old Privacy Policy (19.12.19 – 31.09.20)

Last update:05.10.2020

Version history:

Imprint & Privacy Policy

Privacy Icons Forum (PIF)


Version: January 2020

** Please Note: we intend to update the text of this privacy policy and apply some legal design insights very soon. stay tuned! **

Data Protection Information

1. General information
2. Processed data when using our website
3. Processed data when contacting us via our contact form

1. General information

1.1 Data controller and purview

The responsible person publishes this website in accordance with the applicable privacy legislation of the European Union and of Germany. The responsible person is:

Dr. Zohar Efroni
Weizenbaum Institute for the Networked Society
Hardenberg Str. 32
10623 Berlin

The following paragraphs outline how we process your data. Inasmuch as the subsequent paragraphs or other separate privacy information do not state otherwise, the provisions in this section titled General information apply.

If you have questions regarding data protection, please contact us in writing to the aforementioned postal address or via e-mail to info@privacyiconsforum.eu.

1.2 Rights of persons affected and regulatory authority

As a rule, you have the following rights:

  • Right of access (Article 15 General Data Protection Regulation, GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Article 21 GDPR)

In order to exercise your rights, you may contact us via postal mail to the aforementioned address or you may send us an e-mail to info@privacyiconsforum.eu.

We will review each individual request, and, should we conclude that the rights invoked do not apply, we will specify our reasons for such an assessment in writing. We may require an additional proof of identity in order to minimise the risk of abuse of the rights.

If you think that your rights have been compromised, you have the right to issue a formal complaint with the relevant supervisory authority in the state of Berlin. In addition to the named Berlin authorities, you may also contact the regulators in the federal state of Germany or in any other EU member state where you reside or work.

1.3 Data recipients

Data will only be transmitted to third parties according to rules set out in written agreements, in which all legal responsibilities are clearly laid out, or alternatively, according to the rules outlined in the following sections.

1.4 Changes to our data protection information

From time to time, this data protection information may be subject to changes and improvements, especially if changes in applicable law or our internal processes should necessitate this.

2. The data we process when you are using our website

When using our website, personal information is collected for the following purposes:

2.1 To transmit our online contents
2.2 To improve our web services
2.3 To secure our technical infrastructure

For these purposes, the data is transmitted, according to section 1.3 above, to our website hosting provider 1&1 IONOS SE. The Privacy Policy of 1&1 IONOS is available here: https://www.ionos.de/terms-gtc/terms-privacy. There you can find specific information regarding data collected by 1&1 IONO’s in connection with its web hosting and website builder services. 1&1 IONOS might share access to hosted data with its partners as specified under its privacy policy for the purposes specified there.

1&1 Cookies

The hosting provider may implement cookies that do not collect personal information. Cookies are text files that contain an identification number, which will be stored by your web browser and, should you revisit our website, will be retransmitted to the hosting provider. However, non-personal information transited via cookies might be combined with personal information already held by the hosting provider. For more information about the data processing practices of the hosting provider and your option regarding cookies, please visit the this page.

1&1 Analytics

We currently do not use analytics tools, but we might introduce analytics in the future solely for statistical purposes. A web analytics tool typically collects the following types of data: Referrer (the site that was visited immediately before visiting our site), type of browser and its version, operating system, type of device, a time stamp and anonymised IP address.

2.1 Transmission of online contents

2.1.1 Purpose and categories of data

In order for you to be able to view contents posted on our website, your browser will transmit the following information to us or to the hosting provider (as part of an HTTP request):

  • Your IP address (a numerical label that identifies your internet access point).
  • Information about your device, for example, the type of internet browser used, the rate of data transmission, or the size of your screen.

To display certain information, JavaScript will be used, provided you have not disabled JavaScript in your web browser or are using a JavaScript blocker.

2.1.2 Legal basis

We process the data on the basis of Art. 6 sect. 1 lit. f) GDPR to inform the interested public (e.g., you – when visiting our website) about our research projects and related research, which constitutes our legitimate interest.

2.1.3 Retention of data

Normally, the collected data is immediately deleted after its transmission.

We do not store log files. For data retention policy by our hosting provider, please refer to the 1&1 IONOS Privacy Policy under the aforementioned link.

2.1.4 Your rights

Rights of access, rectification, erasure as such are not applicable, since for the purpose of transmission, the data is only retained temporarily and will be deleted immediately after the end of the session.

2.2 Improvement of our services

2.2.1 Purpose and categories of data

In order to optimise our online contents, we evaluate on a generalised basis how users navigate our website. For this, we or our service providers analyse the following data, which is derived from HTTP requests:

  • Part of your IP address (that is, the numerical label identifying your computer access point), which is being anonymised by deleting the final two parts (blocks of numbers) of the address.
  • The web page you have requested.
  • Information regarding the type of internet browser and operating system used.
  • Possibly, the page visited before accessing our website (referrer information).

2.2.2 Legal basis

We process the data on the basis of Art. 6 sect. 1 lit. f) GDPR to improve our web services, which constitutes our legitimate interest.

2.2.3 Retention of data

All personalised data are anonymised immediately after it has been gathered.

2.2.4 Your rights

There is no legal right for the data in question to be rectified, deleted, or shared with the user, as the data retained is anonymised. As a rule, anonymising the data makes it impossible to connect specific data with specific individual users who request such information and actions.

2.3 The Security of our technical infrastructure

2.3.1 Purpose and categories of data

To secure our technical infrastructure, our service provider might draw on the following information contained in the HTTP request:

  • Your IP address (a sequence of numbers identifying your current computer access point to the web).
  • The website you requested.
  • Information about the type of internet browser and operating system used.
  • Possibly, the web page viewed before visiting our website (referrer information).

2.3.2 Legal basis

The data for this purpose is being stored and processed on the basis of Art. 6 sect. 1 lit. f) GDPR to analyse malfunctions and attacks targeting our technical systems, which constitutes our legitimate interest.

2.3.3 Retention of data

Unless security breaches are investigated, the data in question will be deleted within a period of time specified in the Privacy Policy of the hosting provider (normally after 90 days). If breaches of security occur, the data will be deleted as soon as there is no further legitimate interest to retain them.

2.3.4 Your rights

Generally, there is a legal right to request information about the above-mentioned types of data, as well as a right to having them rectified. However, as a rule, the data in question can only be personalised via the IP address, and therefore, we might not be able to directly assign the respective data to your person, at least not without your help. The reason for this is that we need to connect your “real-life” identity with the IP address that you have used when visiting our website. Such a connection can usually be done by contacting the corresponding Internet access provider that assigns the IP addresses to its users (e.g., you).

However, your provider will give us the user identity behind an IP address only on the basis of a legally justified access request from our part, for instance, if we can prove an attack on our website from a specific IP address. Thus, if you want us to facilitate the exercise of your rights in a case where we have no direct claim, it is up to you to reveal to us the connection between your identity and your IP address (and verify the accuracy of that connection). As soon as you voluntarily reveal and verify the connection between your identity and the IP address, we can comply with your rights, such as provide you with all the information stored with us regarding the IP address in question.

3. Contacting us via email or our contact form

We also process personal data when you contact us via email or when using our contact form. In these cases, the data is transmitted, according to point 1.3, to our website hosting provider 1&1 IONOS SE as well as to your email provider. The Privacy Policy of 1&1 IONOS SE is available here: https://www.ionos.de/terms-gtc/terms-privacy.

3.1 Purpose and categories of data

Should you contact us via email or by using our contact form, we will store and use your email address and all further information that you provide us to answer your contact request, which constitutes our processing purpose.

3.2 Legal basis

We store and process the data for this purpose based on your consent according to Art 6 sect. 1 lit a), or, alternatively, on the basis of Art. 6 sect. 1 lit. f) GDPR, while enabling you to actively engage with us, which constitutes our legitimate interest. We will store the information in our email storage as long as necessary to address the issue expressed in your contact request.

3.3 Retention of data

In the absence of other legal requirements, personal data will be retained until users retract their consent, submit an objection, or demand that the data be deleted. Additionally, the legal basis for the retention of data will be reviewed on a regular basis and, should no legal basis be applicable anymore, data will be deleted within a reasonable processing period of up to three months.

3.4 Your rights

For the above categories you have a general right to information. You further have the right to demand that data be rectified, deleted, or that its processing be limited. If you have contacted us via email, you can usually access the data in your own email feed. Of course, in case you have deleted your email feed or otherwise lost (access to) it, we can always re-send our email exchange with you back to you. You may exercise your other data subject rights correspondingly.