We hereby inform you about the processing of your personal data by us and the claims and rights to which you are entitled under the data protection regulations.

1.  What is the name of the automated processing concerned?

Internet presence of the Make a Difference ideas competition, a project of the Laboratorium Fertigungstechnik at Helmut Schmidt University / University of the Federal Armed Forces

(also known as the Make a Difference idea competition website)

The first page can be reached under the URL https://www.make-a-difference.info/

2.  Who is responsible for data processing and whom can I contact?

The responsible party is:
Laboratorium Fertigungstechnik
Helmut-Schmidt-Universität
Universität der Bundeswehr Hamburg
Holstenhofweg 85
22043 Hamburg

Legal representative (total responsibility):
Dr.-Ing. Tobias Redlich

Professional responsibility:
Dr.-Ing. Tobias Redlich
E-Mail: tobias.redlich@hsu-hh.de

You can contact our data protection officer at:

ADSB der Helmut-Schmidt-Universität / Universität der Bundeswehr Hamburg
Zentrale Verwaltung
Holstenhofweg 85
22043 Hamburg

E-Mail: ADSBUniBwH@bundeswehr.org
Tel. 040 6541 2131

3.  Which sources and data do we use?

We process personal data that we require to provide and deliver the services you use and the services of the Make a Difference ideas competition.

Relevant personal data are personal details (name, address and other contact data, birthday and birth place as well as nationality). In addition, this may also include data about your use of our offered telemedia (e.g. time of accessing our websites, apps, pages clicked on by us or entries) as well as other data comparable to the categories mentioned.

4.  For what we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

In detail, the following data is logged and used for every access to/retrieval of the Make a Difference ideas competition website:

·       the IP address

·       the page called up (from which the file was requested)

·       the name of the file retrieved

·       the date and time of the request

·       the amount of data transferred

·       the access status, i.e. a message as to whether the access/retrieval was successful

·       a description of the type of web browser used

All logging data is processed on the basis of the "Rahmendienstvereinbarung (RDV) über die Protokollierung informationstechnischer Systeme " between the Federal Ministry of Defence and the Main Staff Council at the Federal Ministry of Defence of 3 May 2006.

The protocols are used exclusively for the purposes of

·       monitoring the lawfulness of the processing and use of personal data

·       Examination and assurance of data protection requirements

·       Analysis and correction of technical errors

·       Guarantee of system security

·       Optimisation of the network

·       statistical determination of the total volume of use (see also point 12)

·       Random checks

·       Prevention and detection of criminal offences

·       Evaluation as a measure in the event of violations and misuse (according to the above-mentioned RDV)

·       (see §6 Para. 2 RDV between HPR and BMVg). The purpose of "statistical evaluation" is explicitly stated under point 12.

Personal data is used for access to the content management system of the website, the services and applications offered there, for purposes of identity management, user authorization, change logging and rights checking. The following data is processed

·       Central login data

·       First name, Last name

·       function carrier data (e.g. the e-mail address)

·       the nature, scope and timing of changes to content

·       Roles and rights (control of authorization)

4.1.     On the basis of your consent (Art. 6 para. 1 letter a GDPR)

If you have given us your consent to process personal data for specific purposes, this processing is legal on the basis of your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018.

Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.

5.  Who gets my data?

Within the Helmut Schmidt University / University of the Federal Armed Forces, those departments receive your data which they need to fulfil their official and legal obligations.

Information will only be passed on to third parties on the basis of legal obligations and powers or on the basis of your consent.

6.  How long will my data be stored?

If necessary, we process and store your personal data for the duration of your visit to our website. Logging data of the web server (see 4) is kept for a maximum of 6 months.

Functional data and other voluntary information (e.g. on the jury page under "Jury") are collected from the respective person, who can determine the duration of storage of the data e.g. beyond the employment relationship (see 4.1 and 8.3).

7.  Are data transferred to a third country or an international organisation?

Data are not transmitted to third countries (countries outside the European Economic Area (EEA)).

8.  What data protection rights do I have?

Any data subject has the right of information under Article 15 GDPR, the right to correction under Article 16 GDPR, the right to cancellation under Article 17 GDPR and the right to limitation of processing under Article 18 GDPR. The restrictions according to § 34 and 35 BDSG apply to the right to information and the right of cancellation. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

Information about the processing (for example file name and storage location) can be found in the procedure directory (see 4).

The following paragraphs will inform you in detail about your rights as a data subject.

8.1. Right to information

According to Art. 15 GDPR, data subjects have the right to request confirmation as to whether personal data concerning them are processed. Where this is done, mandatory information on the processing shall be provided and the rights of data subjects shall be notified.

8.2. Right to correction

According to Art. 16 GDPR, data subjects have the right to demand the correction of incorrect personal data concerning them without delay. Taking into account the purposes of the processing, the completion of incomplete personal data, including by means of a supplementary declaration, may be requested.

If you discover incorrect or incomplete information concerning you that cannot be corrected by you, please contact the above-mentioned professional person(s). Alternatively, you can contact the responsible data protection officer at HSU / UniBwH.

8.3. Right to deletion

According to Art. 17 GDPR, the data subject has the right to request that personal data concerning him/her be deleted immediately. The person responsible is obliged to delete personal data immediately under certain circumstances. This applies if

·       personal data is no longer required for the purposes for which it was collected

·       a consent is revoked and another legal basis is missing

·       the person concerned has lodged a justified appeal

·       the personal data are processed unlawfully

The consequence of the deletion of the login data (see 4) is the subsequent exclusion from the editorial system of the Make a Difference ideas competition website.

Logging data is deleted in accordance with RDV of HPR and BMVg of 08.03.2006 (see 4).

Your data will be deleted upon request. The application must be addressed to the person(s) responsible or the data protection officer of HSU / UniBwH.

8.4. Right to limitation of processing

According to Art. 18 GDPR a data subject has the right, under certain conditions, to request a restriction on processing. The following cases are possible:

·       The accuracy of the personal data is disputed by the data subject.

·       The processing is unlawful and the data subject refuses to have his/her personal data deleted.

·       The data controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend legal claims:

The marking to restrict the processing of your data is made on request. If marking is not possible, the data is saved before processing (for example by screenshot). The application must be addressed to the person(s) responsible or the data protection officer of HSU / UniBwH.

·       The data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the responsible person outweigh those of the data subject:

In this case, too, the marking to restrict the processing of your data will be made on request. If marking is not possible, the data is saved before processing (for example by screenshot). The application must be addressed to the person(s) responsible or the data protection officer of HSU / UniBwH.

8.5. Right to objection

Pursuant to Article 21 of the GDPR, a data subject has the right to object at any time to the processing of personal data concerning him/her on the basis of Art. 6 Para. 1 (e) or (f) for reasons arising from his particular situation. The data controller will then no longer process the personal data, unless he can prove compelling grounds for processing worthy of protection, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

In this application, personal data are processed in accordance with Art. 6 Para.1 e GDPR, necessary for the performance of a task in the public interest and in the exercise of official authority, which was transferred to HSU / UniBwH.

The HSU / UniBwH is a service of the Bundeswehr and is organised in terms of tasks, structure and rights in accordance with Hamburg state law.

If a data subject objects to the processing of his/her data, participation in the Make a Difference ideas competition services using technical procedures is no longer possible.

The objection must be addressed to the person(s) responsible or the data protection officer of HSU / UniBwH.

8.6. Right to data transferability

The right to data transferability according to Art. 20 DSGVO entitles data subjects to receive a copy of their personal data in a standard and machine-readable file format.

This right shall not apply to the performance of tasks carried out in the exercise of official authority conferred on the person responsible. This applies to the automated processing of personal data by HSU / UniBwH (see 8.5).

Therefore, the right to data transfer is not given here.

8.7. Right to revoke consent

This right applies in each case with effect for the future.

Since the processing of the personal data of the Make a Difference ideas competition website is authorized by a legal basis - not by consent - there is no right of revocation of consent here.

Information provided voluntarily, for example on a jury page, can be removed independently at any time by the persons authorized for web administration on the affected pages.

8.8.     Right of appeal to a supervisory authority

According to Art. 77 GDPR, any data subject has the right of appeal to a supervisory authority if he or she considers that the processing of his or her personal data is contrary to the GDPR.

The supervisory authority within the meaning of the GDPR is the Federal Data Protection Commissioner and the State Data Protection Commissioner. The Federal Commissioner for Data Protection and Freedom of Information is the responsible supervisory authority for HSU / UniBwH as Bundeswehr agency and upper federal authority.

Regardless of the right of appeal to the supervisory authority, complaints may also be lodged with the Commissioner for Data Protection in the Bundeswehr (BfDBw).

9.      Do I have an obligation to provide data?

Personal data beyond protocol data is not required to view the public website of the Make a Difference ideas competition. The use of the editorial system requires the provision of personal data (see 4). Without this data it is not possible to create and edit Internet pages in the editorial system.

Individual pages, such as the jury page, provide voluntary information (photo, accessibility) entered by the user himself/herself or a commissioned colleague.

10.    To what extent is there automated decision making in individual cases?

Automated decision making according to Art. 22 GDPR does not take place.

11.    To what extent is my data used for profile development (scoring)?

Your personal data is processed automatically. However, no profiling or scoring takes place.

12.   Statistische Auswertung und Verwendung von Cookies

We, respectively our hosting provider, collect the following data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR data on each access to the server on which this service is located (so-called server log files).

In 1&1 Webanalytics, data is collected exclusively for statistical evaluation and technical optimization of the website. 1&1 does not store any personal data of website visitors so that no conclusions can be drawn about the individual visitors. The following data is collected:

·       Referrer (previously visited website)

·       Requested website or file

·       Browser type and browser version

·       Operating system used

·       Device type used

·       Time of access

·       IP address in anonymized form (used only to determine the location of access)

13.    Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we will process the data of users who communicate with us within social networks and platforms, e.g. write articles on our websites or send us messages.

14.    Integration of third-party services and content

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and operation of our online offer within the meaning of Art. 6 Para. 1 letter f. GDPR) content or service offerings of third parties are used on our website to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").

This always presupposes that the third party providers of this content perceive the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. "Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as may be linked to such information from other sources.

14.1.  1&1

An order processing contract was concluded between the website owner and 1&1. Tracking and logging are enabled by default. 1&1 does not pass on any data to third parties. For information on data collection and processing for analysis and optimization, see point 12. Further information and references to the data security receive you directly of the hosting provider 1&1 Internet SE under

è  https://hosting.1und1.de/terms-gtc/terms-privacy/

14.2.  Google Fonts

We integrate the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration:

è  https://www.google.com/policies/privacy/,

è  Opt-Out: https://adssettings.google.com/authenticated