Privacy policy
Our company attaches great importance to the protection of personal data and respects your desire for privacy. In the following, we inform you about the collection of personal data when using our website. If you have any further questions regarding the handling of your personal data, please contact our data protection officer.
1. Person responsible
The controller within the meaning of the General Data Protection Regulation (GDPR) is the:
Forschungszentrum Borstel, Leibniz Lungenzentrum,
Parkallee 1-40,
23845 Borstel, Germany
2. How to contact the data protection officer
You can contact our data protection officer at
3. Legal basis of our data processing
The processing of personal data can be based on various legal bases. If we need your data to fulfill a contract with you or to answer your inquiries regarding a contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, whereby a balance is always struck between your interests worthy of protection and our legitimate interests. The legal basis for this is Art. 6 para. 1 lit. f GDPR. Insofar as the processing is necessary to fulfill a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.
Below we explain how we process personal data via our website.
3.1 Data processing when accessing the website
If you use the website for information purposes only, i.e. if you do not contact us via the online form or otherwise provide us with information, we collect the following technical information (log file data):
- Operating system of the terminal device with which you visit our website
- Browser (type, version & language settings)
- The amount of data retrieved
- The current IP address of the terminal device with which you visit our website
- Date and time of access
- The URL of the previously visited website (referrer)
- The URL of the (sub)page that you retrieve on the website
- The Internet service provider of the accessing system
The collection of this data is technically necessary in order to display our website to you and to ensure stability and security. We (and our service provider) regularly do not know who is behind an IP address. We do not combine the data listed above with other data.
The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Since the collection of data for the provision of the website and storage in log files is absolutely necessary for the operation of the website and to protect against misuse, our legitimate interest in data processing prevails at this point.
3.2 Contacting us by e-mail or contact form
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR. If we request information via our contact form that is not required for contacting you, we have always marked this as optional. We use this information to specify your request and to improve the processing of your request. This information is provided expressly on a voluntary basis and with your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. If this involves information on communication channels (e.g. email address, telephone number), you also consent to us contacting you via this communication channel in order to respond to your request. You can of course revoke this consent at any time for the future.
Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.
4. Applications
You can apply to our company via our application portal at https://www.fz-borstel.de/de/arbeiten-am-fzb/stellenanzeigen and by e-mail. Please note that unencrypted e-mails are not transmitted with access protection.
Your data will be used to process your application and to decide on the establishment of an employment relationship. The legal basis is § 26 para. 1 i.V.m. para. 8 sentence 2 BDSG. Furthermore, your personal data may be processed if this is necessary to defend against legal claims asserted against us in the application process. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. The legitimate interest in the processing also lies in the stated purposes.
If there is an employment relationship between you and us, we may process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 (1) BDSG if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the representation of employees' interests arising from a law or a collective agreement, a works or service agreement (collective agreement).
Your application data will not be processed beyond the use described above.
Your personal data will be deleted after completion of the application process after 6 months at the latest, unless deletion conflicts with any other legitimate interests on our part or you have not given us your consent for longer storage. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
5. Use of cookies
Cookies are data that are stored on your computer by a website that you visit and enable your browser to be reassigned. Cookies are used to transmit information to the site that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you make there. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall.
5.1 Transient cookies
These cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
5.2 Persistent cookies
These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
6. Social plugins
This website uses social plugins from the provider(s)
- Linkedin (Operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.)
- X formerly Twitter (Operator: X Corp. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The entity responsible for handling data subject rights within the EU/EEA is Twitter International Unlimited Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland).
- Blue.Sky (Operator: Bluesky, PBLLC, 113 Cherry St # 24821, Seattle Washington 98104-2205, United States.)
- Norden.social (Operator: norden.social e.V., Zum Sebaldsbrücker Bahnhof 1, 28309 Bremen).
- Instagram (Operator: Meta Platforms, Inc., 1601 Willow Road, Menlo Park California 94025, USA. The responsible body for handling data subject rights within the EU/EEA is the Meta Platforms Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland).
These plugins normally collect data from you by default and transmit it to the servers of the respective provider. To ensure the protection of your privacy, we have taken technical measures to ensure that your data cannot be collected by the providers of the respective plugin without your consent. When you call up a page on which the plugins are integrated, they are initially deactivated. The plugins are only activated when you click on the respective symbol, thereby giving your consent for your data to be transferred to the respective provider. The legal basis for the use of the plugins is your consent in accordance with Art. 6 para. 1 lit. a) GDPR, § 25 para. 1 TDDDG (German national law).
Once activated, the plugins also collect personal data, such as your IP address, and send it to the servers of the respective provider, where it is stored. In addition, activated social plugins set a cookie with a unique identifier when the relevant website is accessed. This also allows the providers to create profiles about your usage behavior on websites that you have visited. This happens even if you are not a member of the social network of the respective provider. If you are a member of the provider's social network and you are logged in to the social network during your visit to this website, your data and information about your visit to this website may be linked to your profile on the social network. We have no influence on the exact scope of the data collected from you by the respective provider. For more information about the scope, type and purpose of data processing and about rights and settings options to protect your privacy, please refer to the data protection information of the respective social network provider. These are available at the following addresses:
- Linkedin: https://de.linkedin.com/legal/privacy-policy
- X: https://x.com/en/privacy
- BSky: https://bsky.social/about/support/privacy-policy
- Norden.Social: https://norden.social/privacy-policy
- Instagram: https://www.instagram.com/legal/privacy/
7. Cloudflare
For our website we use the services of CloudFlare Inc, 101 Townsend St, San Francisco, CA 94107 USA.
Cloudflare provides what is known as a Content Delivery Network (CDN). This is a network of globally distributed servers that is able to deliver optimized content to website users. This means that large media files in particular can be delivered via a network of locally distributed servers connected via the Internet. This serves the secure and efficient provision of our website and helps to improve performance and stability.
For this purpose, personal data may be processed in Cloudflare's server log files. Cloudflare also collects statistical data about visits to this website. The data collected includes:
- Name of the website accessed
- Retrieved file
- Date and time of retrieval
- Amount of data transferred
- Notification of successful retrieval
- Browser type and version
- the user's operating system
- Referrer URL
- IP address
- Requesting provider
The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, § 25 para. 2 TDDDG. Our legitimate interest here lies in the smooth and secure operation of our website. You have the right to object to the processing in accordance with Art. 21 GDPR. Whether the objection is successful must be determined as part of a balancing of interests.
Insofar as data is processed outside the EU/EEA, Cloudflare Inc. has certified itself according to the Data Privacy Framework (DPF) program and is listed in the Data Privacy Framework list of the International Trade Administration (ITA). This means that Cloudflare has publicly committed to complying with the DPF obligations and any data transfer to the USA is harmless due to the current adequacy decision of the European Commission of July 10, 2023.
A list of currently certified US companies can be found here: https://www.dataprivacyframework.gov/s/participant-search. More information on the Data Privacy Framework Program can be found on the official website of the ITA: https://www.dataprivacyframework.gov/s/.
Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimization of its own offer. Further information on data processing by Cloudflare, in particular on data protection and data security, can be found at: https://www.cloudflare.com/de-de/privacypolicy/.
8. Newsletter
You can subscribe to our newsletter on our website, which we use to inform you about the latest news, offers and discounts. The legal basis for sending the respective newsletter is your consent in accordance with Art. 6 para. 1 lit. a) GDPR in conjunction with Section 7 para. 2 no. 3 UWG. § Section 7 para. 2 no. 3 UWG or the legal permission according to Section 7 para. 3 UWG.
We use the so-called double opt-in procedure to subscribe to our newsletters. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted after 3 days.
The information received will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter and until you cancel your subscription. We also store your current IP address at the time of registration, the time of registration and the confirmation for up to three years after registration (limitation period). The purpose of this procedure is to be able to prove your registration in case of doubt and, if necessary, to clarify any misuse of your personal data. The legal basis for logging the registration is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in providing proof of consent previously given, see also Art. 7 para. 1 GDPR.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail.
9. Newsletter Tracking
We use rapidmail (rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany) to send newsletters. We use rapidmail to organize and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail's servers in Germany. If you do not wish to be analyzed by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the emails sent with rapidmail contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message have been clicked on. Optionally, links in the email can be set as tracking links with which your clicks can be counted.
The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.
The data will not be transferred to third countries.
The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter.
You have the option to revoke your consent to data processing at any time with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
For more information, please refer to rapidmail's data security information at: https://www.rapidmail.de/datensicherheit.
For more information on rapidmail's analysis functions, please see the following link: https://www.rapidmail.de/wissen-und-hilfe
10. Data transmission
Your data will not be transferred to third parties except in the cases mentioned, unless we are legally obliged to do so, or the transfer of data is necessary for the execution of the contractual relationship or you have previously expressly consented to the transfer of your data.
External service providers and partner companies such as online payment providers or the shipping company commissioned with the delivery will only receive your data if this is necessary to process your order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers come into contact with your personal data, we ensure that they comply with the provisions of the data protection laws in the same way as part of order processing in accordance with Art. 28 GDPR. Please also note the respective data protection notices of the providers. The respective service provider is responsible for the content of external services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.
We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before your personal data is transferred.
11. Data security
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.
12. Your rights
You have the following rights vis-à-vis us with regard to your personal data. To exercise the above rights, please contact us by email at
Forschungszentrum Borstel, Leibniz Lungenzentrum
Datenschutz-Management
Parkallee 2, 23845 Borstel
Germany
12.1 General rights
We will be happy to provide you with information as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal requirements.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
12.2 Rights in data processing according to the legitimate interest
Pursuant to Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 sentence 1 lit. e GDPR (data processing in the public interest) or on Art. 6 para. 1 sentence 1 lit. f GDPR (data processing to safeguard a legitimate interest). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.