Smarte Region Hessen / Datenschutz

The person responsible as defined by the EU General Data Protection Regulation (GDPR), the Hessian Data Protection and Freedom of Information Act (HDSIG) and other national data protection laws of the member states as well as other data protection regulations is:

The State of Hesse, Hessian State Chancellery, Hessian Minister for Digital Strategy and Innovation
Georg-August-Zinn-Strasse 1
65183 Wiesbaden

Telephone: +49 611 32 11-0
E-mail: info@digitales.hessen.de

You can reach the official data protection officer of those responsible via the above address or by e-mail at datenschutz@stk.hessen.de.

The website is designed by the business development agency of the state of Hesse, Hessen Trade & Invest GmbH, Konradinerallee 9, 65189 Wiesbaden, on behalf of and on the instructions of the Hessian State Chancellery. You can reach the data protection officer of Hessen Trade & Invest GmbH at datenschutzbeauftragter@hessen-agentur.de or by post at Schiedermair Beratungsgesellschaft für Datenschutz mbH, Eschersheimer Landstrasse 60, 60322 Frankfurt am Main.

1. Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

Description and scope of data processing: the following information is automatically collected by your system when a page is accessed:

• the browser type and version,

• the operating system used,

• the website from which you are visiting us (referrer URL),

• the website you are visiting,

• the date and time of your access,

• the Internet Protocol (IP) address used.

It is absolutely necessary to collect and store system information in log files in order for the website to operate.

Legal basis for data processing: the legal basis for the temporary storage of information and log files is defined in Article 6 Paragraph 1 Letter f of the GDPR.

Purpose of data processing: the temporary storage of the IP address you use is necessary to enable the website to be provided to your computer. The purpose of storing your information in log files is to ensure the functionality and stability of the website and our IT system. In relation to this, an evaluation of the data for marketing purposes is not carried out. Our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR also lies in the purposes outlined.

Duration of storage: the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where data has been collected for the provision of the website, it will be deleted when the respective session has ended. The data stored in log files will be deleted after a period of seven days at the latest.

2. Contacting us via email

Description and scope of data processing: if you contact us via the e-mail address provided, the personal data transmitted with the e-mail will be saved.

As part of the processing of your e-mail request, it may be necessary for us to request further data and information from you. If, in such a case, you do not want to provide us with this further information, you will not suffer any adverse consequences. However, it is possible that failure to provide the requested information will make processing your request more difficult or impossible. If you are obliged to provide information to the Hessian State Chancellery - Hessian Minister for Digital Strategy and Innovation, we will point this out to you in a separate declaration, in which we will draw your attention to any legally disadvantageous consequences of failure to provide information.

In order to answer your questions, it may be necessary, depending on the situation, to forward your personal data to other bodies within the state administration and to federal or municipal authorities or to the business development agencies of the state of Hesse (Hessen Trade & Invest GmbH and HA Hessen Agentur GmbH). If the request relates to the supply of digital infrastructure, it may be necessary to forward personal data to the responsible telecommunications company. Under certain circumstances, it may also be necessary to forward your data to other bodies within the state administration and to federal or local authorities. If you do not agree to forwarding that not only concerns the responsible ministry, please let us know.

If the Hessian State Chancellery - Hessian Minister for Digital Strategy and Innovation is not responsible for your request, we will forward your request to the responsible office and inform you if this corresponds to your request.

Legal basis for data processing: the legal basis for processing data that is transmitted in the course of sending an e-mail is defined in Article 6 Paragraph 1 Letter e of the GDPR in conjunction with Section 3 Paragraph 1 HDSIG if we start processing your e-mail request to carry out a task that is in the public interest or Art. 6 Para. 1 Letter f of the GDPR. Our legitimate interest lies in responding to your non-directed e-mail enquiry. If the e-mail contact is aimed at concluding a legal relationship or takes place in connection with an existing legal relationship with us, the additional legal basis for processing is defined in Article 6 (1) (b) GDPR.

Purpose of data processing: we exclusively process personal data from an e-mail in order to process the e-mail request.

Duration of storage: the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data transmitted by e-mail, the case is closed when the respective conversation with you has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been definitively clarified. This does not apply if the deletion conflicts with legal or contractual obligations, in particular retention periods.

3. Contact form

Description and scope of data processing: when a contact request is sent via a contact form, the data entered in the input screen is transmitted to us and stored. At the time the message is sent, the IP address you are using and the date and time of the contact request are also saved.

As part of the processing of your contact request, it may be necessary for us to request further data and information from you. If, in such a case, you do not want to provide us with this further information, you will not suffer any adverse consequences. However, it is possible that failure to provide the requested information will make processing your request more difficult or impossible. If you are obliged to provide information to the Hessian State Chancellery - Hessian Minister for Digital Strategy and Innovation, we will point this out to you in a separate declaration, in which we will draw your attention to any legally disadvantageous consequences of failure to provide information.

In order to answer your questions, it may be necessary, depending on the situation, to forward your personal data to other bodies within the state administration and tofederal or municipal authorities or to the business development agencies of the state of Hesse (Hessen Trade & Invest GmbH and Hessen Agentur GmbH). If the request relates to the supply of digital infrastructure, it may be necessary to forward personal data to the responsible telecommunications company. Under certain circumstances, it may also be necessary to forward your data to other bodies within the state administration and to federal or local authorities. If you do not agree to forwarding that not only concerns the responsible ministry, please let us know.

Legal basis for data processing: the legal basis for processing the data that is transmitted in the course of sending a message via the contact form is defined in Article 6 Paragraph 1 Letter e of the GDPR in conjunction with Section 3 Paragraph 1 HDSIG if we are processing a request to carry out a task that is in the public interest or Art. 6 (1) Letter f GDPR. Our legitimate interest lies in processing your contact request sent to us. If the communication via the contact form is aimed at concluding a legal relationship or takes place in connection with an existing legal relationship with us, the additional legal basis for processing is defined in Article 6 (1) (b) GDPR.

Purpose of data processing: we exclusively process personal data from the input screen or an e-mail in order to process the contact request.

Duration of storage: the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form, the data is deleted when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been definitively clarified.

This does not apply if the deletion conflicts with legal or contractual obligations, in particular retention periods. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

4. Providing information, promotion of businesses(newsletters, mailings, info post)

Description and scope of data processing: we may send you information on state-specific and current topics and developments in the field of digitisation at irregular intervals via the Hessian business development agencies, Hessen Trade & Invest GmbH and HA Hessen Agentur GmbH. To do this, we approach you by post and/or e-mail and process names, postal addresses and e-mail addresses, depending on the communication channel.. The business development companies act on our instructions on the basis of an order processing contract.

If we offer registration for one of our free newsletters on our website and you register, the data from the input screen will be transmitted to us and processed by us for the purpose of sending the desired newsletter. At the time the newsletter registration is sent, the IP address you are using as well as the date and time of registration are also saved.

If you register for the newsletter via our website, we will verify your e-mail address using what is known as a double opt-in procedure in the course of which you will receive an e-mail after you have registered asking you to confirm your data and your consent to receive the newsletter within a certain period of time.

If you open one of our newsletters and click on a link or certain buttons in it, this can be logged (date, time, e-mail address). These opening and click rates are processed for statistical purposes so that we know that our newsletter can be delivered and opened and we can use the actions that are carried out after opening a newsletter to tailor our range of information more effectively to the interests of our newsletter recipients. The recipient can crop the newsletter. This also represents our legitimate interest in data processing. This data is not evaluated for personal usage analysesor merged with other data to create usage profiles.

The provision of personal data by you is voluntary. However, failure to provide personal data, insofar as this is mandatory information for registering for a newsletter, means that we cannot send you a newsletter.

Legal basis for data processing: the legal basis for processing data for sending our newsletter is the consent you have given (Art. 6 Para. 1 Letter A GDPR). The legal basis for any statistical evaluations carried out in connection with the sending of the newsletter is defined in Article 6 Paragraph 1 Letter f of the GDPR. By sending the e-mail as part of the double opt-in procedure, we comply with our legal obligation to verify your e-mail as defined in Article 6 Paragraph 1 Letter c GDPR.

By sending information, we are also performing tasks that are in the public interest or in the exercise of official authority via the business development companies we have commissioned, as defined by Article 6 Paragraph 1 Letter e GDPR in conjunction with Section 3 HDSIG.

Purpose of data processing: the data will only be used to send information. If other personal data is collected during the registration process for a newsletter, this serves to individualise the newsletter and prevent misuse of the services or the e-mail address used.

Duration of storage: you can object to receiving information at any time. You can revoke your consent to receiving a newsletter at any time without giving reasons. If you do object or revoke your consent, the e-mail or postal address you gave us to send you information or newsletters will be blocked to document that you no longer wish to be contacted by us in the future. Data that is no longer required will be deleted immediately. The blocking notice and your e-mail address will be deleted three years after the end of the calendar year in which the blocking notice was set. If you do not confirm your registration for the newsletter as part of the double opt-in procedure, we will block your data and delete it after one month.

5. Registration for events

Description and scope of data processing: by submitting a registration via a registration form, the data entered in the input screen is transmitted to us and stored. At the time the registration is sent, the IP address you are using as well as the date and time of registration are also saved.

If external speakers are involved in the event, we will, if necessary, pass on your data to these external speakers for the purpose of preparing and conducting the event.

The provision of personal data by you is voluntary. However, the provision of the data marked as mandatory is necessary so that we can conclude and implement an agreement on your participation in the desired event.

Legal basis for the data processing: the legal basis for the processing of the data is defined in Art. 6 (1) Letter b GDPR since the processing of the data is necessary for the registration and implementation of the event you have selected. If we obtain your consent separately, Art. 6 Para. 1 Letter a GDPR also constitutes the legal basis.

Purpose of data processing: the personal data is processed exclusively in order to register you for and carry out the event.

Duration of storage: the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The personal data collected during registration will be deleted no later than one month after the end of the event unless you have consented to its further use or processing (e.g. consent to receiving invitations for future events).

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

6. Recording and Streaming of Online Events

Description and scope of data processing: we record some online and hybrid events and offer them for streaming on websites and/or presences on social media by us or the Hessian business development companies, Hessen Trade & Invest GmbH (HTAI) and HA Hessen Agentur GmbH (Hesse Agency). When recording, chat posts are saved separately; these will not be published. For the purpose of public relations, individual photos and videos may also be taken of participants during an online event. In addition, the connection data of the participants can be saved.

The photo and video recordings can be published in print media, our own publications, on websites and/or social media pages by us and HTAI and Hessen Agentur. For the publication of photos and videos on social media channels, your consent will be obtained as part of the registration process for the event and reference will be made to this data protection declaration. If the recording of an online event is to show individual participants, we will also obtain your consent in advance for this recording and the streaming offer on websites and/or on social media appearances.

Connection data is saved automatically. This is required from a technical point of view to allow participation in the online event.

For the live streaming of events, we regularly work with external service providers who work for us in accordance with our instructions on the basis of an order processing contract.

Legal basis for data processing: the legal basis for data processing is your consent (Article 6 (1) (a) GDPR). The publication of film and video recordings in print media, on websites or other proprietary publications is based on the public mandate for business development and public relations (Art. 6 Para. 1 Letter e GDPR). The legal basis for storing the connection data is defined in Article 6 Paragraph 1 Letter f of the GDPR; our legitimate interest lies in guaranteeing the functionality of the systems for conducting the online event.

Purpose of data processing: the personal data is processed forthe purposes stated in the Description and Scope of Data Processing section.

Duration of storage: the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Published recordings of online events are stored for as long as the respective publications are retrievable or available. The connection data will be deleted after a period of seven days at the latest.

Recipients and data transmission to third countries: if you have consented to the publication of photos and videos showing you or a recording of the online event in social media as part of the registration process, the data will be transmitted to the operators of these social networks. As part of the consent, you will be informed that some of the operators of social media are based outside the territory of the EU and the European Economic Area (EEA), in particular in the USA, and that these countries do not have an adequate level of data protection. We cannot rule out the possibility that even if operators of social media are based in the EU, the personal data may also be transmitted to group companies in the USA or another country outside the EU or the EEA and/or also be stored on servers in the USA or another country outside the EU or EEA. Personal data can be transmitted in particular to the following social media operators:

• Facebook

The service provider is Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). Further information on data protection can be found at https://www.facebook.com/policy.php.

• Instagram

The service provider is Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). For more information on data protection, see Instagram's privacy policy at https://help.instagram.com/about/legal/privacy.

• LinkedIn

• Twitter

The service provider is the Twitter International Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland). Further information on data protection can be found in Twitter's data protection declaration at https://twitter.com/de/privacy.

• YouTube

The service provider is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Further information on data protection can be found in Google's data protection declaration at https://policies.google.com/pr...=de.

• Vimeo

The service provider is Vimeo.com, Inc. (555 West 18th Street, New York, New York 10011, USA). Further information on data protection can be found in Vimeo's data protection declaration at https://vimeo.com/privacy.

7. Taking and publishing photos and videos

Description and scope of data processing: as a public institution, we are responsible for informing the public about events in suitable publications in words and pictures. For this purpose, photos and videos may be taken at events and published in print media, our own publications, in Internet offers and/or presences on social media by us and the Hessian business development agencies, Hessen Trade & Invest GmbH and HA Hessen Agentur GmbH. For publication on social media sites, we obtain your consent and refer to this data protection declaration.

Legal basis for data processing: the legal basis for processing the photo and video recordings is our task of providing information about our activities and business development in Hesse, which is in the public interest (Art. 6 Para. 1 Letter e GDPR in conjunction with § 3 HDSIG). If you have given your consent to the publication of photos and videos showing you on social media channels, this is the legal basis for data processing (Art. 6 Para. 1 Letter a GDPR).

Purpose of data processing: the purpose of publishing photo and video recordings is the public mandate to operate and (further) develop business development in the state of Hesse and therefore to inform the interested public about events.

Duration of storage: the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If photos and videos are not published, they will be deleted no later than one month after the end of the event. Published photos and videos remain stored for as long as the respective publications are retrievable or available.

Recipients and data transmission in third countries: for publication in print media, the photos taken are transmitted in particular to daily newspapers and publishing houses. If you consented to the publication of photos and videos showing you on social media when registering, the data will be transmitted to the operators of these social networks. As part of the consent, you will be informed that some of the operators of social media are based outside the territory of the EU and the European Economic Area (EEA), in particular in the USA, and that these countries do not have an adequate level of data protection. We cannot rule out the possibility that even if operators of social media are based in the EU, the personal data may also be transmitted to group companies in the USA or another country outside the EU or the EEA and/or also be stored on servers in the USA or another country outside the EU or EEA. Personal data can be transmitted in particular to the following social media operators:

• Facebook

The service provider is Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). Further information on data protection can be found at https://www.facebook.com/policy.php.

• Instagram

• LinkedIn

• Twitter

• YouTube

• Vimeo

8. Registration for contact linking measures at events

Description and scope of data processing: in the run-up to certain events, visitors have the opportunity to register for participation in contact linking measures (what is known as partnering or matchmaking) and to store profiles. When you send the registration for partnering/matchmaking and the profile, the data entered in the input screens will be sent to us and saved. At the time the registration is sent, the IP address you are using as well as the date and time of registration are also saved. Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration. In the case of regular events, you sometimes have the option of storing your profile permanently for other events as well. If necessary, we will point this out separately within the scope of the declaration of consent.

The provision of personal data by you is voluntary. However, you cannot participate in partnering/matchmaking if you do not provide us with the data marked as mandatory.

Participants who have registered for partnering/matchmaking are generally granted access to the profiles of other participants before the event and can contact them.

Legal basis for data processing: the legal basis for data processing is your consent (Article 6 (1) (a) GDPR).

Purpose of data processing: the personal data is processed exclusively to register for and implement measures to improve contact linking at events.

Duration of storage: the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The personal data collected in the profile as part of the registration for partnering/matchmaking will be deleted no later than six months after the end of the event, unless you have consented to your profile being stored for a longer period of time.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

9. Provision of (interactive) questionnaires

Description and scope of data processing: we include questionnaires in our offering which you can use to assess your skills, specific situations and development potential yourself and/or transmit your views and evaluations (e.g. feedback form). As a rule, the questionnaires are to be completed without providing any personal data and are evaluated anonymously by us. In individual cases, certain information such as your function/position is collected, which allows conclusions to be drawn about your person, but we do not use this information. Information from the questionnaires is generally stored separately from any other data and information that has been collected.

If we offer to send you an evaluation and other documents,you will regularly have the opportunity to provide your email address for this purpose.. In some cases, you can temporarily save a questionnaire that has already been started so that you can complete it later or call it up again later. This can be done via a link that is generated automatically and that you can send to your e-mail address yourself.

In some cases, you have to register and provide personal data such as your name, your e-mail address and a password. If you do have to register, the data entered in the input screen as well as the IP address and date and time are transmitted to us and stored when the form is sent. Any personal data will be stored separately from entries in the questionnaire.

Some of the information in questionnaires is used anonymously for further evaluations, statistical surveys or other activities.

Any provision of personal data by you is voluntary. Depending on the specific design, the a questionnaire can only be stored temporarily if you have registered and the data marked as mandatory is required for this.

Legal basis for data processing: if we have obtained your consent, the legal basis for the processing of personal data is defined in Article 6(1)(a) GDPR. Otherwise, the performance of our tasks in the public interest and our legitimate interests in accordance with Article 6 Paragraph 1 Letter e and f GDPR is the legal basis, whereby our legitimate interest lies in providing you with the desired offers and functions relating to a questionnaire to be able to….

Purpose of data processing: the personal data is processed in orderto send you the evaluation result and any other documents if you have provided your e-mail address and to give you the option of temporarily storing and completing a questionnaire at a later stage, if you register.

Duration of storage: the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If you have given us your e-mail address for the purpose of sending the evaluation result and any other documents, your data will be deleted after the information has been sent. Any data for the temporary storage of a questionnaire will be deleted no later than seven days after you have completed the questionnaire. If you do not want to complete the questionnaire, you can have this and any of your data stored in the input screen deleted at any time. For this purpose, please contact info@smarte-region-hessen.de.

The additional data collected during a sending process will be deleted after a period of seven days at the latest.

10. Registration forms for subject-specific databases

Description and scope of data processing: you have the option of registering for topic-specific databases on our website. By submitting the registration, the data entered in the input screen will be transmitted to us and saved. At the time the form is sent, the IP address you are using as well as the date and time of sending are also saved. Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration.

The provision of personal data by you is voluntary. Failure to provide personal data, insofar as this is mandatory information, means that you cannot register for the respective database.

Legal basis for data processing: the legal basis for processing your data is your consent (Art. 6 Para. 1 Letter a GDPR). The performance of our task in the public interest forms an additional legal basis (Art. 6 Para. 1 Letter e GDPR in conjunction with § 3 HDSIG).

Purpose of data processing: the personal data is processed exclusively to include you or the organisation you represent in the respective database, to edit entries and, if necessary, to be able to contact you.

Duration of storage: the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If we reject your registration, we will delete the data no later than one month after the rejection. In the event of successful registration, we will store the data provided in the respective database for the duration of your stay. You can delete your registration and remove yourself from the respective database at any time. Please contact info@smart-region-hessen.de. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

11. Use of technically necessary cookies

Description and scope of data processing: in order to make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages which are technically necessary. These are small text files that are stored on your end device.

You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be restricted. The following links show you how the settings can be adjusted in the following popular browsers:

• Chrome: https://support.google.com/chr...

• Firefox: https://support.mozilla.org/de...

• Internet Explorer: https://support.microsoft.com/...

• Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac.

If you use different devices to visit our website (e.g. your computer, your smartphone, your tablet, etc.), you should ensure that the cookie settings you want are set for each browser and on each device.

Legal basis for data processing: if personal data is processed using technically necessary cookies, the legal basis is Article 6 (1) (f) GDPR.

Purpose of data processing: the purpose of using technically necessary cookies is to make visiting our website attractive and to enable the use of certain functions, such as selecting a language or recognising the browser after registration in the member area of a page. Certain functions of our website cannot be offered without the use of technically necessary cookies. This is also our legitimate interest as defined by Art. 6 Para. 1 Letter f GDPR.

The user data collected by cookies is not used to create user profiles.

Duration of storage: we use "session cookies". A session cookie is a cookie that is automatically deleted after the user has closed the browser.

12. Embedded Videos

Integration via YouTube

You can watch videos on our websites that are integrated using a “plug-in” from YouTube Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; a Google LLC company). When you access a website with an embedded video, YouTube processes system data about the end device you are using and the browser you are using (IP address, browser type used, device information, operating system used).

YouTube uses cookies for data collection and statistical data analysis to prevent fraud and to improve user-friendliness. We receive statistical values for the retrieval of individual videos embedded in the website via the cookies set by YouTube without any reference to the respective user. If you watch a video integrated in this way, YouTube may also store and use this data for other purposes. In this case, if you are logged in to YouTube with your YouTube account at the same time, YouTube may be able to assign your surfing behaviour to your YouTube user profile. You can prevent such data processing by logging out of your YouTube account before visiting our website.

The "extended data protection mode" for YouTube videos is activated on our websites. This means: YouTube does not store cookies for a user who views a website with an embedded YouTube video player but does not click on the video to start playback. Before you call up a video, you will also be informed that, by clicking on a video link, you are leaving the website of the person responsible and you will be redirected to the Internet offering of the video portal YouTube with the transmission of the website you are currently calling up. If you accept this, YouTube may be able to store the cookies mentioned above on your device: however, no personal cookie information is stored for playback of embedded videos.

Since this is a third-party service, we have no influence over the processing of the corresponding data by YouTube. For the purpose and scope of the data collection and the further processing and use of the data by YouTube or Google, as well as your rights in this regard and setting options for protecting your privacy, please refer to the relevant information on data protection at https://policies.google.com/pr... . Google also processes your personal data in the USA which does not have a data protection level equivalent to that of the EU..

13. Embedded Maps

Use of Google Maps

The Google Maps service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) is used on our website. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function.

If you have consented to the data transmission including the integration of Google Maps, Google will be informed that you have accessed the corresponding subpage of our website. In addition, system data about your end device and the browser you are using (IP address, browser type used, device information, operating system used) is processed by Google. This takes place regardless of whether Google provides a user account via which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out (even for users who are not logged in) in particular to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To do so you must contact Google to exercise this right.

If you do not want the data to be processed, do not open the Google Maps map.

Further information on the purpose and scope of data collection and its processing by Google can be found in the Google policy at https://policies.google.com/pr.... There you will also receive further information on your rights in this regard and setting options to protect your privacy. Google also processes your personal data in the USA which does not have a data protection level equivalent to that of the EU.

Use of Open Street Map

Map sections based on the OpenStreetMap (OSM) open data project of the OpenStreetMap Foundation (132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, Great Britain) are used on our website. The purpose of OSM isto provide you with interactive maps of our website.

If you have consented to the use of OSM, information about the use of the website (website visited, IP address used, browser type used, user behaviour) will be transmitted to retrieve what are known as tiles (map sections). Depending on which map sections you call up, data may also be transferred to countries outside of Germany and the European Union or the European Economic Area including the USA. OSM's main servers and infrastructure are operated in the UK and the Netherlands. Other servers are only accessed if you have to call up map sections of the corresponding countries. According to OSM, the data will be deleted 180 days after collection.

This service is an open-source offering where we have no control over data collection and processing. The information collected may be transferred to third parties, processed on behalf of third parties and the data may be combined with other data stored about the user about which we have no information.

You can deactivate the collection of data by OpenStreetMap by not using the map display.

Further information on the use of personal data by OpenStreetMap can be found at https://wiki.osmfoundation.org/wiki/Privacy_Policy. The EU Commission has confirmed the appropriate level of data protection in Great Britain with an adequacy decision.

14. Social plug-ins from social network providers

Social plug-ins from providers of social networks are used on our websites. Personal data can be sent to the service providers (also outside of Europe) via these social plug-ins and used by them, if necessary.

We do not collect any personal data ourselves via the social plug-ins or as a result of their use. We have configured the social plug-ins in such a way that no personal data is initially passed on to the providers of the individual social plug-ins when you visit our website. Data can only be transferred to the service provider and stored there if you click on one of the social plug-ins.

When you click on the corresponding button of the service provider, the service provider is informed that you have accessed the corresponding sub-page of our online offering. You do not need to have an account with this service provider or be logged in there. If you are logged in to the service provider, this data is assigned directly to your account. If you click on one of the social plug-ins and, for example, link to the page, the service provider also stores this information in your user account and, if necessary, communicates this publicly to your contacts.

If you do not want your profile to be associated with the service provider, you must log out before clicking on one of the social plug-ins.

We have no influence over whether and to what extent the service providers collect personal data. We are also not aware of the scope, purpose and storage period of the data collection. It must be assumed that at least the IP address and device-related information will be recorded and used. It is also possible that the service providers use cookies.

We would like to point out that some of the service providers of social networks are based outside the territory of the EU and the European Economic Area (EEA), in particular in the USA, and that these countries do not have an adequate level of data protection. We cannot rule out the possibility that even if service providers of social networks are based in the EU, the personal data may also be transmitted to group companies in the USA or another country outside the EU or the EEA and/or also be stored on servers in the USA or another country outside the EU or EEA.

Further information from the service providers in detail:

• Facebook

The service provider is Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). Further information on data protection can be found at https://www.facebook.com/policy.php.

• Instagram

• LinkedIn

• Twitter

• Pinterest

The service provider is Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland). Further information on data protection can be found in Pinterest's data protection declaration at https://policy.pinterest.com/de/privacy-policy.

• Whatsapp

The service provider is Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). You can find more information on data protection at https://www.whatsapp.com/legal/privacy-policy-eea.

• Reddit

The service provider is Reddit Ireland Limited (Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland). For more information, see https://www.reddit.com/de-de/p....

15. Our presence on social media

You can find us on various social media channels that the business development agencies, Hessen Trade & Invest GmbH and HA Hessen Agentur GmbH operate on our behalf as part of the "Digital Hessen" project. If you visit one of our social media appearances, the respective social media provider processes data from you in order to create statistical evaluations and to operate and improve their own services and offerings. The data processing is carried out partly regardless of whether you are registered and logged in to the social media platform you have visited or not.

Some service providers provide us with evaluations of the use of our websites which we can use to analyse our offerings and the needs of our users. For this purpose, the reach of our posts, the number of views of our videos and the development of our subscriber numbers are evaluated. We receive the evaluations without any personal reference at all. The data, which has been anonymised and summarised by groups/categories, includes: age, gender, place of residence of the user (country and region/city), time and location of use, total number of users of individual functions/areas, interactions (e.g. comments, click rate, views, shares), video usage time, devices used, operating systems, software, usage history (referring websites), language and interests/topics accessed.

Anonymised evaluations are updated daily and made available for an evaluation period including the previous day.

We would like to point out that some of the social media providers are based outside the territory of the EU and the European Economic Area (EEA), in particular in the USA, and that these countries do not have an adequate level of data protection. We cannot rule out the possibility that even if providers of social media are based in the EU, the personal data will also be transmitted to group companies in the USA or another country outside the EU or the EEA and/or also be stored on servers in the USA or another country outside the EU or EEA. In some third countries, for example in the USA, government agencies have far-reaching access rights to data from companies based in these third countries.

Insofar as we receive statistical evaluations from the individual providers of the social media channels about the use of our websites, there is joint responsibility between us and the respective provider of the social media channel for these associated data processing operations.

Further information on the providers of social media channels where maintain a profile is provided below:

• Facebook

The service provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information on the collection and use of personal data by Facebook can be found at https://www.facebook.com/policy.php. When you use the Facebook page, Facebook stores cookies on your computer or smartphone. You can find information on this at https://www.facebook.com/policies/cookies. We have concluded an additional agreement with Facebook on joint responsibility which specifies which data processing operations we and Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www. Facebook.com/legal/controller_addendum.

• Instagram

The service provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information on data processing can be found at https://help.instagram.com/519522125107875. When you use our Instagram profile, Facebook stores cookies on your smartphone. You can find information on this at https://www.facebook.com/policies/cookies. We have concluded an additional agreement with Facebook on joint responsibility which specifies which data processing operations we and Facebook are responsible for when you visit our Instagram profile. You can view this agreement at the following link: https://www.facebook.com/legal/controller_addendum.

• LinkedIn

The service provider is LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). Further information on data protection can be found in LinkedIn's data protection declaration at https://www.linkedin.com/legal... and in the cookie policy at https://www.linkedin.com/legal/cookie-policy. For the processing operations for which we are jointly responsible with LinkedIn, the following joint responsibility agreement applies: https://legal.linkedin.com/pages-joint-controller-addendum.

• Twitter

16. Transfer of Personal Data

Our employees are the recipients of your personal data and theyare entrusted with processing the respective transaction. Your data will only be passed on within the framework of the provisions of applicable law or the consent you have given to ensure that your data does not reach unauthorised persons.

Some of our websites and presences on social media, as well as events and other projects, are implemented by Hessen’s business development agencies, Hessen Trade & Invest GmbH (HTAI) and HA Hessen Agentur GmbH (Hesse Agency). In this context, the commissioned company receives personal data. The HTAI and Hessen agency are commissioned by us on a project basis and act on our instructions on the basis of an order processing contract.

Depending on the situation, it may be necessary to forward data about you to other bodies within the federal, state or municipal administration in order to process matters. If a situation concerns the supply of digital infrastructure, it may be necessary to transmit personal data to the responsible telecommunications company.

Furthermore, only those external bodies that we have commissioned as service providers on the basis of an order processing contract will receive your data.

17. Automated Decision Making Including Profiling

There is no automated decision-making including profiling.

18. Rights of the data subject

If your personal data is processed, you are the data subject as defined by the GDPR and you have the following rights vis-à-vis the person responsible:

Right to information: According to Art. 15 of the GDPR, you have the right to request information about your personal data processed by us. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data, if not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details.

Right to rectification: in accordance with Art. 16 of the GDPR, you have the right to immediately request the correction of incorrect or incomplete personal data stored by us.

Right to deletion: according to Art. 17 of the GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

Right to restriction: in accordance with Art. 18 of the GDPR, you have the right to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you refuse to delete it and we reject the data and no longer need it, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 of the GDPR.

Right to data portability: according to Art. 20 of the GDPR, you have the right to receive your personal data that you have provided to us in a structured, standard and machine-readable format or to request transmission to another person responsible.

Right of appeal: according to Art. 77 of the GDPR you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our place of business. In the present case, the competent supervisory authority is: The Hessian data protection officer, visitor's address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden, postal address: Postfach 3163, 65021 Wiesbaden, e-mail: Poststelle@datenschutz.hessen.de, Tel.: +49 611 1408 - 0, Fax: +49 611 1408 - 900.

Right of objection: tou have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, in accordance withArticle 6 (1) (f) GDPR. If the personal data concerning you is processed for the purposes of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising.

Right of withdrawal: you have the right to withdraw your consent to the processing of your personal data at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can send a revocation to the e-mail address given when registering/ordering or in all cases to info@htai.de or by post using the address given above..

19. Security in Data Transmission

With regard to data communication in open networks such as the Internet, the protection of the transmitted data cannot be comprehensively guaranteed according to the current state of the art and cannot be completely protected against access by third parties. Therefore, do not send us any confidential data via the Internet (e.g. using a contact form or by e-mail) without adequate protection. However, all forms on this website in which personal data is recorded have been encrypted using the TSL 1.2 protocol. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

20. Change to our Privacy Policy

We reserve the right to occasionally adapt this data protection declaration so that it always complies with the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. If you visit our website again, the current data protection declaration applies.

Status: June 2023

Privacy Policy

1. Provision of the website and creation of log files

2. Contacting us via email

3. Contact form

4. Providing information, promotion of businesses(newsletters, mailings, info post)

5. Registration for events

6. Recording and Streaming of Online Events

7. Taking and publishing photos and videos

8. Registration for contact linking measures at events

9. Provision of (interactive) questionnaires

10. Registration forms for subject-specific databases

11. Use of technically necessary cookies

12. Embedded Videos

13. Embedded Maps

14. Social plug-ins from social network providers

15. Our presence on social media

16. Transfer of Personal Data

17. Automated Decision Making Including Profiling

18. Rights of the data subject

19. Security in Data Transmission

20. Change to our Privacy Policy

Thanks for sharing: