Declaration of data protection and consent in accordance with the General Data Protection Regulation (“GDPR”) to the processing of data by the project “European Repository of Cyber Incidents.”
Name and address of the controller
- Heidelberg University
- Grabengasse 1
- 69117 Heidelberg
The following personal data is collected for our service:
- Last name, first name
- E-Mail address
General information on data processing
The above data is collected for the purpose of subscribing to newsletters, as well as for anonymised evaluation purposes; it is also stored on the servers of the University Computer Centre of Heidelberg University. The data processing is carried out with your consent on the legal basis of Art. 6 para. 1 lit. a GDPR.
The newsletter function is provided by the service “Mailchimp” of The Rocket Science Group LLC, 675 Ponce de Leon Ave. NE Suite 5000, Atlanta, GA 30308-2172, United States (hereinafter “Mailchimp”). By sending the newsletter, a direct connection to the servers of Mailchimp is established and the data is transmitted to Mailchimp servers. Mailchimp is therefore our order processor. You can find more information about data protection at Mailchimp at mailchimp.com/legal/privacy.
Mailchimp operates several data centers and servers worldwide. It is therefore possible that a data transfer to a third country takes place. According to Mailchimp, standard contractual clauses are used in the event that a transfer to an inadequate third country takes place.
Should further data be required, the user’s consent is required again separately. The personal data of the user will be deleted or blocked as soon as the purpose of storage no longer applies.
Data subject rights
- in accordance with Art. 7 (3) GDPR, to revoke your consent once given to us at any time. An e-mail to is sufficient for this purpose. As a result, we may no longer continue the data processing based on this consent in the future;
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
- in accordance with Art. 16 GDPR, to demand the immediate correction of inaccurate or incomplete personal data stored by us;
- in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
- in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
- complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the place of the alleged infringement for this purpose.