“GSI-CERT I German Scientific Institute for Quality, Testing and Certification UG (haftungsbeschränkt)” (“GSI-CERT”) operates a website with general information as well as an interactive area for downloading templates and documents. “GSI - German Scientific Institute for Quality, Testing and Certification” are protected trademarks, see legal information. GSI-CERT places great importance on the protection of privacy and complies with the legal data protection regulations. The following is an explanation of how we handle your personal data.
I. Who is responsible?The responsible party pursuant to data protection law is:
GSI-CERT I German Scientific Institute for Quality, Testing and Certification UG (haftungsbeschränkt, Managing Directors Dr. Yannick Timo Böge James-Loeb-Str. 1182418 Murnau/ Greater MunichGermany
As data protection officers, we have appointed:Dr. Yannick Timo Böge
II. Which processing activities are carried out?Contact formPurpose and legal basisThe data entered by you will be stored for the purpose of individual communication with you.The data entered in the contact form will be processed on the basis of a legitimate interest (Art. 6(1)(f) GDPR).By providing the contact form, we would like to make it easy for you to contact us. The information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions.If you contact us to request an offer, the data entered in the contact form will be processed for the purpose of implementing pre-contractual measures (Art. 6(1)(b) GDPR).
Data recipientsOur website is maintained by a service provider, who acts as our processor.If you send us an inquiry regarding an offer, service providers used by us may receive data for these purposes if they require the data to perform their respective services (e.g., IT services).All service providers are contractually obliged to treat your data confidentially.
Retention periodData will be deleted no later than 6 months after processing the inquiry.If it comes to a contractual relationship, we are subject to the legal retention periods and delete your data after six or ten years.
Mandatory or required provisionThe provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, e-mail address and the reason for the inquiry.
ObjectionPlease read the information on your right to object according to Art. 21 GDPR below.
Accessing our websitePurpose, legal basis and legitimate interestWhen you access our website, i.e., even if you do not register or submit information, information of a general nature will be collected automatically. This information (server log files) contains the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.It is processed in particular for the following purposes: ensuring an unproblematic website connection ensuring seamless use of our website analysis of system security and stability as well as for additional administrative purposesWe also reserve the right to review the server log files retrospectively, should concrete evidence point to illegal use.The processing occurs according to Art. 6(1)(f) GDPR, based on our legitimate interest in improving the stability and functionality of our website.
Data recipientsWe use technical service providers for the operation and maintenance of our website, who are commissioned as our processors.
Retention periodThe data will be deleted as soon as it is no longer required for the reason it was collected. This is generally the case for the data used to make the website available when the respective session has ended.
Mandatory or required provisionThe provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address and cookie ID, the service and functionality of our website are not guaranteed. Further, individual services may be unavailable or limited.Use of cookiesLike many other websites, we use so-called “cookies”. Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website.
I. Use of technically required cookiesPurpose, legal basis and legitimate interestWe use cookies to make our website more user-friendly. Some elements of our website require that the respective browser be identified, even after a page change.The following data will be saved and transmitted in the cookies: Language settingsThe purpose of using technically required cookies is to simplify the use of websites for users. Some features of our website cannot be provided without the use of cookies. For these features, identifying the browser again is necessary, even after a page change.We require cookies for the following applications: Applying language settingsThe processing occurs according to Art. 6(1)(f) GDPR, based on our legitimate interest in the user-friendly design of our website.
Data recipientsRecipients of the data may be technical service providers, who work on the operation and maintenance of our website as the processor. For this, we have the corresponding data processing agreements with the service providers.
Retention periodFor the details on the retention period of the cookies and the technologies used within the scope of these tracking tools, see the cookie notices.
Mandatory or required provisionThe provision of the aforementioned personal data is neither legally nor contractually required. However, without this data the service and functionality of our website are not guaranteed. Further, individual services may be unavailable or limited.
II. Use of cookies that are not technically requiredPurpose and legal basisParts of our websites use “cookies”. These are small text files, hidden behind this standard technology, which are stored on the device you are using and–among other things–make visiting a website more comfortable or more secure. Cookies can also be used to better tailor the offering on a website to the interests of the visitors or generally to improve the offer on the basis of statistical evaluations.We use the web-analysis technologies of the following providers: Google Analytics
The respective legal basis for this processing is your consent (Art. 6 (1)(a) GDPR).
Data recipientsRecipients of the data may be technical service providers, who work on the operation and maintenance of our website as processors. For this, we have corresponding data processing agreements with the service providers.In the cookie and opt-out notices, you will find additional recipients and the details on the technical functionality of the tools and information used as well as how you can prevent the data transfer (tracking).
Retention periodFor the details on the retention period of the cookies and the technologies used within the scope of these tracking tools, see the cookie notices.
Third-country transfersInformation on third-country transfers can also be found in the cookie notices.
Mandatory or required provisionOf course, you can view our website without cookies. Internet browser are regularly configured to accept cookies. In general, you can disable the use of cookies via your browser settings at any time (see “Withdrawal of consent”).Please keep in mind that individual features of our website may not work if you have disabled the use of cookies.
Withdrawal of consentYou will find details on the available options with these tracking tools in the cookie notices.
ProfilingWith the assistance of the tracking tools, the browsing behavior of the website visitors can be evaluated and their respective interests analyzed. For this analysis, we create a pseudonymous user profile.III. Which data protection rights do you have?Every data subject has the right of access (according to Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to object (Art. 21 GDPR) as well as the right to data portability (Art. 20 GDPR).Regarding the right of access and the right of erasure, the restrictions according to sections 34 and 35 of the Bundesdatenschutzgesetz (BDSG, German Data Protection Act) apply.You may withdraw from us your consent to process personal data at any time. This also applies to the withdrawal of declarations of consent that were given to us before the effective date of the General Data Protection Regulation, i.e., prior to 25 May 2018. Please note that the withdrawal is valid only for the future. Processing that occurred before the withdrawal is not affected.Further, there is a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR, in connection with 19 BDSG). You will find a list of supervisory authorities (for the non-public sector) with their addresses at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.IV. Data securityWe handle personal data only as permitted by data protection regulations. We also endeavor to provide all necessary, technical and organizational security measures to adequately protect your personal data at all times against unauthorized access and misuse.If we store or process personal data, it occurs in a high-security data center. In order to protect the security of your data during transfer, we use encryption techniques (e.g., SSL) over HTTPS. Our servers are secured by firewall and virus protection. Back-up and recovery procedures as well as roles and authorization policies are a given for us.When handling data, our employees are obliged to comply with the regulations of the GDPR and the BDSG.Information on your right to object according to Art. 21 GDPRYou have the right at any time, for reasons that arise from your particular situation, to object to the processing of personal data pertaining to you, which occurs pursuant to 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision in accordance with Art. 4(4) GDPR.If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purpose of enforcing, carrying out or defending legal claims.
The objection can be made in any form. Simply send us a letter or e-mail with “Objection” in the subject line, your name, address or other identifiers, and address it to:See contact details above
Information about the cookies and tracking technologies used
Here you can find out which web analysis and tracking tools we use on our website (web tracking, advertising, cookies, plugins, etc.) how they work and how you object who the processing of your personal data in detail or the deletion of the personal data collected can make. Further information can be found in our privacy statement. 
Use of cookiesCookies are used on our website. This standard technology conceals small text files that are stored on the device you are using and that male it possible, among other things, to male visiting a website more convenient or safer. Cookies can also be used to better tailor the offer on a website to the interests of visitors or to improve it in general on the basis of statistical evaluations. 
You can determine yourself whether the browser allows cookies or not. Please note that the functionality of websites may be restricted or even disable if cookies are not allowed. 
Delete cookiesYou can delete individual cookies or the entire cookie inventory via your browser settings. In addition, you will receive information and instructions on how these cookies can be deleted or their storage blocked in advance. Depending on the provider of your browser, you will find necessary information under the following links: Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies Google chrome: https://support.google.com/accounts/answer/61416?hl=de Opera: http://www.opera.com/de/help Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE
You can also prevent scripts from being loaded by default. NoScript allows the execution of JavaScript, Java and other plugins only with trustworthy domains of your choice. Information and Instruction on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/noscript/).
Information about the cookies we useIf you allow us to use cookies through your browser settings or consent, the following cookies can be used on our website: 
Necessary:Name Purpose Expiry DateCookieConsent Stores the user's consent status for cookies on the current domain. 1 yearcookielawinfo-checkbox-advertisement Used to determine if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for compliance with the GDPR of the website. 1 yearcookielawinfo-checkbox-analytics Used to determine if the visitor has accepted the statistics category in the cookie banner. This cookie is necessary for compliance with the GDPR of the website. 1 yearcookielawinfo-checkbox-functional Determines whether the visitor has accepted the cookie consent field 1 yearcookielawinfo-checkbox-necessary Determines whether the visitor has accepted the cookie consent field. 1 yearcookielawinfo-checkbox-performance Stores the user's consent status for cookies on the current domain. 1 yearcookielawinfo-checkbox-others Stores the user's consent status for cookies on the current domain 1 yearPHPSESSID Maintains the user's states on all page requests. Session
Statistic:Name Purpose Expiry Date_ga Registers a unique ID that is used to generate statistical data on how the visitors uses the website. 2 years_gat Used by Google Analytics to limit the request rate. 1 day_gid Registers a unique ID that is used to generate statistical data on how the visitors uses the website. 1 day
As far these cookies can concern personal data, we will inform you about this in the following section.
Use of Google AnalyticsThis website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. In principle, IP addresses on our website are automatically anonymized by Google by shortening them. IP addresses are only transmitted to Google servers in the USA in exceptional cases and anonymized there by shortening them. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install:Browser Add-On zur Deaktivierung von Google Analytics.