Supercomputing in Deutschland

Privacy Policy

Information on data protection

As of June 2025

The personal data processed on this website is subject to the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the State Data Protection Act of Baden-Württemberg (LDSG BW).

1. Responsible in terms of data protection law

University of Stuttgart
Keplerstraße 7
70174 Stuttgart
Germany
Telephone: +49 711 685-0
Email

2. Data protection officer

University of Stuttgart
Data protection officer
Geschwister-Scholl-Str. 24b
70174 Stuttgart
Telephone: +49 711 685-83687
Email

3. Preliminary note

This website is hosted externally. The personal data collected on this website is stored on the servers of the host/hosts. This may include IP addresses, contact enquiries, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfil their service obligations and will follow our instructions regarding this data.

We use the following host(s):
Telekom Deutschland GmbH
Landgrabenweg 149
D-53227 Bonn

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

4. Unless otherwise specified on the respective web pages, personal data is collected as follows:

4.1 Provision of the website and creation of log files

4.1.1 Description and categories of data

When you visit these web pages, your browser transmits data to our web server. The following data is temporarily recorded in a log file during an active connection:

  • IP address of the requesting computer
  • Date and time of access
  • Name, URL and amount of data transferred for the file accessed
  • Access status (requested file transferred, not found, etc.)
  • Browser type and operating system (if transmitted by the requesting web browser)
  • Website from which access was made (if transmitted by the requesting web browser)

The data in this log file is processed as follows:

  • The log entries are continuously evaluated automatically in order to detect attacks on the web servers and respond accordingly.
  • In individual cases, i.e. in the event of reported malfunctions, errors and security incidents, a manual analysis is carried out.

4.1.2 Purpose

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in a log file to ensure the functionality of the website. In addition, the data helps us to optimise the website and to ensure the security of our information technology systems. The IP addresses contained in the log entries are not merged with other data unless there are actual indications of a disruption to normal operation.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6(1)(f) GDPR.

4.1.3 Legal basis

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

4.1.4 Recipients

If investigative measures are initiated due to attacks on our IT systems, the data and log files mentioned in section 4.1.1 above may be passed on to state investigative bodies (e.g. police, public prosecutor's office).

The same applies if the relevant authorities and/or courts submit requests to HLRS and HLRS is obliged to comply with these requests.

4.1.5 Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended.

The data stored in log files is completely deleted after fourteen days.

4.1.6 Consequences of non-disclosure, objection or removal options

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Users who do not want their data to be processed as described can contact HLRS via alternative channels (by telephone, in writing, in person) to obtain the relevant information or carry out the relevant processes.

4.2 Use of cookies

See Cookie Policy.

4.3 Use of WP Statistics and Burst Statistics

4.3.1 Description and categories of data

We use the open source software tools WP Statistics and Burst Statistics on our website.

When individual pages of our website are accessed, the following data is temporarily stored:

  • Two bytes of the IP address of the user's accessing system (the software is set up so that the IP addresses are not stored in full, but rather 2 bytes of the IP address are masked (e.g. 168.xxx.xxx). This means that it is no longer possible to assign the truncated IP address to the accessing computer).
  • The accessed website
  • The website from which the user accessed the accessed website (referrer)
  • The subpages accessed from the accessed website
  • The length of time spent on the website
  • The number of times the website was accessed

The software runs exclusively on our website's servers. User data is only stored there. The data is not passed on to third parties.

Personal data is only processed temporarily insofar as the complete IP address is processed until it is stored in volatile memory.

4.3.2 Purpose

The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to improve our website. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6(1)(f) GDPR. The anonymisation of the IP address sufficiently takes into account the interests of users in the protection of their personal data.

4.3.3 Legal basis

The legal basis for the temporary processing of users' personal data until the shortened IP address is stored is Art. 6 (1) lit. f GDPR.

4.3.4 Recipients

None.

4.3.5 Duration of storage

As the IP address is already stored in shortened form, it no longer has any personal reference.

4.3.6 Consequences of non-disclosure, objection or removal options

Our website respects the ‘Do Not Track’ setting in your browser.

5. Your rights

  • You have the right to obtain information from the University of Stuttgart about the data stored about you and/or to have incorrectly stored data corrected.
  • You also have the right to have the data deleted or its processing restricted, or to object to its processing.

To do so, please send an email to recht(at)hlrs.de.

  • You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates the law.

The competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg..

Postal address::
Lautenschlagerstraße 20
70173 Stuttgart

Postal address:
Postfach 10 29 32
70025 Stuttgart
Telephone: +49 711/615541-0
Fax: +49 711/615541-15

Email: poststelle(at)lfdi.bwl.de

6. Additional information on social media elements

Our website uses components from various third-party providers to make additional content available. These include YouTube videos, for example.

If we were to embed the social media elements provided by third-party providers directly into the website, the URL of the website currently being loaded, the IP address and, if applicable, other information (e.g. browser type) would be transmitted to the third-party provider as soon as the website on which they are integrated is loaded, and third-party cookies may also be set. This would also happen if you are not registered with the third-party provider or are not a member.

If you were also logged in to the third-party provider when you visited the website, they could assign further information to your user account there (e.g. which video you are watching, which comments you are making, which information you are sharing, etc.).

For this reason, our websites do not directly embed social media elements from third-party providers. Instead, we use solutions that only establish a connection to the third-party provider's server and trigger the associated data processing after you have consciously clicked on the social media element.

Please note that the data processing triggered by this is beyond the control of the university and that the data protection regulations of the third-party providers must be observed.

Here are some of the data protection regulations:

If you do not agree with the data processing as described above and by the third-party provider, please do not click on the social media element.

7. Obligation to provide data

Within the framework of a business relationship or projects, etc. (e.g. computing time supply contracts or other contracts, etc., grand agreements, consortium agreements, cooperation agreements, confidentiality agreements, letters of intent, etc.), you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations, or that we are legally obliged to collect.

Without this data, we will generally have to refuse to conclude the contract or execute the order, or we will no longer be able to perform an existing contract and may have to terminate it.

8. Validity and currency

This privacy policy is effective immediately and replaces all previous policies. Further development may make it necessary to revise this privacy policy. We reserve the right to change the privacy policy at any time with future effect and recommend that you familiarise yourself with the current privacy policy if necessary. This is linked in the footer of the website www.supercomputing-in.de.