Privacy Policy | Future8

Data processing: Overview

In the following, we describe how we will treat your personal data within our company Future8 gGmbH.

Who is responsible for the data processing and who is the contact person?

The party responsible for processing your personal data in accordance with the data protection regulations is:

Future8 gGmbH
Heinrich-Hertz-Allee 1
66386 St. Ingbert
Germany

Represented by:
Jörg Scherer
Telephone: +49 6894 388 130
E-mail: contact-us@future-8.eu

Which data protection rights to I have?

Each individual has the right of access in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to erasure (right to be forgotten) in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, the right to data portability in accordance with Art. 20 GDPR as well as the right to object in accordance with Art. 21 GDPR. Limitations in accordance with §§ 34 and 35 of the German BDSG apply to the right to access and the right to erasure. In addition, individuals have a right to lodge complaints with us, or the competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

The competent supervisory authority is:

Unabhängige Datenschutzzentrum Saarland
Die Landesbeauftragte für Datenschutz und Informationsfreiheit
Fritz-Dobisch-Straße 12
66111 Saarbrücken
Germany
Telephone: +49 681 94781-0
Poststelle(at)datenschutz.saarland.de

Am I obliged to provide my data?

Within the scope of our business relationship, you only have to provide those personal data that are required for establishing, implementing and closing the business relationship and for fulfilling the related contractual obligations or in the case that we are legally required to collect the data. Without those data, we will generally not be able to perform the contract concerned.

Table of Contents

Data processing: Website

Server log files

The website operator automatically collects and stores information in so-called server log files which your browser automatically transmits to us. These include:

Browser type und browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

There will be no combination of these data with other data sources.

This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

Data processing: Grant applications and funded projects

Which sources and data are used?

We process personal data (Art. 4, no. 2 GDPR) that we receive from you within the scope of your grant application or funded project. The actual extent and the type of data may differ depending on the funding programme. Relevant personal data are:

Data of funding applicants/funding recipients (beneficiaries): First name, last name, academic degree, title, place of birth, organisation/institution, position, address, e-mail address, telephone number, mobile number, nationality, sex, participant lists, copyright, Intellectual Property, CV, short biography, salary/salary group, photos, audio and video recordings,
Data with regard to the institution of the person filing the grant application: name, legal form, address and contact data, contact person, bank details,
Data with regard to project partners of the funding applicant/funding recipients (beneficiaries),
Data with regard to the education and academic career by means of a short CV and, where appropriate, publications, patents, main research areas, completed education,
Photos as well as audio and video recordings in which natural persons involved in the project may be identifiable,
Data with regard to travel and lecture activities within the scope of the funded project.

Why do we process your data (purpose of processing) and what is the legal basis?

We process personal data in accordance with the provisions under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)).

We process your personal data for the purpose of performing our activities relating to assistance and consultancy in the grant application writing process, project management, project communication and project exploitation within the scope of publicly funded research, development and innovation projects.

To meet contractual obligations (Art. 6, para. 1 letter B GDPR)

To the extent that your personal data is processed to handle your inquiry or to perform our contractual obligations, the lawfulness of such processing is based on Art. 6, para. 1, letter B GDPR.

To perform a task that is of public interest or is carried out in the exercise of official authority (Art. 6, para. 1, letter E GDPR)

To the extent that your personal data is processed to perform one of our tasks to which we are contractually obliged, which is of public interest and has been assigned to us by an official authority (e.g. public presentation of the funded project in accordance with the compulsory rules provided by the public funding bodies, e.g. H2020 programme, Art. 38 General Model Grant Agreement) the lawfulness of such processing is based on Art. 6, para. 1, letter E GDPR.

Who will receive my data?

Within the Future8 gGmbH, your data will be transferred to those persons that need them to fulfill their contractual obligations (e.g. Project Manager of the project, financial department for the settlement of payments). In addition, we may involve other service providers to fulfil our contractual and legal obligations.

Furthermore, we may transmit your personal data to other recipients outside the Future8 gGmbH if this is required to fulfill our contractual and legal obligations. This includes but is not limited to:

Financial institutions (SEPA payment media)
Financial authorities, courts
The respective funding body for the evaluation of the grant application and implementation of the funded project
Other potential project partners to prepare the grant application and implement the funded project
External auditors if project audits are required by the respective funding body.

How long will my data be stored?

In the event of a positive decision on the grant application that we were involved in, the personal data will be stored:

for the duration of the grant agreement preparation with the funding body, as well as
for the complete duration of the project

In addition, personal data will be stored in accordance with the retention period agreed upon contractually with the respective funding body. In general, this retention period is five years after receipt of the project’s final payment.

In the event of a withdrawal or the decision not to proceed with a grant application or an offer as well as in the event of a negative decision on the grant application on the part of the funding body, your personal data will be stored for twelve months after the last interaction for the purpose of realizing potential future proposals.

Will my data be transmitted to a third country or international organisation?

Your data will only be transmitted to third countries (countries outside the European Economic Area (EEA)) if this is done in order to perform one of our tasks to which we are contractually obliged, which is of public interest and has been assigned to us by an official authority (e.g. public presentation of the funded project in accordance with the compulsory rules provided by the public funding bodies, e.g. Horizon Europe programme, Art. 18 General Model Grant Agreement or if partners from non-EU countries are involved in the projects).

In this case, we may transfer to and store the information we collect about you in countries other than the country in which the information was originally collected, including the United States, Canada or other destinations outside the European Economic Area (“EEA”). Those countries may not have the same data protection laws as the country in which you provided the information. When we transfer your information to other countries, we will protect the information as described in this Privacy Policy and comply with applicable legal requirements providing adequate protection for the transfer of information to countries outside the EEA. The transmission of your data is not repeated, mass or structural and is carried out within the limits established by the Grant Agreement, by the Consortium Agreement or by a Data Processing Agreement.

If you are located in the EEA, your personal data is only transferred if:

The country to which the personal data will be transferred has been granted a European Commission adequacy decision (Art. 45 (1) GDPR); or
Appropriate safeguards in respect of the transfer according to Art. 46 GDPR exist and EU standard contractual clauses can be concluded with the recipient (data importer);
derogations of Article 49 under Regulation 2016/679 apply.

You have the right to obtain confirmation as to whether or not which personal data concerning him or her is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards according to Art. 46 GDPR regarding the transfer.

Data processing: Customer orders in the area of project management and project communication

Which sources and data do we use?

We process personal data (Art. 4, no. 2 GDPR) that we receive from you directly or through the interaction with project partners (project consortium) within the scope of our project management and communication activities. The actual extent and the type of data may differ depending on the assignment. Relevant personal data are:

Organisation/institution,
First name, last name,
Sex,
Copyright,
Short biography,
Telephone and fax number,
Address,
E-mail address,
Photos as well as audio and video recordings in which individual natural persons may be identifiable,
Person master data, participant lists,
Data with regard to contract billing and payments (bank statement, time keeping),
Answers to thematic questionnaires, e.g. participation in & feedback to meetings, experience with Open Access, meal choices.

Why do we process your data (purpose of processing) and what is the legal basis?

We process personal data in accordance with the provisions under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)).

We process your personal data for the purpose of performing our services in the area of consultancy, project management, project communication and project exploitation. To meet contractual obligations (Art. 6, para. 1 letter B GDPR)

We process your personal data for the purpose of handling a proposal and to implement a contract with you pursuant to Art. 6, para. 1 letter B GDPR.

Who will receive my data?

Financial institutions (SEPA payment media)
Financial authorities, courts
Service providers to distribute newsletters.

To the extent that we perform our services as a subcontractor in a publicly funded project or grant application, your data will be transmitted to the following bodies if contractually required:

The respective funding body for the evaluation of the grant application and the implementation of the funded project,
Other (potential) project partners for the preparation of a proposal and the implementation of a funded project,
External auditors if project audits are required by the respective funding body.

How long will my data be stored?

To the extent that this is required for the above-mentioned purposes, we will process and store your personal data for the duration of initiating and implementing the contract.

In addition, we are obliged to respect various obligations to retain information and furnish evidence in accordance with, among other things, the German Commercial Code (Handelsgesetzbuch (HGB)) and the German Tax Code (Abgabenordnung (AO)). According to these Codes, the periods for storage amount to a maximum of ten years. Finally, the period of storage is also subject to statutory periods of limitation which, for instance in accordance with §§ 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch (BGB)), in general amount to three year but, in certain cases, can also amount to a maximum of thirty years. Furthermore, we are obliged to respect the retention periods of the respective public funding bodies if we perform our services as a subcontractor in a publicly funded project. In general, this retention period is five years after receipt of the project’s final payment.

Will my data be transmitted to a third country or international organisation?

In principle there is no transmission of your data to any third country (countries outside the European Economic Area (EEA)).

Data processing: Public relations

Which sources and data are used?

We process personal data (Art. 4, no. 2 GDPR) that we receive from you directly, through networking activities, the exchange of information with project partners (project consortium) or via a search in publicly available sources. Relevant personal data are:

Organisation/institution,
First name, last name,
Sex,
Telephone number,
E-mail address.

The actual extent and the type of data may differ depending on the nature and extent of networking/communication activity in question.

Why do we process your data (purpose of processing) and what is the legal basis?

We process personal data in accordance with the provisions under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)).

We process your personal data for the purpose of sending general messages and information about activities in the area of European research and innovation funding programmes as well as other activities in the area of science, research and innovation that might be of interest for you. These activities are considered external communication activities which include informative mailings within the scope of the funded projects to which we are obliged to by a public institution. Your first and last name as well as your sex will be processed to address you directly within the scope of newsletter/informative mailings which are individually produced for a certain group of recipients.

Based on your consent (Art. 6, para. 1, letter A GDPR)

To the extent that you provided your consent to the processing of your personal data for certain purposes (e.g. newsletter distribution), such processing is considered lawful pursuant to Art. 6, para. 1, letter A GDPR on the basis of your consent. A consent that has been given can be revoked at any time. This also applies to any revocation of consent that was given prior to the coming into force of the GDPR, i.e. prior to May 25, 2018.

Please note that any revocation is only applicable to the future use of your personal data. Processing of data that has been performed before your revocation is not affected. To perform a task that is of public interest or is carried out in the exercise of official authority (Art. 6, para. 1, letter E GDPR) To the extent that your personal data is processed to perform one of our tasks to which we are contractually obliged, which is of public interest and has been assigned to us by an official authority (e.g. public presentation of the funded project in accordance with the compulsory rules provided by the public funding authorities, e.g. H2020 programme, Art. 38 General Model Grant Agreement) the lawfulness of such processing is based on Art. 6, para. 1, letter E GDPR.

To protect our legitimate interest (Art. 6, para. 1, letter F GDPR)

To the extent that we contact you within the scope of our external communication activities to provide to you general messages and information about activities in the area of European research and innovation funding programmes and other activities in the area of science, research and innovation that might be of interest for you, and you have not given your consent pursuant to Art. 6, para. 1, letter A GDPR and we do not act for the purpose of performing a task that is of public interest or is carried out in the exercise of an official authority, the processing of your data is legally based on the existence of a legitimate interest in accordance with Art. 6, para. 1, letter F GDPR. Of course, you have the right to inform us anytime that you do not wish to receive such mailings in the future (withdrawal option).

Who will receive my data?

Within the Future8 gGmbH, your data will be transferred to those persons that need them to carry out their external communication activities as, for instance, the preparation and sending of informative mailings.

How long will my data be stored?

We store your master data for the purpose of informative mailings to which we are obliged by a public institution within the scope of the funded projects for the duration of the project and beyond pursuant to the contractually agreed retention periods of the respective funding body. In general, the retention period is five years after the receipt of the project’s final payment.

Within the scope of activities relating to direct marketing, we store your data for five years after the last interaction for our own marketing purposes, for the mailing of promotional material relating to own activities and funding programmes and for the purposes of initiating business relating to these offers unless you object to the use of your data for this purpose beforehand. Accordingly, your data will be erased after five years since your last interaction with us or earlier in case of an objection.

Your e-mail address will be erased for these purposes as soon as you have revoked your consent to the use of your data for the purpose of sending you mailings.

Will my data be transmitted to a third country or international organisation?

If you are located in the EEA, we will only transfer your personal data if:

The country to which the personal data will be transferred has been granted a European Commission adequacy decision (Art. 45 (1) GDPR); or
The recipient of the personal data is located in the US and has certified to the US-EU Privacy Shield Framework; or
We have put in place appropriate safeguards in respect of the transfer according to Art. 46 GDPR, we entered into EU standard contractual clauses with the recipient (data importer).

Video surveillance at our premises in St. Ingbert

Why do we process your data (purpose of processing) and what is the legal basis? We process personal data in accordance with the provisions under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)).

Video surveillance at our premises in St. Ingbert is used to control the access to the building.

To protect our legitimate interest (Art. 6, para. 1, letter F GDPR)

The basis for the processing of your personal data within the scope of the video surveillance is Art. 6, para. 1, letter F GDPR.

The legitimate interest for performing such video surveillance consists in the protection of life and limb of our customers, business partners and employees.

Who will receive my data?

Within the Future8 gGmbH, authorized employees will receive your data to protect our legitimate interest within the scope of controlling access to our building.

How long will my data be stored?

The video surveillance is a live transmission. No recordings will be made.