Privacy policy

1. Overview of data protection

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.

For more detailed information on data protection, please refer to the full privacy policy provided below.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section “Information on the Data Controller” in this privacy policy.

How do we collect your data?

Some data is collected when you provide it to us. This may include, for example, data you enter into a contact form.

Other data is collected automatically, or with your consent, when you visit the website through our IT systems. This mainly includes technical data (e.g. your internet browser, operating system, or the time you accessed the page). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze user behavior.

What rights do you have regarding your data?

You have the right to request information, free of charge, about the origin, recipients, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you may withdraw your consent at any time with effect for the future. You also have the right to request the restriction of processing of your personal data under certain circumstances.

In addition, you have the right to lodge a complaint with the competent supervisory authority.

If you have any questions about data protection, you can contact us at any time.

Analytics and third-party tools

When visiting this website, your browsing behavior may be statistically analyzed. This is mainly done using so-called analytics programs.

Detailed information about these analytics tools can be found in the full privacy policy below.

2. Hosting

We host the content of our website with the following provider:

Mittwald

The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4–6, 32339 Espelkamp, Germany (hereinafter “Mittwald”).

For more details, please refer to Mittwald’s privacy policy: https://www.mittwald.de/datenschutz.

The use of Mittwald is based on Article 6 (1) (f) of the GDPR. We have a legitimate interest in ensuring the reliable and secure operation of our website. If consent has been requested, data processing is carried out exclusively on the basis of Article 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) as defined by the TTDSG. Consent can be withdrawn at any time.

3. General information and required disclosures

Data protection

We take the protection of your personal data seriously. Your data is treated confidentially and in accordance with applicable data protection laws and this privacy policy.

When you use this website, certain personal data is collected. Personal data refers to any information that can be used to identify you. This policy explains what data we collect, how we use it, and why.

Please note that data transmission over the internet (for example, via email) may not be completely secure. While we take appropriate measures to protect your data, complete protection against third-party access cannot be guaranteed.

Data controller

The party responsible for data processing on this website is:

Prof. Dr.-Ing. Peter Middendorf
Kepplerstraße 7
70174 Stuttgart

Phone: +49 711 685-0
E-mail: poststelle@uni-stuttgart.de

The data controller is the person or organization that determines how and why personal data is processed.

Data retention

Unless a specific retention period is stated in this policy, we keep your personal data only for as long as necessary to fulfill the purpose for which it was collected.

You may request the deletion of your data or withdraw your consent at any time. In such cases, your data will be deleted unless we are legally required to retain it (for example, due to tax or commercial regulations). Where such obligations apply, your data will be deleted once the retention period expires.

Legal basis for data processing

f you have given your consent, we process your personal data on the basis of Article 6 (1) (a) GDPR, and, where applicable, Article 9 (2) (a) GDPR for special categories of data.

If you explicitly consent to the transfer of your data to countries outside the EU, processing is also based on Article 49 (1) (a) GDPR.

Where you consent to the use of cookies or similar technologies (e.g. device fingerprinting), processing is also based on Section 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). You may withdraw your consent at any time.

We may also process your data:

  • to fulfill a contract or take steps prior to entering into a contract (Article 6 (1) (b) GDPR)
  • to comply with legal obligations (Article 6 (1) (c) GDPR)
  • based on our legitimate interests (Article 6 (1) (f) GDPR)

Further details on the specific legal basis for each case are provided in the sections below.

Data protection officer

We have appointed a data protection officer.

Heinrich Schullerer (Data Protection Officer at the University of Stuttgart)
Breitscheidstraße 2, 70174 Stuttgart

Phone: +49 711 685 83687
E-mail: datenschutz@uni-stuttgart.de

Notice on data transfers to third countries and non-certified U.S. providers

We use tools from companies based in countries that do not provide an adequate level of data protection under EU law, as well as tools from U.S. providers that are not certified under the EU–U.S. Data Privacy Framework (DPF).

If these tools are active, your personal data may be transferred to and processed in these countries. Please note that a level of data protection comparable to that in the European Union cannot be guaranteed in such cases.

We also note that the United States is generally considered a safe third country if the recipient is certified under the EU–U.S. Data Privacy Framework (DPF) or provides appropriate additional safeguards.

Further information on data transfers to third countries, including the recipients of your data, can be found in this privacy policy.

Recipients of personal data

As part of our operations, we work with various external partners. In some cases, this requires sharing personal data with these parties.

We only share personal data:

  • when it is necessary to fulfill a contract
  • when we are legally required to do so (e.g. with tax authorities)
  • when we have a legitimate interest under Article 6 (1) (f) GDPR
  • or when another legal basis permits the transfer

When we work with service providers (data processors), personal data is shared only on the basis of a valid data processing agreement. Where processing is carried out jointly, a joint controller agreement is put in place.

Withdrawal of your consent

Many data processing activities are only possible with your explicit consent. You may withdraw your consent at any time. The lawfulness of any data processing carried out before your withdrawal remains unaffected.

Right to object to data processing and direct marketing (Article 21 GDPR)

IF YOUR PERSONAL DATA IS PROCESSED ON THE BASIS OF ARTICLE 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE LEGAL BASIS ON WHICH ANY PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (RIGHT TO OBJECT PURSUANT TO ARTICLE 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING IN CONNECTION WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (RIGHT TO OBJECT PURSUANT TO ARTICLE 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory agency

If you believe that your data has been processed in violation of the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, place of work, or the place of the alleged infringement. This right applies without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to receive the personal data we process based on your consent or in the performance of a contract in a commonly used, machine-readable format. You may also request that this data be transferred directly to another controller, where technically feasible.

Access, correction, and deletion

You have the right, under applicable law, to obtain free information at any time about your stored personal data, including its origin, recipients, and the purpose of processing. You also have the right to request the rectification or erasure of this data. If you have any questions about your personal data, you can contact us at any time.

Right to restrict processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to exercise this right.

This right applies in the following cases:

  • If you contest the accuracy of your personal data, we may need time to verify this. During this period, you have the right to request restriction of processing.
  • If the processing of your personal data is unlawful, you may request restriction instead of deletion.
  • If we no longer need your data, but you require it to establish, exercise, or defend legal claims, you may request restriction instead of deletion.
  • If you have objected to processing under Article 21 (1) GDPR, a balance of interests must be carried out. Until it is determined whose interests prevail, you have the right to request restriction of processing.

If processing has been restricted, your personal data may – apart from being stored – only be processed with your consent or for legal claims, to protect the rights of another person, or for reasons of important public interest within the EU or a member state. Important public interest reasons cited by the European Union or a member state of the EU.

SSL/TLS encryption

For security reasons and to protect the transmission of confidential content – such as inquiries you send to us – this website uses SSL/TLS encryption. You can recognize an encrypted connection by the change in your browser’s address bar from “http://” to “https://” and by the lock icon in your browser.

When SSL/TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

4. Data collection on this website

Cookies

Our website uses so-called “cookies.” Cookies are small data files that do not cause any harm to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after your visit, while persistent cookies remain on your device until you delete them or your browser deletes them automatically.

Cookies may be set by us (first-party cookies) or by third parties (third-party cookies). Third-party cookies enable the integration of certain services provided by external providers (e.g. payment services).

Cookies serve various purposes. Many cookies are technically necessary, as certain website functions would not work without them (e.g. shopping cart functionality or video display). Other cookies may be used to analyze user behavior or for marketing purposes.

Cookies that are required to carry out electronic communications, to provide certain functions you request, or to optimize the website (e.g. measuring website traffic) are stored on the basis of Article 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing these necessary cookies to ensure the technically error-free and optimized provision of services.

Where consent to the use of cookies or similar technologies has been requested, data processing is carried out exclusively on the basis of this consent (Article 6 (1) (a) GDPR and Section 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG)). You can withdraw your consent at any time.

You can configure your browser to notify you when cookies are set, to allow cookies only in individual cases, to exclude cookies for specific cases or in general, and to enable automatic deletion of cookies when closing your browser. Please note that disabling cookies may limit the functionality of this website.

For details on the specific cookies and services used on this website, please refer to this privacy policy.

5. Plugins and tools

Wordfence security plugin

We use the Wordfence security plugin on this website. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).

Wordfence helps protect our website from unauthorized access and malicious cyberattacks, and also helps safeguard visitors from viruses and malware. For this purpose, our website maintains a continuous connection to Wordfence servers so that access attempts can be compared with Wordfence’s databases and, if necessary, blocked.

The plugin’s “Live Traffic View” feature is limited to security-relevant monitoring.

The use of Wordfence is based on Article 6 (1) (f) GDPR. The website operator has a legitimate interest in ensuring the most effective protection of the website against cyber threats.

POLYLANG (language switcher)

We use the Polylang plugin to provide multilingual functionality on our website. The provider is WP SYNTEX, 28 Rue Jean Sébastien Bach, 38090 Villefontaine, France. Polylang sets a functional cookie called “pll_language”, which stores the visitor’s language preference to support the website’s multilingual features. The use of Polylang is based on our legitimate interest in providing a user-friendly website (Article 6 (1) (f) GDPR).

The cookie is stored for a period of one year.

For more information, please refer to Polylang’s privacy policy: https://polylang.pro/privacy-policy

About WAVE-H2
WAVE-H2 Campus Freudenstadt
WAVE-H2 Campus Vaihingen
Goals

Dashboard
Collaborations
Publications

FAQs
News
Archive

Contact
Legal notice
Privacy policy