Name and contact details of the person responsible
bidt – Bavarian Research Institute for Digital Transformation
An institute of the Bavarian Academy of Sciences
Tel. +49 89 540 235 640
Contact details for the data protection officer
Our data protection officer can be reached at:
Official data protection officer of the bidt –
Bavarian Research Institute for Digital Transformation
– confidentially –
Phone: +49 89 608 076 00
Aims of, and legal basis for, the processing of personal data
The purpose of the data processing is to fulfil the official responsibilities assigned to us by the legislature – in particular, to inform the public.
Unless otherwise stated, the legal basis for the processing of personal data is derived from Art. 4 para. 1 of the Bavarian Data Protection Act (BayDSG) in conjunction with Art. 6 para. 1 subpara. 1 (e) of the General Data Protection Regulations (GDPR), in accordance with which we are permitted to process data to the extent necessary to meet our obligations.
Recipients of personal data
Our data processing systems are operated by the Leibniz-Rechenzentrum (LRZ), Boltzmannstraße 1, 85748 Garching.
If necessary, your data will be transferred to supervisory and/or auditing authorities for checking.
In the event of electronic transmission, and in order to avert IT security risks, data may be forwarded to the State Office for IT Security and processed there on the basis of Art. 12 ff. of the Bavarian E-Government Act.
Duration of storage of personal data
Your data will be stored only for as long as is necessary for the fulfilment of our responsibilities in compliance with legal retention periods.
Insofar as we process your personal data, you have the following rights:
- You have the right to information about the data stored about you (Art. 15 GDPR).
- Should your personal data be inaccurate, you have the right to have it corrected (Art. 16 GDPR).
- If the legal requirements are met, you can request the deletion of your data or the restriction of processing (Art. 17 and 18 GDPR).
- If you have consented to the processing or if a contract for data processing exists and the data processing is carried out using automated procedures, you may have a right to data transferability (Art. 20 GDPR).
- If you have consented to the processing and the processing is based on this consent, you can revoke your consent at any time with future effect. The legality of the data processing carried out on the basis of consent prior to revocation shall remain unaffected.
If your data is processed exclusively on the basis of Article 6 paragraph 1 letter e or f GDPR (Article 21 paragraph 1 sentence 1 GDPR), you have the right to object at any time, on grounds of your personal circumstances, to the processing of your data.
Right of appeal to the supervisory authorities
You also have the right to complain to the Bavarian State Commissioner for Data Protection at:
Postal address: Postfach 22 12 19, 80502 Munich
Street address: Wagmüllerstr. 18, 80538 Munich
Tel. +49 89 212 672 0
Fax: +49 89 212 672 50
For further information on the processing of your data and on your rights, please contact us at the above addresses.
Information about this website
Our web server is operated by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany, who therefore process on our behalf the personal data you provide when visiting our website.
When you access this or other pages of our website, you transmit data to our web server via your Internet browser. During an ongoing connection for communication between your Internet browser and our web server, the following data are recorded:
- IP address of the user
- Directory protection user
- Pages accessed
- Status code
- Data volume
- User Agent
- Host name
IP addresses are anonymised at domain level so that they cannot be linked to individual users. Anonymised IP addresses are kept for sixty days. Information on the directory protection user is anonymised after one day.
Error logs, which record incorrect page views, are deleted after seven days. In addition to the error messages, these logs contain the accessing IP address and, depending on the error, the website accessed.
Access via FTP is logged with anonymised information on username and IP address and kept for sixty days.
The mail logs for sending e-mails from the web environment are anonymised after one day and then retained for sixty days. During the anonymisation, all data regarding the sender/recipient etc. is removed. Only data on the time of sending and information on how the e-mail was processed (queue ID or not sent) are retained.
Mail logs for mail sent via our mail servers are deleted after four weeks. The longer retention period is necessary to ensure the functionality of mail services and prevent spam.
This website uses Borlabs Cookie, which sets a technically required cookie (Borlabs Cookie) to store your consent to cookies. The Borlabs Cookie does not process any personal data.
The cookie stores the consent that you have given when you accessed the website. If you would like to revoke these consents, simply delete the cookie from your browser. When you revisit/reload the website, you will be asked again for your consent to cookies.
Integration of YouTube videos and social plugins
When you visit our website, additional services from YouTube and social plugins (e.g. LinkedIn) are offered via a two-click process. When the website is first accessed, no data are transmitted to the operators. Only after users have agreed to the LinkedIn logo by clicking on it in the opt-in procedure will data (including the URL of the page you are on and your IP address) be transmitted to the operator, including for subsequent visits. As a user, you can therefore decide for yourself whether to use these services and whether your data are transferred. You can revoke this consent at any time and stop further data transmission to the operators by clicking on the relevant link on the homepage (opt-in procedure).
Integration of YouTube videos
Videos from the external video platform YouTube are integrated into our website. By default, only deactivated images, which do not establish an automated connection with YouTube’s servers, are embedded from YouTube. This means that the operator does not receive any data from the user when the user accesses the websites.
You can decide for yourself whether to activate YouTube videos. Only when you approve the playing of videos by clicking on “Permanent activation” do you give your consent for your data (including the Internet address of the page you are on and your IP address) to be transmitted to the operator.
In order to save the settings you request, we will create a cookie that stores parameters. However, when these cookies are set, no personal data are stored by us; they contain only anonymised data for browser adjustment. The videos are then active and you can play them. If you wish to deactivate the automatic loading of YouTube videos, you can untick the consent box under the data protection symbol. This will also update your cookie settings.
YouTube is a service provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google Inc. 1600 Amphitheater Parkway, Mountainview, California 94043, USA. For more information on the purpose and scope of data processing (including outside the EU and the US) and information on options for protecting your privacy, please refer to the data protection statement at https://policies.google.com/privacy?hl=en&gl=en. Google processes your personal data in the US (and elsewhere) and has therefore complied with the EU-US Privacy Shield.
Integration of Google Maps
We integrate Google Maps in such a way that data are not automatically sent to Google. On our events page, there is a link to Google Maps. If you click on the Google Maps logo, a new browser window will open and you will find the venue on a Google map.
Evaluation of user behaviour (web tracking systems; coverage measurement) | Use of Matomo (formerly PIWIK)
To design our website in line with requirements, we use the Matomo works analysis tool to evaluate user behaviour. Your IP address is first anonymised and then evaluated by us. You can deactivate this function by adjusting your browser settings.
You can decide whether a unique web analysis cookie can be stored in your browser to enable the operator of the website to collect and analyse various statistical data.
To opt out, click the following link to place the Matomo deactivation cookie in your browser.
Information on processing operations
If you send us application documents, we will use this personal data solely to meet your wishes and requirements and to process your application. Personal data will be shared only within the bidt, only with persons involved in the application process and only as part of the application process.
We will use and store your data only as long as is strictly necessary for the processing of your application. Our right to use data to establish an employment relationship is based on Art. 6 para. 1 para. 1 (b) GDPR. As part of the application procedure, we also process special categories of personal data. The legal basis for this is Art. 9 para. 2 (b) and (h) GDPR, Art. 88 para. 1 GDPR and Art. 8 para. 1 sentence 1 nos. 2 and 3 BayDSG. Applicant data will be deleted at the end of the procedure (i.e. six months after the acceptance or rejection of the application). We comply with the time limits for bringing an action before the employment courts, as we always have to consider the possibility of impending proceedings.
Newsletter, orders of publications
You can receive our newsletter on a regular basis. For this purpose, we need your email address. Otherwise, we cannot send you the newsletter. So that we can address you personally in our newsletters, we also need your first and last name. The aforementioned data will be stored for mailing the newsletter and be processed solely for the purpose of the mailing.
If you sign up for our newsletter distribution list, we will send you a link and ask you to confirm the entered email address in the so-called double-opt-in procedure to ensure that it is in fact your correct email address.
Only after clicking on the confirmation link will your name be added to our distribution list. We will store your registration, specifically the registration and confirmation time and date, in order to be able to prove if necessary that you have subscribed to our newsletter.
To be able to understand what contents are interesting to our newsletter subscribers, statistics are gathered of which subscribers have opened the newsletter and which subscribers have clicked on links in the newsletter. Thus, we gather open and click rate statistics. If you subscribe to our newsletter, you expressly consent to this statistics data gathering by registration and confirmation in the double-opt-in procedure (Art. 6 (1) lit. a) in conjunction with Art. 7 GDPR). Unfortunately, you cannot use our newsletter without this consent.
You can stop receiving the newsletter at any time by sending us a formless email to email@example.com or simply by clicking on the unsubscribe link contained in the newsletter. Your email address will then be deleted from the newsletter distribution list.
At this time, we are not using any contracted data processors for the management and mailing of newsletters, but a service, namely the WordPress plugin Mailpoet, which is installed locally on our servers.
You can register for events via our website, in which case the legitimacy of our data processing is based on Art. 6 Par. 1 (b) and (e) GDPR. We will use your data solely for the purpose of the event and will not share it with any third parties. However, we may be obliged by law to disclose your data to third parties (e.g. as part of an inspection process).
We store the data you provide when registering for a maximum of two years and allow us to invite you to follow-up events, provided we have not received any objection from you. If we are obliged to store documents for tax reasons, we can only delete relevant data, including personal data, after a period of ten years.
For registration for bidt events, we have commissioned contractors to process your data solely in accordance with our instructions and not for their own purposes. We currently use the following contractor for event management: eveeno, Andreas Bothe, Ellenbogen 8, D-91056 Erlangen.
eveeno is an event management platform that enables event organisers to organise events and sell tickets.
Video conferencing by Zoom
In order to hold virtual events or video conferences per online meeting or webinar (hereinafter referred to collectively as “video conferences”), we require suitable technologies. We have evaluated various providers and found that the services offered by certified EU providers are not suitable for reliably holding video conferences. However, the US provider of Zoom does offer us the appropriate technology. Zoom is a service operated by Zoom Video Communications, Inc., a business located at 805 Broadway Street Suite 800 Vancouver, WA 98660, USA.
We use Zoom in what is referred to as the ‘EU Cluster’. This means that the entire account we use to hold video conferences is located in the EU. Not only is the data centre region for the video conferences in the EU, but all the data processing also takes place exclusively in the EU.
You do not need your own Zoom license to take part in our video conferences. You receive your access link from us by email in advance of a video conference. Simply clicking on the link is all you need to do to take part in the video conference. However, to do so, you also have to provide details of your name and email address at least. You can also use a nickname in this case if you so wish. You can only join a video conference after providing a name and email address.
If you take part in one of our video conferences, we process the name and email address you provide as part of the process. We also process information about the duration of the video conference. Moreover, the scope of the data we process also depends on the information you provide in advance (e.g. in your personal Zoom profile or when participating without registering) or when taking part in (e.g. in the chat or Q&A section) a video conference.
We use Zoom to hold video conferences. If we want to record individual video conferences, we will tell you clearly up front and – if necessary – ask for your consent. The fact that we are recording is also displayed in the actual application. In this case, we may also process questions asked by participants for the purpose of recording and following up on video conferences.
If we do we record a video conference, we process the following data: the MP4 file of all video, audio and presentation recordings, the M4A file of all audio recordings and the text file of the chat.
If you do not connect over a browser but instead by telephone, we process the information on the incoming and outgoing telephone number, the country name plus the time when your participation started and ended.
If we provide you with the option of using the chat, question or survey features in a video conference, we process the text submissions you make in order to display and, if necessary, log them into the video conference. If we hold an interactive video conference and give you the option to view the video and listen to the audio, the data from the microphone and any video camera on your device will be processed accordingly for the duration of the video conference. You can switch off the camera or microphone yourself at any time in the application.
If you are registered as a user with Zoom, reports about video conferences (metadata, telephone connection data, questions and answers in video conferences, survey function in video conferences) can be stored with Zoom for up to one month. An option for software-based “attention monitoring” (“attention tracking”) is available in Zoom, but this is permanently disabled.
Purpose and legal basis
Processing your data serves exclusively for holding the virtual event, i.e. the video conference. The legal basis for processing the data processed in the course of participating in one of the video conferences we organise is formed by Art. 6 (1) (f) GDPR.
Your data is not disclosed or transferred to third parties. As a matter of principle, your data is not transferred to the USA or any other third country.
By means of a data processing agreement and via the conclusion of EU standard contractual clauses owing to the third-country transfers that cannot be ruled out, Zoom is obliged to process your data within the bounds of our instructions only and not for its own purposes. This means that Zoom processes the data provided for the purpose of providing the service, i.e. for holding the video conference and if support is provided, in compliance with the applicable data security measures as a processor within the meaning of Art. 28 GDPR on our behalf and guarantees the level of protection by using the standard data protection clauses, including the data transfer impact assessment which has been conducted.
You can find more information about how Zoom works here.
As a participant in our video conferences, your data, and in particular the name and email address you provide and the amount of time you spend in a video conference, are not stored.
You are free to stop taking part in the video conference at any time.
- As part of our press and public relations work, photos are taken at events and on dates where you may be personally recognisable.
- To opt out of such recording and publication, please contact us at the addresses provided above.
Participation in surveys
If you participate in surveys, we will generally not transfer your personal data to third parties. However, we may be subject to statutory duties to disclose your data to third parties – e.g. in the course of audits.
We prepare surveys where we do not send any personalised invitations for participation or process data of external participants in order to satisfy the task in the public interest that has been assigned to us (Art. 4 (1) BayDSG [Bavarian Data Protection Act], Art. 6 (1) lit. e), (2) GDPR). If we write to you specifically to draw your attention to our offer for participating in a survey, our initiation of contact with you is based on the consent you have given us for this purpose (Art. 6 (1) lit. a) GDPR). If we ask you specifically to enter personal data in surveys, we will point this out explicitly and ask you separately for your consent before you participate (Art. 6 (1) lit. a) GDPR).
We generally design our surveys so that no conclusions as to the identity of individuals can be drawn in the course of the analysis and potential publication (de facto anonymous data). This means that it is not possible without disproportionate effort to trace back the data to you personally based on the information you have provided and in consideration of the additional knowledge of the person with authorised access. The selected employees have no access to data that would permit them to attribute the data to specific persons. Please ensure that the information you provide, e.g. in free text fields, does not contain any data that could permit conclusions as to your identity or the identities of third parties. Participation in surveys per se and the provision of information in the course of the survey is voluntary in all cases.
We have placed so-called data processors under obligations in contracts for the performance of online surveys to process your data exclusively according to our instructions and specifically not for their own purposes. At this time, we use the following services for surveys:
- LimeSurvey GmbH, survey services & consulting, Papenreye 63, 22453 Hamburg / Germany
- Lamano GmbH & Co. KG, Frankfurter Allee 69, 10247 Berlin / Germany
Participation in live surveys during our events
During our events, we conduct live surveys. The surveys are conducted via Mentimeter. Mentimeter is a web-based survey tool of the Swedish provider Mentimeter AB, with a business address in Tulegatan 11, SE-113 86 Stockholm in Sweden. Mentimeter processes the survey data on our behalf and according to our instructions inside of the European Union (EU).
Participation in surveys is voluntary and anonymous
Participating in our surveys is voluntary. This first of all means that it is up to you whether or not you use Mentimeter without any drawbacks being created for you by your choice.
The survey is anonymous, so there is no possibility that the answers can be traced back to you – be it directly or by means of additional measures.
No registration or input of personal data required
Neither registration nor the input of personal data is required for the use of Mentimeter. However, if you do so, this is voluntary. That is because you can also use Mentimeter for the intended purpose without entering personal data.
No responsibility for the processing of your IP address
We would like to inform you that we are not responsible under data protection laws for the processing of your IP address as part of using Mentimeter. Your participation in our surveys is voluntary. By using a suitable VPN connection, you can prevent the processing of your IP address.
You can find information about data protection and data security in the use of Mentimeter at the following link: https://www.mentimeter.com/privacy. We point out that in the surveys conducted by us, Mentimeter also integrates tracking tools of providers with domiciles outside of the European Union or the European Economic Area. It can therefore not be ruled out that your IP address will be processed in a so-called third country and that your rights could be restricted for this reason, and that the protection level might not conform to the requirements in Europe, especially as concerns the enforcement of your rights against measures by the executive branch of government.
Cooperation via the digital pinboard during our events
In the course of our events, we also use among others the digital pinboard Padlet. The tool can be used via a browser and apps for tablets for smartphones. Padlet runs completely online in the process. Besides the ability to record a multitude of media (text, audio, pictures, videos, drawings, links,…) it also offers the possibility of synchronous collaboration. This means, multiple persons can work on one Padlet at the same time.
Padlet is headquartered in San Francisco, California (USA) and Singapore.
The collaboration in the course of our events via the digital pinboard is voluntary and anonymous. This first of all means that it is up to you whether or not you use Padlet without any drawbacks being created for you by your choice.
Neither registration nor the input of personal data (photos, voice messages, names, etc.) is required for the use of Padlet in the course of our events. However, if you do so, this is voluntary. That is because you can also use Padlet for the intended purpose without entering personal data.
During the use, Padlet processes data about your end device, including the IP address, browser type and operating system, which could enable third parties to identify you via the services used by Padlet. The same also applies to data flows received from the contents of a Padlet that are integrated from external sources. We would like to inform you that we are not responsible under data protection laws for the processing of your traffic data as part of using Padlet. Your participation is voluntary. By using a suitable VPN connection, a brave browser, the mobile browser of DuckDuckGo or the related Google Chrome plugin, you can prevent the processing of your traffic data (e.g. IP address).
You can find information about data protection and data security in the use of Padlet at the following link: https://padlet.com/about/privacy. We further point out that in the pinboards integrated by us, Padlet also embeds tracking tools of providers with domiciles outside of the European Union or the European Economic Area.
Participation in live streaming of conferences with a chat feature
In the course of certain events, we integrate the online streaming platform of Vimeo.com, Inc., 555 West 18th Street, New York 10011, USA (hereinafter: Vimeo) on our conference page whereby we can also offer the live chat feature to the online conference participants.
Vimeo is headquartered in the USA, so access by US authorities to the data transmitted to Vimeo cannot be ruled out. We point out that no protection level comparable to that of the GDPR applies, among others, due to the limited possibilities for rights protection against access by authorities.
The use of the chat feature of Vimeo is voluntary and therefore requires your consent to the use of the Vimeo services. This first of all means that it is up to you whether or not you use the chat feature without any drawbacks being created for you by your choice.
Neither registration nor the input of personal data (real names) is required for the use of the chat feature in the course of our events. However, if you do so, this is voluntary. That is because you can also use the chat feature for the intended purpose without entering personal data. During the use, Vimeo also processes, besides the name entered by you, data about your end devices such as the IP address, browser type, and operating system, which could make you identifiable. We would like to inform you that we are not responsible under data protection laws for the processing of your traffic data as part of using Vimeo. Your participation is voluntary. By using a suitable VPN connection or a suitable browser, you can prevent the processing of your traffic data (e.g. IP address).
You can find information about data protection and data security in the use of Vimeo at the following link: https://vimeo.com/privacy. If you use the chat feature of Vimeo, we will process the contents of your chat messages. If they are not addressed to our moderators directly, these can also be viewed by other conference participants. The chat history of the event days will be deleted at the end of each event day.
Last updated: 05-25-2023