Privacy Policy
Overview Privacy Policy
The website https://www.cybersecurity.blog.aisec.fraunhofer.de/en is operated by the Fraunhofer Institute for Applied and Integrated Security AISEC.
The
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11
85748 Garching
Phone +49 89 322 99 86-0
Email: anfragen(at)aisec.fraunhofer.de
is a non-autonomous institution of the
Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.
Hansastraße 27 c
80686 Munich
Website: www.fraunhofer.de
Email: info(at)zv.fraunhofer.de
Editor-in-Chief: Prof. Dr. Claudia Eckert
When you use this website, we, as the data controller, process your personal data and store it for the period necessary to fulfill the specified purposes and legal obligations. Below, we provide information about what data is involved, how it is processed, and what rights you have in this regard.
According to Article 4(1) of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.
Scope
This Privacy Policy applies to data processing on the website https://www.cybersecurity.blog.aisec.fraunhofer.de/en of the Fraunhofer Institute for Applied and Integrated Security AISEC, which refers to this Privacy Policy.
Name and Contact Information of the Data Controller and the Company Data Protection Officer
The data controller is:
Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.
Hansastraße 27 c
80686 Munich
on behalf of its Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11857
48 Garching
(hereinafter “Fraunhofer AISEC”)
Email: presse@aisec.fraunhofer.de
Phone: +49 89 322 99 86-0
Fraunhofer’s Data Protection Officer can be reached at the address listed above: Data Protection Officer, or at datenschutz@zv.fraunhofer.de. You may contact our Data Protection Officer directly at any time with questions regarding data protection law or your rights as a data subject.
Alternatively, our Data Protection Officer is available at datenschutz@zv.fraunhofer.de.
Processing Personal Data and Purposes of Processing
When visiting the website
When you visit our website and access its content, data that may allow for identification is temporarily stored. The browser used on your device automatically sends this information to our website’s server. The following data is collected in this process:
- Date and time of access
- IP address
- Hostname of the accessing server
- Website from which our website was accessed
- Page visited on our website
- Notification indicating whether the request was successful
- Amount of data transferred
- Information about the browser type and version used
- Operating system
The temporary storage of this data is necessary to establish a connection and process your visit to our website so that we can provide you with the content on our website.
Further storage in log files is carried out to ensure the functionality of the website, the security of our IT systems, and the uninterrupted provision of our website, as well as to enable us to investigate any unlawful attacks on it if necessary.
If technical data from your device is processed to enable access to our website, this is done because such data is required under Section 25(1)(2) of the TDDDG.
The IP address is processed for technical and administrative purposes, to establish and maintain a connection, to ensure the security and functionality of our website, and to be able to investigate any unlawful attacks on it if necessary. The legal basis is our legitimate interests pursuant to Article 6(1)(f) of the GDPR.
We cannot directly identify you based on the processing of the data mentioned in the log file. This data is temporarily stored in a log file and deleted after 30 days.
In addition, we use cookies and analytics services when you visit our website. You will find further details on this in the Privacy Policy below.
When registering for a newsletter or other mailing lists
Provided that you have expressly consented in accordance with Art. 6(1)(a) of the GDPR, we use your email address to send you regular updates containing selected information about the work at our institute and/or other Fraunhofer AISEC facilities and/or events. The content sent to you corresponds to the subject matter of our blog, namely applied cybersecurity research.
To receive the newsletter, we collect the following required information:
- Email address
- First name
- Last name
We need your name so that we can address you personally in our newsletter.
We use this information to contact you electronically.
After you sign up, you’ll receive a registration confirmation via email, which you must confirm in order to receive the newsletter (known as a “double opt-in”). This serves as proof that you actually initiated the registration.
You can unsubscribe at any time, for example, via a link at the bottom of each newsletter. Alternatively, you are welcome to send your request to unsubscribe by email to presse@aisec.fraunhofer.de at any time or unsubscribe via the following link: https://www.fraunhofer.de/de/fraunhofer-newsletter-abmeldung.html.
Your email address will be deleted immediately after you revoke your consent to receive the newsletter.
We send our newsletter through the service provider Positive Group Chemnitz GmbH, Schönherrstr. 8, 09113 Chemnitz (“Mailingwork”). The email addresses of our newsletter recipients are stored on the servers of Positive Group Chemnitz GmbH (“Mailingwork”) in Germany on our behalf.
Positive Group Chemnitz GmbH (“Mailingwork”) uses this information to send and analyze the newsletters on our behalf. To this end, we have entered into a data processing agreement with Positive Group Chemnitz GmbH (“Mailingwork”). Through this agreement, Positive Group Chemnitz GmbH (“Mailingwork”) guarantees that it will process the data in accordance with the General Data Protection Regulation and ensure the protection of the data subject’s rights.
Positive Group Chemnitz GmbH (“Mailingwork”) guarantees that personal data is comprehensively protected against unauthorized access. Positive Group Chemnitz GmbH (“Mailingwork”) itself does not use the data of our newsletter recipients to contact them directly or pass the data on to third parties. As a reputable email sender, Positive Group Chemnitz GmbH (“Mailingwork”) is also certified by the Certified Senders Alliance.
When using the comment function
You have the option to publicly comment on blog posts on our website. Your comment will be published below the post you commented on, along with the name you provided.
When using the comment feature, we collect the following required information:
- Name and
- email address
You may also use a pseudonym instead of your name. Your email address is required to submit the comment but will not be published along with your comment. We use your email address only to notify you of any responses to your comment.
In addition, when you submit a comment, we store your IP address, which we delete after 30 days. This storage is necessary so that we can defend ourselves against liability claims in the event of the publication of illegal content.
Data processing in response to your comment is justified within the context of publishing online posts with user reactions and our legitimate interest in the exchange of opinions and information pursuant to Art. 6(1)(f) of the GDPR.
Personal data is processed for the duration of the online post’s publication and is subsequently deleted.
Disclosure of Data
If we disclose personal data that we collect via the website to data processors, we will inform you of this in this Privacy Policy in connection with the respective data processing operation, specifying the specific recipient.
Otherwise, we will only disclose your personal data if
- you have given your explicit consent in accordance with Article 6(1)(a) of the GDPR;
- this is necessary, pursuant to Article 6(1)(b) of the GDPR, for the performance of a contract with you (for example, when disclosing data to shipping companies for the purpose of delivering the goods you have ordered, or when disclosing payment data to payment service providers or financial institutions to process a payment transaction);
- there is a legal obligation to disclose the data pursuant to Article 6(1), first sentence, letter c of the GDPR.
The recipients may use the transferred data exclusively for the purposes stated.
Cookies
General Information
We use cookies on our website. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, Trojans, or other malware.
Information related to the specific device you are using is stored in the cookie. However, this does not mean that we thereby gain direct knowledge of your identity.
Overview of the cookies we set:
Cookie Name | Category | Purpose | Cookie content (type and scope of processing) | Service | Retention Period | Data Controller / Cookie Provider | Cookie Type |
pll_language | Essential | Selected website language | Stores the user’s selected website language setting (language code). | Polylang | 1 year | www.cybersecurity.blog.aisec.fraunhofer.de; WP SYNTEX, 8 rue Joseph Cugnot, (38307) BOURGOIN JALLIEU, France | HTTP cookie |
wfwaf-authcookie-* | Essential | Authentication token to identify logged-in users and thereby reduce the load on the firewall | Stores temporary authentication information to verify whether the current user is authorized to access protected areas of the website. | Wordfence | 1 year | www.cybersecurity.blog.aisec.fraunhofer.de; Defiant, Inc., 1700 Westlake Ave N Ste 200, Seattle, WA 98109, USA | HTTP cookie |
wf_loginalerted_* | Essential | Unique value used to detect logins and suspicious login activity from new devices or unknown locations | Stores a technical identifier that records that a security notification has already been triggered for a login session. | Wordfence | 1 year | www.cybersecurity.blog.aisec.fraunhofer.de; Defiant, Inc., 1700 Westlake Ave N Ste 200, Seattle, WA 98109, USA | HTTP cookie |
wfCBLBypass | Essential | Unique value that allows users to visit the website despite regional restrictions | Technical identifier used to manage security checks and exceptions for the Wordfence firewall. | Wordfence | 1 year | www.cybersecurity.blog.aisec.fraunhofer.de; Defiant, Inc., 1700 Westlake Ave N Ste 200, Seattle, WA 98109, USA | HTTP cookie |
wfls-remembered-* | Essential | Token used to recognize users for a specific period of time following two-factor authentication (2FA) | Stores an identifier for a device recognized as trusted to facilitate logins and manage security features such as two-factor authentication. | Wordfence | 30 days | www.cybersecurity.blog.aisec.fraunhofer.de; Defiant, Inc., 1700 Westlake Ave N Ste 200, Seattle, WA 98109, USA | HTTP cookie |
real_cookie_banner* | Essential | Unique identifier for consent, but not for the website visitor. Audit hash for the cookie banner settings (text, colors, functions, service groups, services, content blockers, etc.). IDs for services and service groups consented to at . | Stores the consent and privacy settings (consent status) selected by the user regarding the use of cookies and similar technologies. | Real Cookie Banner | 1 year | https://www.cybersecurity.blog.aisec.fraunhofer.de; devowl.io GmbH | HTTP cookie |
real_cookie_banner*-tcf | Essential | Consents collected under the TCF, stored in TC string format, including TCF vendors, purposes, special purposes, features, and special features. | Stores the user’s consent decisions in accordance with the Transparency and Consent Framework (TCF), including consent or refusal regarding processing purposes, vendors, and special features. | Real Cookie Banner | 1 year | https://www.cybersecurity.blog.aisec.fraunhofer.de; devowl.io GmbH | HTTP cookie |
real_cookie_banner*-gcm | Essential | The consents collected in Google Consent Mode for the various consent types (purposes) are stored for all services compatible with Google Consent Mode . | Stores the user’s consent decisions for Google Consent Mode, particularly regarding analytics, advertising, and personalization purposes, to enable data protection-compliant control of Google services. | Real Cookie Banner | 1 year | https://www.cybersecurity.blog.aisec.fraunhofer.de; devowl.io GmbH | HTTP cookie |
real_cookie_banner-test | Essential | Cookie set to test the functionality of HTTP cookies. | Stores technical test information to verify whether cookies can be set and read in the user’s browser. | Real Cookie Banner | Deleted immediately after the test. | https://www.cybersecurity.blog.aisec.fraunhofer.de; devowl.io GmbH | HTTP cookie |
real_cookie_banner* | Essential | Unique identifier for consent, but not for the website visitor. Audit hash for the cookie banner settings (text, colors, functions, service groups, services, content blockers, etc.). IDs for services and service groups for which consent has been given. | Stores the consent and privacy settings selected by the user in the browser’s local storage, including consent status for cookie categories and services. | Real Cookie Banner | Stored only until consent is documented on the website server. | https://www.cybersecurity.blog.aisec.fraunhofer.de; devowl.io GmbH | Local Storage |
real_cookie_banner*-tcf | Essential | Consents collected under the TCF are stored in TC-string format, including TCF vendors, purposes, specific purposes, functions, and specific functions. | Stores the user’s consent information in accordance with the Transparency and Consent Framework (TCF) in the browser’s local storage, including consent status, purposes, providers, and legitimate interests. | Real Cookie Banner | Stored only until consent is documented on the website server. | https://www.cybersecurity.blog.aisec.fraunhofer.de; devowl.io GmbH | Local Storage |
real_cookie_banner*-gcm | Essential | Consents collected as part of Google Consent Mode are stored in consent types (purposes) for all services compatible with Google Consent Mode . | Stores the user’s consent decisions for Google Consent Mode in the browser’s local storage, specifically for analytics, advertising, and personalization purposes. | Real Cookie Banner | Stored only until consent is documented on the website server. | https://www.cybersecurity.blog.aisec.fraunhofer.de; devowl.io GmbH | Local Storage |
real_cookie_banner-consent-queue* | Essential | Local caching of the selection made in the cookie banner until the server records the consent; the server attempts to record the consent periodically or when the page is refreshed if it is unavailable or overloaded. | Temporary storage of consent changes for technical processing and transmission to third-party services (local storage). | Real Cookie Banner | Local caching of the selection made in the cookie banner until the server records the consent. | https://www.cybersecurity.blog.aisec.fraunhofer.de; devowl.io GmbH | Local Storage |
comment_author_* | Functional | Name of the comment author | Stores the name, email address, and, if applicable, website entered by the user in the comment form so that these fields are automatically filled in when the user submits another comment. | WordPress Comments | 1 year | https://www.cybersecurity.blog.aisec.fraunhofer.de; | HTTP Cookie |
comment_author_email_* | Functional | Comment author’s email address | Stores the email address entered by the user in the comment form so that it is automatically filled in for future comments. | WordPress Comments | 1 year | https://www.cybersecurity.blog.aisec.fraunhofer.de; | HTTP Cookie |
comment_author_url_* | Functional | Comment author’s website | Stores the website URL provided by the user when posting a comment so that the corresponding field can be automatically pre-filled for future comments. | WordPress Comments | 1 year | https://www.cybersecurity.blog.aisec.fraunhofer.de; | HTTP Cookie |
Cookies that are not strictly necessary from a technical standpoint to use a web service you have expressly requested will only be set after you have given your consent. You can provide this consent via the cookie banner displayed when you visit the website. The legal basis for the processing of your data is your consent pursuant to § 25 TDDDG and Art. 6(1)(a) of the GDPR; that is, these cookies are only used with your consent.
Essential Cookies
The processing of personal data in connection with technically necessary cookies is required so that we can provide the web services you have requested. The legal basis for the use of these necessary cookies is Section 25(2)(2) of the TDDDG and Article 6(1), first sentence, subparagraph (f) of the GDPR.
Right to Withdraw Consent
You may at any time revoke your consent to the storage of and access to cookie data with future effect in accordance with Article 7(3) of the GDPR, or object to the use of non-technically necessary cookies in whole or in part.
If you withdraw your consent or object to the use of cookies, we will set a cookie (opt-out cookie) that documents your decision and enables us to implement it. The opt-out cookie applies only to this browser and only to our website, and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a notification always appears before a new cookie is created. However, completely disabling cookies may prevent you from using all features of our website. Your revocation does not affect the lawfulness of the processing activities we have carried out that are necessary to provide you with the website in accordance with Section 25(2) of the TDDDG and Article 6(1)(f) of the GDPR.
Web analysis/Tracking through Leadlab (Wireminds GmbH)
We use the LeadLab service provided by Wiredminds GmbH and its tracking pixel technology on our website to analyze user behavior and optimize our site accordingly. In particular, the service allows us to identify which companies have visited our site. We do not receive any information that directly identifies you.
In connection with the use of LeadLab, tracking pixels are employed to enable a statistical analysis of how visitors use this website. Wiredminds processes this information using a pseudonym in a usage profile for the purpose of analysis and anonymizes it as much as possible.
The data collected in this process is neither used to personally identify you without your separate consent, nor is it combined with personal data about you as the holder of the pseudonym.
To the extent that IP addresses are collected, they are anonymized immediately after collection by deleting the last block of numbers.
Information on data protection at Wiredminds can be found on the company’s website at https://www.wiredminds.de/datenschutz/.
Data processing is based on your consent in accordance with Section 25(1) of the German Telemedia Act (TDDDG) and Article 6(1)(a) of the General Data Protection Regulation (GDPR) to optimize our online services and website for you. You may revoke your consent at any time with future effect. For more information on this, please see the section on cookie revocation. Wiredminds processes the data on our behalf based on a data processing agreement between us and Wiredminds. This agreement ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation (GDPR), guaranteeing the protection of the rights of data subjects.
Social Media Plug-ins
We use so-called social media buttons (also known as social media plugins) on our website. These are small buttons that allow you to share content from our website on social networks via your profile.
If you click on such a button, a connection is established between our website and the social network. In addition to the relevant content, the operator of the social network receives further information, some of which is personal data. This includes, for example, the fact that you are currently visiting our site.
The social media buttons are integrated using the so-called Shariff solution. This solution, developed by Heise and c’t, prevents a connection from being established with a social network simply because you visit a page with a social media button without activating it. This means that information is only transmitted to the social network when you click the button.
We use the following social media plugins:
a) Internet Unlimited Company (formerly Twitter): Share on X
In some cases, information is transferred to the parent company X Corp., based in the U.S., to other X companies, and to external partners of X, all of which may be located outside the European Union. X uses standard contractual clauses approved by the European Commission for this purpose and relies on your consent.
You can find more information about X’s privacy policy here
b) NEW WORK SE (formerly XING SE): Share on Xing
In some cases, information is transferred to other NEW WORK companies and to external partners of NEW WORK, all of which may be located outside the European Union. NEW WORK uses Standard Contractual Clauses approved by the European Commission or other appropriate safeguards in accordance with Article 46 of the GDPR, and relies on the adequacy decisions issued by the European Commission regarding certain countries as well as your consent.
For information on the purpose and scope of data collection, as well as the further processing and use of data by NEW WORK, and your related rights and settings options for protecting your privacy, please refer to XING’s Privacy Policy.
c) LinkedIn Corporation: Sharing on LinkedIn
In some cases, information is transferred to the parent company LinkedIn Corporation, based in the United States, to other LinkedIn companies, and to external LinkedIn partners, all of which may be located outside the European Union. LinkedIn uses standard contractual clauses approved by the European Commission for this purpose.
For more information on data protection at LinkedIn, please see their Privacy Policy.
YouTube
We embed components (videos) from the YouTube video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”) on our website. This is done pursuant to Article 6(1)(f) of the GDPR, where our legitimate interest lies in the seamless integration of the videos and the resulting user-friendly design of our website.
The integration is carried out using a solution that prevents a connection from being established with Google simply because you visit a page with an embedded video without actually playing the video. This means that information is only transmitted to Google when you click on the video to watch it.
In some cases, information is transferred to the parent company Google Inc., based in the United States, to other Google companies, and to Google’s external partners, all of which may be located outside the European Union. Google uses standard contractual clauses approved by the European Commission for this purpose and relies on the adequacy decisions issued by the European Commission regarding certain countries.
For more information on data protection in connection with YouTube, please see Google’s Privacy Policy at https://policies.google.com/privacy/.
Rights of the Data Subject
You have the right:
- pursuant to Article 7(3) of the GDPR, to withdraw your consent at any time. As a result, we may no longer continue processing data based on that consent in the future;
- pursuant to Article 15 of the GDPR, to request information about your personal data processed by us. In particular, you may request information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, erasure, restriction of processing, or objection; the existence of a right to lodge a complaint; the origin of your data, if it was not collected by us; and the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details;
- to request, pursuant to Article 16 of the GDPR, the immediate rectification of inaccurate personal data or the completion of your personal data stored by us;
- pursuant to Article 17 of the GDPR, to request the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims;
- pursuant to Article 18 of the GDPR, to request the restriction of the processing of your personal data, provided that you contest the accuracy of the data, the processing is unlawful but you oppose its erasure and we no longer need the data, but you require it to assert, exercise, or defend legal claims, or you have objected to the processing pursuant to Article 21 of the GDPR;
- pursuant to Article 20 of the GDPR, to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another controller; and
- pursuant to Article 77 of the GDPR, to lodge a complaint with a supervisory authority. As a general rule, you may contact the supervisory authority at your usual place of residence, your place of work, or the location of our association’s headquarters.
Information on your right to object pursuant to Article 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) of the GDPR (data processing in the public interest) and Article 6(1)(f) of the GDPR (data processing based on a balancing of interests); This also applies to profiling based on these provisions under Article 4(4) of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If your objection is directed against the processing of data for the purpose of direct marketing, we will cease such processing immediately. In this case, you do not need to specify a particular situation. This also applies to profiling, insofar as it is related to such direct marketing.
If you wish to exercise your right to object, simply send an email to datenschutzkoordination@zv.fraunhofer.de.
Data Security
All data you personally submit is transmitted using the widely accepted and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure TLS connection, among other things, by the “s” appended to “http” (i.e., https://..) in your browser’s address bar or by the lock icon at the bottom of your browser.
We also employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Validity and Changes to This Privacy Policy
This Privacy Policy is currently valid and is effective as of June 2026.
Due to the ongoing development of our website and the services offered through it, or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. You can access and print the most current version of this Privacy Policy at any time on our website.