Skip to content Skip to footer


This Privacy Policy explains what personal data is collected by the FAIRDOM website.

Privacy Policy

This data protection information, intends to inform our website visitors about how we process personal data or outline you about your rights. We are aware of the sensitive nature of processing personal data and accordingly observe all relevant legal requirements. The protection of your privacy is of utmost importance to us. All processing of your personal data is carried out in compliance with the current General Data Protection Regulation, as well as other data protection regulations.

Person responsible for data processing

HITS gGmbH (Heidelberger Institut für Theoretische Studien)

Vertreten durch: Dr. Gesa Schönberger

Schloss-Wolfsbrunnenweg 35

69118 Heidelberg

Telefon: +49 6221 533 533

Telefax: +49 6221 533 298


Registergericht: Amtsgericht Mannheim

Handelsregister: HRB 337446

Umsatzsteuer-Identifikationsnummer gemäß §27 a Umsatzsteuergesetz: DE232037958

Kontaktdaten des Datenschutzbeauftragten: eprivacy@h-its.orgDefinition of terms

This data protection notice uses the terms of the General Data Protection Regulation (GDPR):

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Restriction of processing” means the marking of stored personal data with the aim of limiting their future processing.

“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

“File system” means any structured collection of personal data accessible according to specified criteria, whether such collection is maintained on a centralised, decentralised or functional or geographical basis.

“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Recipient” means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities which may receive personal data in the framework of a specific investigation mandate under Union or Member State law shall not be considered as recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.

“Third party” means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or the processor.

“Consent” means the freely given specific, informed and unambiguous indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

Processing operations

We collect and process the following personal data about you:

Contact, event, API – Key and master data information if you have provided us with your contact information or registered on our site,

Online identifiers (e.g. your IP address, browser type and version, operating system used, referrer URL, IP address, file name, access status, amount of data transferred, date and time of server request),

for the purpose of contacting you,

for information about our activities and offers,

Contract data (e.g. subject matter of the contract, contract term, contract category),

Application (by post, via e-mail),

Implementation of events,

Video conferences, sound and image recordings,

Social media identifiers.

Data processing purposes

We process your data for the following purposes:

to process our services e.g. openrouteservice,

for quality assurance,

for our statistics.

Legal basis for data processing

Your data is processed on the following legal bases:

your consent according to Art. 6 para. 1 lit. a) GDPR,

for the performance of a contract with you according to Art. 6 para. 1 lit. b) GDPR,

to fulfil legal obligations according to Art. 6 Para. 1 lit. c) GDPR,

for a legitimate interest according to Art. 6 para. 1 lit. f) GDPR.

If we base the processing of your personal data on legitimate interests within the meaning of. Art. 6 para. 1 lit. f) GDPR, such interests are

the improvement of our offer,

the protection against misuse,

the management of our statistics.

Data sources

We obtain the data from you (including via the devices you use). If we do not collect the personal data directly from you, we will also tell you the source of the personal data and, if applicable, whether it comes from publicly available sources.

Transfer/data recipient

In processing your data, we work with the following service providers who have access to your data:

Web analytics tool providers,

Web hosting providers,

Administration service providers,

Video conferencing service providers,

Social media.

Data is transferred to third countries outside the European Union. This takes place on the basis of contractual regulations provided for by law, which are intended to ensure an appropriate level of protection for your data and which you can view on request.

Duration of processing

We only store your personal data for as long as is necessary to achieve the purpose of the processing or for as long as the storage is subject to a statutory retention period.

We store your data, if:

you have consented to the processing, at most until you revoke your consent;

we require the data for the performance of a contract, at most for as long as the contractual relationship with you exists or for as long as statutory retention periods apply,

we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymisation does not prevail.

Your rights

Within specific limits depending on particular circumstances, you have the right to:

request information free of charge about the processing of your data and to receive a copy of your personal data. Among other things, you can request information about the purposes of the processing, the categories of personal data that are processed, the recipients of the data (if the data are passed on), the duration of the storage or the criteria for determining the duration;

rectify your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of the processing;

have your data erased or blocked. Reasons for the existence of a right to erasure/blocking may be, among others, the revocation of the consent on which the processing is based, the data subject objects to the processing, the personal data have been processed unlawfully;

to have the processing restricted;

object to the processing of your data;

withdraw your consent to the processing of your data for the future;

complain to the competent supervisory authority about unlawful data processing.

Further information on data protection

Data protection

We have taken extensive technical and organisational measures to protect your data against possible dangers, such as unauthorised access, unauthorised disclosure, modification or distribution, as well as against loss, destruction or misuse.

In order to protect your personal data from unauthorised access by third parties during transmission, we secure data transmissions using TLS encryption where necessary. This is a standardised encryption procedure for online services, designed especially for internet traffic.

Log files

Each time you access our website, usage data is transmitted by the respective internet browser and stored in our server´s log files. These data records contain the following data:

Domain from which the user accesses the website,

Date, time of access and the IP address of the accessing computer,

website(s) visited by the user within the scope of the offer,

amount of data transferred,

browser type and version,

operating system used,

message as to whether the retrieval was successful.

These log file data records are evaluated anonymously in order to improve our offer and make it more user-friendly, to find and correct errors and to manage our servers.


This website only uses technically necessary or anonymized cookies.

Processing of your personal data in different contexts


We have also included a link (social media icon from Twitter) to our offer on Twitter on our website. If you access this page and use the services of this provider, it is possible that usage data will be collected and possibly stored in server logs. We have no influence on the type and scope of the transmitted or stored data. For more information on the data collected by LinkedIn, its storage and use, please refer to the provider’s privacy policy at


This social network is a service of the service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”). For the integration of videos, we used the extended privacy settings of YouTube, without the use of cookies to record user behavior and so that technical data of the accessing system of the users are not passed on to Google. When you start a video (click on a video), YouTube receives the information that you have accessed the corresponding subpage of our website. The data obtained is transferred to the USA and stored there. This also takes place without a user account with Google. If you are logged into your Google account, Google can assign the above data to your account. If you do not wish this, you must log out of your Google account. Google creates user profiles from such data and uses this data for the purpose of advertising, market research or optimizing its websites. Further information on the protection of personal data by Google is available at


We and our representatives offer various events, for example in the form of workshops, lectures and conferences, which are presented under the heading “Events”. For some of these offers, we ask for registration in advance, in the course of which mandatory information is requested. This includes, in particular, name, title, e-mail, address, and the data required for participation in and implementation of the event. You will find a detailed overview in the respective registration form. The data will be processed for the purpose of fulfilling contractual obligations, including billing and the creation of supporting material for the event, such as lists of participants. For sending information about the respective event as well as important changes, for example in the scope of the offer or due to technical requirements, we use the e-mail address provided during registration to contact you.

The data collected during registration will be stored by us until the purpose for data processing ceases to apply or they are no longer required for the purpose. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be limited to these purposes. The data is therefore blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural person or legal entity. If users request the deletion of their personal data, their data will be deleted subject to a legal obligation to retain it. This does not apply to data that has already been printed and distributed.

GitHub Page

When you visit or use our GitHub Pages, we do not collect any personal data. No analysis takes place, no external sources are included, and no cookies are set by us. GitHub Pages are hosted on servers of Github Inc, 88 Colin P Kelly Jr Street, San Francisco, CA 94107, USA. Information on the handling of user data can be found in GitHub’s privacy policy at

Status of this data protection information

October 2022

We reserve the right to change or update this privacy policy at any time as required to continue to conform to the most recent public policies and legal requirements pertaining to data protection.