Privacy Policy
Effective Date: January 1, 2024 Last Updated: March 22, 2026
1. Controller
The controller responsible for data processing on this website is:
Prof. Dr. Andreas Heinemann c/o Fachbereich Informatik Hochschule Darmstadt – University of Applied Sciences Schöfferstr. 3 D-64295 Darmstadt Germany
Email: andreas DOT heinemann AT h-da DOT de Phone: +49 6151 553 68 482
For data protection inquiries at Hochschule Darmstadt, you may also contact the institutional Data Protection Officer:
Data Protection Officer of Hochschule Darmstadt Hochschule Darmstadt Schöfferstr. 3 D-64295 Darmstadt Email: datenschutz AT h-da DOT de
2. Overview of Data Processing
We take the protection of your personal data seriously. This privacy policy explains what data we collect when you visit our website, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
3. Hosting and Server Log Files
This website is hosted on infrastructure provided by Hochschule Darmstadt. When you access this website, your browser automatically transmits certain technical data, which is stored in server log files:
- IP address (anonymized where possible)
- Date and time of access
- Requested URL / page
- HTTP status code
- Amount of data transferred
- Referring URL (the page from which you arrived)
- Browser type and version
- Operating system
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in ensuring the secure and efficient operation of the website.
Retention period: Server log files are automatically deleted after 30 days, unless retention is required for security incident investigation.
4. Cookies
4.1 What Are Cookies?
Cookies are small text files stored on your device by your web browser. They help websites function properly and can improve user experience.
4.2 Cookies Used on This Website
This website uses only technically necessary cookies:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
cookie_consent | Stores your cookie consent preference | 365 days | Necessary |
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in providing a functional website. For the consent cookie: Art. 6(1)(a) GDPR.
4.3 Managing Cookies
You can configure your browser to block or delete cookies at any time. Please note that disabling cookies may affect website functionality. Instructions for common browsers:
5. Contact Forms and Email
If you contact us via email or a contact form, the data you provide (name, email address, message content) will be processed solely for the purpose of handling your inquiry.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).
Retention period: Data is deleted once the inquiry has been fully resolved, unless legal retention obligations apply.
6. Third-Party Services and External Content
6.1 Google Fonts (Local)
This website uses Google Fonts that are hosted locally on our server. No connection to Google servers is made, and no data is transmitted to Google.
6.2 External Links
Our website contains links to external websites. We have no control over their content or data protection practices. Please refer to the privacy policies of the respective external sites.
7. OAuth and Single Sign-On (SSO)
If you access services operated by our research group that use OAuth or Single Sign-On authentication, the following data may be processed:
- Username / email address provided by the identity provider
- Authentication tokens (temporary)
- Session identifiers
Legal basis: Art. 6(1)(b) GDPR — necessary for providing the requested service.
Retention period: Session data is deleted upon logout or session expiration. Authentication logs may be retained for up to 90 days for security purposes.
For the specific privacy policy of each service, please refer to the documentation of the respective application.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration, in accordance with Art. 32 GDPR. These measures include:
- TLS/SSL encryption for data in transit
- Regular security updates and patch management
- Access controls and authentication mechanisms
- Regular security assessments
9. Your Rights Under GDPR
Under the General Data Protection Regulation, you have the following rights:
| Right | Article | Description |
|---|---|---|
| Right of Access | Art. 15 GDPR | You may request information about your personal data we process. |
| Right to Rectification | Art. 16 GDPR | You may request correction of inaccurate personal data. |
| Right to Erasure | Art. 17 GDPR | You may request deletion of your personal data, subject to legal retention obligations. |
| Right to Restriction | Art. 18 GDPR | You may request restriction of processing under certain conditions. |
| Right to Data Portability | Art. 20 GDPR | You may request your data in a structured, machine-readable format. |
| Right to Object | Art. 21 GDPR | You may object to processing based on legitimate interests at any time. |
| Right to Withdraw Consent | Art. 7(3) GDPR | You may withdraw any given consent at any time with future effect. |
To exercise your rights, please contact us using the details provided in Section 1.
10. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.
The competent supervisory authority for Hochschule Darmstadt is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit Postfach 3163 65021 Wiesbaden Germany
Phone: +49 611 1408-0 Email: poststelle AT datenschutz DOT hessen DOT de Website: https://datenschutz.hessen.de
11. Changes to This Privacy Policy
We reserve the right to update this privacy policy to reflect changes in our data processing practices or legal requirements. The current version is always available on this page. We encourage you to review this policy periodically.
This privacy policy was last updated on March 22, 2026.