Data Protection Information
- Haselnuss-Project -


Haselnuss is a project of the FhS Institute for Secure Information Technology.

The following pertains to the use of this website. As the data controller, we process your personal data collected via our website and store them for the period necessary to achieve the specified purposes and to comply with statutory requirements. The following text informs you of the data we collect, the way we process them and to which rights you will be entitled to in this regard.

Pursuant to Article 4(1) General Data Protection Regulation (GDPR), personal data are all data referring to an identified or identifiable natural person.

1. Scope of this Document

This data protection information shall apply to the project website located at https://haselnuss-projekt.de/.

2. Name and Contact Information of the Person Responsible for Data Processing (Controller) and of the corporate Data Protection Officer

Controller as defined in Article 4(7) GDPR:

Fraunhofer-Gesellschaft
zur Förderung der angewandten Forschung e.V.
Hansastraße 27 c,
80686 Munich

for your Fraunhofer Institute for Secure Information Technology
Rheinstraße 75
64295 Darmstadt
(in the following referred to as „Fraunhofer-SIT“)
Email: info@sit.fraunhofer.de
Telephone: +49 6151 869-399
Fax: +49 6151 869-224

You can reach the Data Protection Officer at Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V., z.H. Datenschutzbeauftragter, Hansastraße 27 c, 80686 Munich or at datenschutz@zv.fraunhofer.de.

Please feel free to contact our Data Protection Officer directly at any time with your questions concerning the Data Protection Law or your rights as data subject.

3. Processing of Personal Data and Purposes of Data Processing

You can access our website without having to disclose the details of your identity. The browser on your terminal device automatically sends information to the server of our website (e.g. browser type and version, date and time of access), for the sole reason as to allow a connection with the website. This also includes the IP address of your requesting terminal device. It is temporarily stored in a so-called log file and automatically deleted after 4 weeks.

The IP address is processed for technical and administrative purposes of connection set-up and stability, in order to guarantee the security and functioning of our website and to be able to track any illegal attacks on the website, if required.

The legal basis for the processing of the IP address is point (f) of the first sentence of Article 6(1) GDPR. Our legitimate interest ensues from the said security interest and the necessity of the unobstructed provision of our website.

We cannot draw any direct conclusions about your identity from the processing of the IP address or other information in the log file.

Furthermore, we place cookies during the visit of our website. For more information about this, please see Sections 5 of this Data Protection Information.

4. Transfer of Personal Data to Third Parties

We only forward your personal data to third parties if:


Third parties may use the transferred data only for the above-mentioned purposes.

There will not be any transfer/transmission of personal data to countries outside the EU or an international organisation.

5. Cookies

We use cookies that are technically necessary for the functions of the website. Cookies are small files, which are automatically created by the browser of the user device and stored in your device (PC, laptop, tablet, smart phone or similar device) when you visit our website. Cookies do not harm your computer, and they do not contain viruses, Trojans or other malware.

Cookies contain information pertaining to the specific device, which accessed our website. However, this does not give us direct knowledge of your identity.

One reason for us to use cookies is making the use of our website more convenient for you. We use session cookies to recognise that you have already visited certain pages of our website.

We also use temporary cookies to optimise the user-friendliness of our website. Your device stores these cookies temporarily for a specific time. The next time you visit our website, our server recognises your device as prior visitor and remembers your settings and preferences. You will not have to enter these parameters again.

The data obtained with the help of cookies serve our legitimate interests and the legitimate interests of third parties according to Article 6 para. 1, page 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you are able to configure your browser in such a way that the application does not store cookies on your computer or always shows an alert before storing new cookies. However, the complete exclusion of cookies may prevent you from using all functions on our website.

6. Your Rights as a Data Subject

You have the following rights:

Information about your right to object pursuant to Article 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, pursuant to point (e) of Article 6(1) GDPR (data processing for the performance of a task carried out in the public interest) and of point (f) of Article 6(1) GDPR (data processing on the basis of legitimate interests). This shall also apply to profiling as prescribed by Article 4(4) GDPR, which is based on this provision.

Once you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defense of legal claims.

To the extent that your objection addresses the processing of data for direct advertising, we will stop the processing immediately. In this case, citing a specific situation is not required. This shall also apply to profiling in as far as it relates to such direct advertising.

If you would like to assert your right to object, an email to datenschutz@zv.fraunhofer.de will suffice.

7. Data security

We transmit all your personal data using the widely used and secure TLS (Transport Layer Security) encryption standard. The TLS protocol is a proven and secure standard that is also used in online banking transactions. You will recognize a secure TLS connection by the s following the http (https://...) in your browser URL or by the lock symbol in the lower section of your browser.

Moreover, we use suitable technical and organizational safety procedures to protect your data against accidental or willful manipulation, partial or complete loss, destruction or against the unauthorized access by third parties. We constantly improve these security measures as the technology advances.

8. Timeliness and Amendments to this Data Protection Information

This data protection information as amended on May 2018 is currently applicable.

Due to improvements of our website and website offers or by virtue of amended statutory or administrative standards, it may become necessary to amend this data protection information. You may find the latest data protection information on this website to read and print at any time.

9. Severability

Should individual provisions of this data protection declaration be or become invalid either in part or in its entirety or prove infeasible at any time, this shall not affect the remaining provisions of this data protection declaration. This shall apply accordingly to gaps in this declaration.