference, if applicable) are recorded and maintained in our CRM system. The data comes from direct professional exchange and is used for structured contact maintenance and communication in connection with joint projects.
If there is a legitimate interest in further cooperation – for example, because similar projects are planned or an ongoing professional exchange is to be expected – we process this data even after the conclusion of a specific project. This is done in strict compliance with data protection regulations, especially with regard to transparency, purpose limitation and data minimization.
For this purpose, we use the CRM software from Salesforce, Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States. This software instance is operated in a Telekom data center in Germany.
Legal basis:
Art. 6 para. 1 lit. f GDPR – legitimate interest in the structured maintenance of contacts with project partners and the initiation of joint research activities.
Receiver:
The recipients of the data are curexus GmbH, Nordostpark 3, D - 90411 Nuremberg, Germany, in order to carry out the maintenance and support for the Saleforce software instance as a processor, and Salesforce, Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States.
Transfer to third countries:
The data collected may be used. transferred to the following third countries:
The following data protection guarantees are in place:
The transfer is based on an adequacy decision of the European Commission in accordance with Art. 45 GDPR. Salesforce Inc., as our processor, is certified under the EU-U.S. Data Privacy Framework (DPF) and is committed to upholding appropriate data protection standards. To learn more about Salesforce certification, visit: https://www.dataprivacyframework.gov. A data processing agreement has been concluded.
Storage period:
The personal data will be stored for the duration of the respective project and for up to twelve months after its completion in order to carry out organizational and formal follow-ups. If no further contact or cooperation takes place within this period, the data will be deleted no later than twelve months after the last active use or communication, provided that no statutory retention obligations preclude deletion.
Provision required or required:
The provision of your personal data is necessary for the implementation of the cooperation as well as for communication within the framework of joint projects. Without this data, effective project management or contact is not possible. There is no legal obligation to make it available.
If you have given your consent, this website uses Matomo (formerly Piwik), an open source software for the statistical evaluation of visitor access. The provider of the Matomo software is InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.
If you have given your consent, Matomo uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of the website is stored on a server. We have configured Matomo so that no profiling takes place. Matomo is used for the purpose of improving the quality of our website and its content. This allows us to find out how the website is used and thus to constantly optimize our offer.
The IP address is anonymized immediately after processing and before it is stored by shortening the last two bytes.
You can find more information about the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.
Legal basis:
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Receiver:
The recipient of the data is Matomo or InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.
Storage period:
The data will be deleted or anonymised as soon as it is no longer required for our recording purposes.
Transfer to third countries:
The data collected may be used. transferred to the following third countries:
The following data protection guarantees are in place:
The transfer is based on an adequacy decision of the European Commission in accordance with Art. 45 GDPR. A data processing agreement has been concluded.
Withdrawal of consent:
You can revoke your consent to the storage and evaluation of your data by Matomo at any time via the link below. A so-called opt-out cookie is then stored on your device, which is valid for two years. As a result, Matomo does not collect any session data. Note, however, that if you delete all cookies, the opt-out cookie will be deleted.
You can also prevent the use of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
If you have given your consent, we embed videos from the provider YouTube on this website. The provider is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
If you have given your consent, a connection to YouTube's servers will be established when you access a page with an embedded YouTube video. Personal data such as your IP address, the time and the page visited may be transmitted. If you are logged in to your YouTube account, YouTube can assign this data to your personal profile. You can prevent this by logging out of YouTube before using the website.
When an embedded video is activated or played, YouTube may also use cookies or similar technologies to collect information about user behavior.
YouTube is integrated for the purpose of enhancing our website with multimedia content and providing you with relevant audiovisual information.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in the provider's privacy policy, where you will also find further information on your rights in this regard and setting options to protect your privacy (https://policies.google.com/privacy).
Legal basis:
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Receiver:
The recipient of the data is YouTube LLC or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Storage period:
We ourselves do not store any personal data in this context. For information on the storage period on YouTube, please refer to the provider's privacy policy.
Transfer to third countries:
The data collected may be used. transferred to the following third countries:
The following data protection guarantees are in place:
The transfer is based on an adequacy decision of the European Commission in accordance with Art. 45 GDPR. Google LLC is certified under the EU-U.S. Data Privacy Framework. For more information, please visit: https://www.dataprivacyframework.gov.
Withdrawal of consent:
The provider currently does not offer any option for a simple opt-out or blocking of data transmission. If you want to prevent tracking of your activities on our website, please revoke your consent for the relevant cookie category or any cookies and data transfers that are not technically necessary in the cookie consent tool. In this case, however, you may be able to use our website. or only to a limited extent.
Case-by-case right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Recipient of an objection
Data Protection Officer of fortiss GmbH
c/o activeMind AG
Potsdamer Str. 3, 80802 Munich
Phone: +49 (0)89 - 91 92 94 900
datenschutzbeauftragter@fortiss.org
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your return visit.
If you have any questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organization directly:
Data Protection Officer of fortiss GmbH
c/o activeMind AG
Potsdamer Str. 3, 80802 Munich
Phone: +49 (0)89 - 91 92 94 900
datenschutzbeauftragter@fortiss.org
The privacy policy was created with the help of activeMind AG, the experts for external data protection officers (version #2024-10-25).