Statement of data protection

The following data privacy statement applies to the use of the Research "Innovative Hochschule" website (hereinafter referred to as “website”).

The Federal Ministry of Education and Research (BMBF) takes the protection of your personal data very seriously which is why personal data is only processed by us as necessary. What data is needed and processed for what purpose and on what basis depends on the type of service that you require or on what task we need it for.

The term ‘personal data’ is used here to refer to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

This statement on data protection provides you with detailed information on what data is collected for what purpose and on what basis, how you can contact the ‘data controller’ (the responsible entity) and the Data Protection Officer and what rights you have concerning the processing of personal data.

1. Data Controller and Data Protection Officer

The entity which has responsibility for the processing of personal data (the ‘controller’) is the

Federal Ministry of Education and Research (BMBF)

D-53170 Bonn
telephone: +49 (0)228 9957-0
fax: +49 (0)228 99578-3601
electronic mail: DE-Mail:

If you have specific questions concerning the protection of your data please contact the BMBF’s official Data Protection Officer:

Federal Ministry of Education and Research (BMBF)
“Data Protection Officer“
D-53170 Bonn
telephone: +49 (0)228/9957-3369
fax: +49 (0)228/9957-8-3369
electronic mail:

This statement on data protection provides you with an overview of how the Federal Ministry of Education and Research (BMBF) ensures the protection of your data and what types of data are collected and for what purpose and on what basis.

2. Processing of data resulting from your visit to this website

This website is maintained on behalf of the BMBF by the "Innovative Hochschule" (Innovative University) Project Management Agency, VDI Technologiezentrum GmbH (VDI TZ).

Whenever a website is visited, certain data is collected and exchanged which is needed to provide the necessary service, namely:

  • IP address
  • your browser type and version
  • the operating system used
  • the web page accessed
  • the page previously visited (referrer URL)
  • the time of server request

After your visit to the website, this data is stored in log files on an external server at our service provider “Net-Build GmbH“.

When using this general data and information, this service provider does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website for you, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. This anonymously collected data and information is therefore evaluated by the service provider both statistically and with the aim of increasing data protection and data security in order to ultimately ensure an optimal level of protection for the processed personal data. The data of the server log files are stored separately from all personal data provided by a data subject. The legal basis for this processing is Article 6 (1) (e) General Data Protection Regulation (GDPR) in conjunction with § 3 BDSG and § 5 BSIG.


If you have given your consent in accordance with Article 6 (1) (a) of the GDPR, the BMBF, together with its service provider contracted for support and development „VDI Technologiezentrum GmbH“, will analyse information on your use of our website for statistical purposes as part of public relations work and for the purpose of providing information on tasks within the BMBF’s remit as needed.

It does so using the Matomo web analytics service.

The software uses permanent cookies to recognize visitors returning even after longer periods of time. This information is stored as a text file on the hard drive of the user’s computer. The cookie is valid for 13 months after which it deletes itself.

The software also uses session cookies. Session cookies are small information units that are stored by the provider of a website in the active memory of the visiting user’s computer. A randomly generated, unique ID number, a so-called session ID, is stored in a session cookie. A cookie also contains information on its origin and the period of time it is to be stored on a computer. These cookies cannot store any further types of data. The software uses session cookies to provide for the unambiguous identification of visitors.

The following data is stored when individual pages of our website are accessed:

• Two bytes of the IP address of the user’s retrieving system (anonymous)
• The accessed web page
• The website from which the user reached the accessed web page (referrer)
• The sub-pages loaded via the accessed web page
• The length of time spent on the web page
• How often the page has been accessed

The software is configured so that IP addresses are stored incomplete with 2 bytes concealed (e.g. This makes it impossible for the shortened IP address to be linked to the retrieving computer, meaning that you remain anonymous as the user.

The relevant software runs only on the web servers of the service provider “ITZBund” on behalf of the BMBF. These are the only servers where information on your use of the website is stored. No data is disclosed to third parties.

If you want to modify your decision regarding use of the cookie for web analytics purposes and give your consent or withdraw it again, you can do this by changing your settings before continuing your visit. The default setting for web analytics is that they are disabled.

Cookies and data transfer

Please note that the provider YouTube or Google is based in a so-called third country, in this case the USA, within the meaning of the GDPR. In its decision of July 16, 2020, Case C-311/18 ("Schrems II"), the European Court of Justice (ECJ) declared the European Commission's adequacy decision on the EU-US data protection obligation (Privacy Shield Decision 2016/1250) to be invalid. There is no level of data protection in the USA that is essentially comparable to European data protection standards.

As a result, there is no valid adequacy decision by the European Commission regarding the transfer of personal data to the USA within the meaning of 45 (1), (3) GDPR. Furthermore, there are no so-called appropriate safeguards within the meaning of Art. 46 para. 2, 3 GDPR, which enable a corresponding level of protection without further measures. It therefore cannot be ruled out that a company based in the USA may grant government agencies access to the processed personal data. Personal data could therefore be passed on to third parties under certain circumstances. Data subjects' rights may not be enforced.

Therefore, the transmission of data (IP address) in the context of the use of YouTube or Google is only possible with your express consent in accordance with Article 49 (1) (a) GDPR. If you do not give this consent or do not agree to it, you will not be able to use the providers' services.

3. Gathering of personal data when you contact us

This website contains information that enables a quick electronic contact to us, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller or service provider by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. The legal basis for this is Art. 6 para. 1 lit. a) GDPR or Art. 6 para. 1 lit. e) GDPR in conjunction with Section 3 BDSG.

Your transmitted data will only be stored to process your request and in accordance with the legal and contractual requirements. If your request cannot be processed by the employees of our service provider "VDI Technologiezentrum GmbH", it will be forwarded to the BMBF.

The employees of the BMBF will only process the transmitted data in connection with the processing of your request. In these cases, the storage of the transmitted data is governed by the deadlines for the storage of documents set out in the Registry Directive, which supplements the Joint Rules of Procedure of the Federal Ministries (GGO).

If the matter concerns another service provider or funding recipient of the BMBF or can only be answered by them, your request and the personal data required for processing will be forwarded to them. The latter will only process your data to handle your request and in accordance with the legal and contractual requirements.

In these above-mentioned cases, the data will be passed on on the basis of Article 6(1)(e) GDPR in conjunction with Section 3 BDSG as part of the BMBF's task fulfillment.

Furthermore, it may be necessary to pass on your existing personal data to the authorities supervised by us in connection with your request as part of the exercise of technical and legal supervision. In these cases, the transfer takes place on the basis of §25 para. 1 BDSG i.V.m. § Section 23 para. 1 no. 6 BDSG.

In accordance with Section 1 of the Act on the Powers of the Petitions Committee of the German Bundestag, the BMBF is obliged to transmit your personal data to the Petitions Committee of the German Bundestag for the preparation of resolutions on complaints in accordance with Article 17 of the Basic Law.

4. Processing of personal data in the context of sending the newsletter

To subscribe to the newsletter offered on our website, you can register using our form. We use the so-called double opt-in procedure, in which you first receive a confirmation link via e-mail after entering your e-mail address. Registration is only complete once you have clicked on this link and verified your email address.

We use an e-mail marketing tool from Mailingwork GmbH to send our newsletter. This service is provided outside the website and is therefore subject to its own terms of use and data protection provisions. If you follow the newsletter link on this website, you will be redirected to a registration form at Mailingwork; there you can view the privacy policy for the use of the newsletter and agree to the terms of use.

The data for the newsletter is processed on the basis of your consent in accordance with Article 6(1)(a) GDPR. You can revoke your consent to the storage of the data and its use for sending the newsletter at any time, e.g. via the unsubscribe link in the newsletter. The lawfulness of the processing based on your consent remains unaffected until receipt of your revocation.

5. Social networks

This website may offer the option of sharing content via the social networks Facebook or Twitter. This ensures that no data is sent to the social network until the user has clicked on the share function.

We would like to point out that the terms of use of these services and their operators are not subject to the control of the BMBF. These services store and process the personal data of their users (e.g. personal information, IP address, etc.) in accordance with their own guidelines. The BMBF has no influence on the collection of data and its further use by the social networks. For example, there is no information about the extent to which, where and for how long the data is stored, the extent to which the networks comply with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on. To find out what rights and settings options you have to protect your privacy, please refer to the respective data protection notices of these providers.

In this context, please also note the information on the subject of data transfer under point 2 (Data processing when visiting this website) of this privacy policy.

6. Your rights

You have the following rights vis-à-vis the data controller concerning your personal data:

  • right of access (Article 15 GDPR)
  • right to rectification (Article 16 GDPR)
  • right to erasure (Article 17 GDPR)
  • right to restriction of processing (Article 18 GDPR)
  • right to object to collection, processing and/or use (Article 21 GDPR)
  • right to data portability (Article 20 GDPR)

If the personal data is processed on the basis of your consent (in accordance with Article 6 (1) (a) GDPR), you can withdraw your consent at any time for the purpose in question. The lawfulness of processing your personal data on the basis of the consent provided by you remains valid until your withdrawal of consent has been received.

You may exercise the aforementioned rights by sending an e-mail to bmbf[at] or poststelle[at]

You also have the right to submit a complaint to the supervisory authority under data protection law (Federal Commissioner for Data Protection and Freedom of Information, BfDI).

Questions and complaints may also be addressed to the BMBF’s Data Protection Officer: datenschutz[at]