Privacy Policy – ISEC 2025

Personal data is any data that can be used to identify you personally.

This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

As the operator of this website, we take the protection of your personal data very seriously. I treat your personal data confidentially and in accordance with the law and this privacy policy.

I would also like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

1 General information

The responsible provider of this website in terms of data protection law is

CiS Solutions GmbH
Konrad-Zuse-Str. 14
99099 Erfurt

Phone: +49 361 663 1410
E-mail: info@cis-solutions-gmbh.de
URL: https://www.cis-solutions-gmbh.de

Managing directors: Prof Dr Thomas Ortlepp and Thomas Brock
Jena Local Court, HRB 522510

Data protection officer:
No data protection officer has been appointed, as none of the criteria specified in GDPR Article 37 (1) and Section 38 BDSG (19) apply.

To assert your rights, report data protection incidents and for suggestions and complaints regarding the processing of your personal data and to withdraw your consent, please contact the controller named above.

1.1 Legal bases

Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. In addition to the provisions of the GDPR, other national data protection regulations may apply.

Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) – The data subject has given their express consent to the processing of their personal data for a specific purpose or several specific purposes. You can withdraw your consent at any time with effect for the future. Processing that took place before the revocation is not affected by this.
Contract fulfilment and processing of pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject, such as in the context of statutory retention obligations for business documents.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

1.2 Security measures

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures serve in particular to ensure the confidentiality, integrity and availability of data, services and systems, the input, disclosure, safeguarding of availability and separation of data. We have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

1.3 Deletion of data

Your data processed when using our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information is provided below on individual processing procedures.

2 Provision and use of the website / server log files

In order to provide our online services securely, we use the services of external web hosting providers with whom we have concluded an order processing agreement. This is a contract that is required by data protection law and ensures that the personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.

SSL encryption (https): In order to protect your data transmitted via our website, we use SSL encryption. You can recognise such encrypted connections by a lock symbol or the prefix https:// in the address bar of your browser.

2.1 Hosting and server logs

Purposes of processing: For technical reasons, in particular to ensure a secure and stable Internet presence and convenient use of our website, data is transmitted to us or our web host by your Internet browser and stored in so-called server log files.

Processed data types: These server log files include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and language and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, the IP address of the requesting device and the requesting provider.

The data collected in this way is stored temporarily, but not together with other data about you.

Data subjects: Users/visitors to our website

Legal basis: This storage takes place on the legal basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
If a corresponding agreement has been requested on our website, the processing is based solely on Art. 6 (1) (a) DSGVO (German Data Protection Regulation). This agreement can be revoked at any time.

Recipient of the data: The log data is received by our web host, who works for us as part of an order processing contract.

Service providers used:

ALL-INKL.COM – Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany; Website: https://all-inkl.com; Privacy Policy: https://all-inkl.com/datenschutzinformationen/

Storage period: The data will be deleted after 7 days at the latest, unless further storage is required for evidence purposes. Otherwise, the data will not be deleted in whole or in part until the incident has been finally clarified.

Disclosure to third parties: The log data (access, browser type and language, date and time of access, IP address) will not be passed on to third parties – with the exception of our web host. Our web host reserves the right to subsequently check the above-mentioned log data if there are concrete indications of unlawful use.

Right to object: You have the right to object to the processing of the above-mentioned log data. If you wish to exercise your right to object, simply send an email to info@cis-solutions-gmbh.de.

You are neither legally nor contractually obliged to provide your personal data. However, failure to do so may mean that you cannot use our website or cannot use it to its full extent.

2.2 Content management system

Our website uses WordPress with the following plugins:

Classic Editor
Insert HTML snippet
Pretix widget
New photo gallery
Superb addon

These plugins only process data to the extent necessary to display the website.

3 Submission of conference contributions and participation in conferences

We integrate an online conference management system via our website that is used to plan, organise and hold specialist conferences.

We also provide an e-ticket system via our website, which participants can use to pay participation fees.

Processed data types and data subjects:

Participant data

We collect the following data during registration:

Personal master data (name, affiliation)
Communication data (telephone, e-mail)
Contract master data
Customer history
Contract billing and payment data
Planning and control data

Additional data from speakers

Additional data is collected from speakers:

Content of the speech
Names of co-authors
Biographical information for the conference programme

Programme committee

From members of the programme committee we process:

Names, titles
University/organisation
Communication data (not public)

Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR). Our legitimate interest lies in planning and ensuring a smooth process for each participant.

Recipient of the data: The above-mentioned data is received by our company and the processors we use. Within our company, we ensure that only those persons are given access to your data who are authorised to do so on the basis of contractual or legal obligations.

Service providers used (processors):

IVAM e.V. Microtechnology Network. We use IVAM to support the organisation of the conference, to manage the Pretalx conference tool and to support the communication and support of conference participants.
Pretalx . We use Pretalx for the selection of presentations. As a submitter or speaker, all your submitted data will be stored on pretalx.com’s servers in Germany and (with the exception of your passwords) shared with the conference organisers. Some data will be published once your presentation has been accepted. Conference participants are not tracked through the use of cookies.
Pretix. We use Pretix for ticket sales. When you purchase a ticket, Pretix uses cookies to track your shopping basket and improve the ordering process. All data transmitted to Pretix is located on servers in Germany.
Mollie. We use Mollie to process credit card payments when purchasing tickets for our conferences. As we cannot easily process cash payments or bank transfers, this is the only payment method we offer participants for purchases on our websites.

Storage period: We delete the data once the contract has been fully processed, but must observe the retention periods under tax and commercial law.

Disclosure to third parties: As part of contract processing, we pass on your data to co-organisers/organisers, to the programme committee, to processors and to financial service providers, insofar as the transfer is necessary for payment purposes. The legal basis for the transfer of data is then Art. 6 para. 1 lit. b) GDPR.

Right to object: You have the right to object to the processing of your personal data. If you wish to exercise your right to object, simply send an email to info@cis-solutions-gmbh.de.

4 Processors, service providers, joint controllers

We use third parties as processors and ancillary service providers. To ensure data protection, we have concluded a data processing agreement with processors who process data exclusively on our behalf and in accordance with our instructions.

4.1 Event management

We use the IVAM e.V. Microtechnology Network, Joseph-von-Fraunhofer-Str. 13, DE-44227 Dortmund, e-mail: info@ivam.de, telephone: +49 231 9742 168 for

the administration of the conference management system pretalx,
setting up and maintaining the pretix ticket shop and
support of conference participants and speakers.

4.2 Submission of contributions

We use pretalx (operator: rixx.de software development, Tobias Kunze, Mühlenbecker Weg 1, 16515 Oranienburg, VAT ID: DE309062289, e-mail: support@pretalx.com, telephone: +49 6201 71 09 778) via our processor IVAM for the following purposes

Submission of contributions
Abstract management
Review process
Server location: Germany (Hetzner Falkenstein, backup at netcup Nuremberg) Details: https://pretalx.com/p/privacy

4.3 Ticketing

For ticket booking, we use pretix (operator and processor: rami.io GmbH, Berthold-Mogel-Straße 1
69126 Heidelberg, Germany, e-mail: support-pretix.eu, telephone: +49 6221 32177-50

Server location: Germany
Details: https://pretix.eu/about/de/privacy

4.4 Payment processing

Payment for admission tickets to the conference will be processed in the pretix e-ticket system via the external payment service provider Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, Netherlands, e-mail: info@mollie.com, telephone: +49 89 201 940 95.

Only credit card payment is permitted as a payment method.

Credit cards such as Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html) or American Express (https://www.americanexpress.com/de/legal/datenschutzrichtlinien.html)

When you make the payment, the payment data you enter will be transmitted to both Mollie and the payment provider you have chosen. The transmission of your data to Mollie is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract).

You have the option to withdraw your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.

Payment transactions are subject to the terms and conditions and the data protection notices of the respective payment service providers, which can also be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of cancellation, information and other data subject rights. Details on payment via the payment service provider Mollie can be found at the following link: https://www.mollie.com/de/privacy

Mollie is the controller within the meaning of the General Data Protection Regulation (EU) 2016/679.

4.5 Consultancy, scientific support and scientific communication

We use CiS Forschungsinstitut für Mikrosensorik GmbH, Konrad-Zuse-Str. 14, 99099 Erfurt, Germany, e-mail: info@cismst.de, telephone: +49 361 663 1410 for consulting, scientific support and scientific communication of our specialist events under joint responsibility.

5 Communication

5.1 By telephone:

You can contact us via the telephone number published on our website.

Types of data processed: Telephone number, date and time of your call as well as information resulting from the conversation and, if necessary – on request – your surname, first name and e-mail address.

Purposes of processing: Your data is processed in order to process your contact enquiry and to be able to contact you to answer your enquiry.

Data subjects: Communication partners, business and contractual partners

Legal basis: The above-mentioned data is processed on the legal basis of Art. 6 para. 1 lit. b GDPR, insofar as your contact enquiry is in connection with the initiation of a contract (e.g. request for an offer, making an appointment).

The above-mentioned data is processed on the legal basis of Art. 6 para. 1 lit. f GDPR for all other contact enquiries. Our legitimate interest lies in being able to contact you and respond to your enquiry at any time.

Recipients of the processed data: The above-mentioned data is received by our company. Within our company, we ensure that only those persons are given access to your data who are authorised to do so on the basis of contractual or legal obligations.

Storage duration of the processed data: The above-mentioned data will only be processed for as long as is necessary to process your contact enquiry.

Transfer of the processed data to third parties: The above-mentioned data will only be passed on to our processors for the fulfilment of the purpose.

Right to object: You have the right to object to the processing of the above-mentioned data. If you wish to exercise your right to object, simply send an email to info@cis-solutions-gmbh.de.

You are neither legally nor contractually obliged to provide your personal data. However, failure to do so may mean that we are unable to respond to your enquiry in full.

5.2 By e-mail

If you contact us by e-mail, the data you provide will be used to process your enquiry.

Processed data types: Master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (enquiry content).

Purposes of processing: The provision of the data is necessary for processing and answering your enquiry – without their provision, we cannot answer your enquiry or can only answer it to a limited extent.

Data subjects: Communication partners, business and contractual partners

Service providers used:

ALL-INKL.COM – Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany; website: https://all-inkl.com/; privacy policy: https://all-inkl.com/datenschutzinformationen/

Storage period: Your data will be deleted if your enquiry has been conclusively answered and the deletion does not conflict with any statutory retention obligations, such as in the case of any subsequent contract processing.

Disclosure to third parties: The above-mentioned data will only be passed on to our processors for the fulfilment of the purpose.

Right to object: You can object to the processing of the data collected at any time by contacting us at the following address: info@cis-solutions-gmbh.de.

You are neither legally nor contractually obliged to provide your personal data. However, failure to do so may mean that we are unable to respond to your enquiry in full.

6 International data transfers

6.1 Principles

Data processing generally takes place in the EU. If we process data in a third country (i.e. countries outside the European Economic Area) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.

6.2 Guarantees

Subject to express consent or transfer required by contract or law, we only process or have the data processed in third countries with an adequate level of data protection. To this end, companies or organisations in these third countries must comply with suitable guarantees, such as the EU-US Data Privacy Framework (DPF) and/or undertake to comply with the so-called standard protection clauses of the EU Commission (Art. 44 to 49 GDPR).

7 Publications and marketing

In the area of scientific communication, we work closely with CiS Forschungsinstitut für Mikrosensorik GmbH as joint controllers. We are also supported by the Ilmenau University of Technology.

7.1 Conference programme

– A printed programme booklet will be published for the conference, stating author names and affiliation.

7.2 Social Media

We use the communication channels of CiS Forschungsinstitut für Mikrosensorik GmbH, respectively LinkedIn, Xing and Bluesky for:

Conference announcements and applications
Brief information on speakers (name, affiliation, presentation title)

Responsibilities and assertion of your rights as a data subject

With regard to the operation of the individual social media channels, we act as joint controllers together with the respective social media operator, unless the individual social media operators qualify as sole controllers. However, we do not have full access to the data collected by the social media operators and your profile data. Therefore, please read our privacy policy together with the privacy policy of the social media operator to obtain a comprehensive overview.

Purposes: The processing of personal data serves to expand and improve our website, to establish contact with potential customers, to maintain existing customer contacts and to interact in the community.

Legal basis: The processing is carried out on the legal basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the functional and comprehensive design of our online presence.

The data processing processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Processed data types: We have access to your publicly visible data (e.g. name and profile picture if you make a public comment on our social media channel).

We process the following data for anonymous statistics:

– Followers: Number of people who follow our social media channel.

– Reach: Number of people who see a specific post; number of interactions with a post; in particular, this allows us to deduce which content attracts widespread interest in the community.

Affected persons: Users/visitors to our social media channels

Recipients of the data: Users and operators of the social media platforms

Storage period: The data collected directly by us via the respective social media channel is deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, you revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them.

We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. You can find details on this directly from the operators of the social networks (e.g. in their privacy policy, see the following subchapters).

Disclosure to third parties: We do not pass on any data to third parties. For information on the transfer of data by the platform operators, please refer to the respective data protection information.

Right to object: You have the right to object to the processing of the above-mentioned data. If you wish to exercise your right to object, simply send an email to info@cis-solutions-gmbh.de.

7.2.1 LinkedIn

We use the CiS Forschungsinstitut für Mikrosensorik GmbH channel to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may result in increased risks for users in that, for example, subsequent access to user data may be made more difficult. We also have no access to this user data. The access option lies exclusively with LinkedIn.

The purpose and scope of the data collection and the further processing and use of the data by LinkedIn as well as your rights in this regard and setting options to protect your privacy can be found in LinkedIn’s data protection information at https://www.linkedin.com/legal/privacy-policy,

You can find an opt-out option at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

7.2.2 XING

We use the channel of CiS Forschungsinstitut für Mikrosensorik GmbH to present our company and our services and to communicate with customers/prospects. XING is a service of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

The purpose and scope of the data collection and the further processing and use of the data by Xing as well as your rights in this regard and setting options to protect your privacy can be found in XING’s data protection information at https://privacy.xing.com/de/datenschutzerklaerung.

7.2.3 Bluesky

We use the channel of CiS Forschungsinstitut für Mikrosensorik GmbH to present our company and our services and to communicate with customers/prospects. Bluesky is a service of Bluesky PBLLC, Seattle, WA, USA, e-mail: support@bsky.app.

The purpose and scope of the data collection and the further processing and use of the data by Bluesky as well as your rights in this regard and setting options to protect your privacy can be found in Bluesky’s data protection information at https://blueskyweb.xyz/support/privacy-policy.

7.3 Photographs

Purposes of processing: Photos are stored, processed and published for the purpose of documenting the event and as part of our public relations work. If you do not wish to be photographed, please contact us or the photographer directly so that your request can be taken into account.
Processed data types: Personal photos
Data subjects: Participants of our professional events
Legal basis: The legal basis for the creation, storage and use of photographs is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in these purposes.
Recipients of the data: Within our organisation, access to the photographs is granted to those departments and areas that require them to fulfil the above-mentioned purposes and that are authorised to process this data.
Service providers used: An external photographer may be commissioned to take the photographs.
Storage period: The data you provide will be processed for as long as it is necessary to protect our legitimate interests or you object to its processing by us.

Publications in online media or information from the Internet are accessible worldwide and can be linked to other information in order to create personality profiles. It should be noted that information (including photographs) on the Internet can be accessed by anyone. It cannot be ruled out that such persons will continue to use the photos or pass them on to other persons. There are specialised archiving services whose aim is to permanently document the status of certain websites on certain dates. This may mean that information published on the Internet can still be found elsewhere even after it has been deleted from the original site.

Disclosure to third parties: In the event of publication, photographs may be passed on to involved service providers (e.g. editorial offices or agencies).
The photos will be published on our website http://www.isec2025.org and on social media (LinkedIn, Xing, Bluesky).

Right to object: You have the right to object to the processing of the above-mentioned data. If you wish to exercise your right to object, simply send an email to info@cis-solutions-gmbh.de.

Publication on our website and in social media makes the data accessible to third parties, so that we can only delete the data to a limited extent after publication. If you object, we will remove the data from the internet platforms directly accessible to us (our website, our social media profiles). We cannot influence the storage period for other third parties who have gained access to the data through publication.

The provision of personal data is not required by law or contract or necessary for the conclusion of a contract. There is also no obligation to provide us with this data.

8 Your rights

8.1 Rights of data subjects

You have the following rights:

to confirmation as to whether data concerning them is being processed, to information about the data being processed, to further information about the data processing and to copies of the data (cf. also Art. 15 GDPR);
to rectification or completion of incorrect or incomplete data (see also Art. 16 GDPR);
the immediate erasure of data concerning them (see also Art. 17 GDPR) or, alternatively, if further processing is required in accordance with Art. 17 para. 3 GDPR, the restriction of processing in accordance with Art. 18 GDPR;
to revoke consent given at any time with effect for the future (cf. also Art. 7 para. 3 in conjunction with Art. 17 para. 1 GDPR). Art. 17 para. 1.
to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 GDPR)
to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection regulations (cf. also Art. 77 GDPR).

Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI)

P.O. Box 90 04 55 | 99107 Erfurt

Häßlerstrasse 8 | 99096 Erfurt

poststelle@datenschutz.thueringen.de

8.2 Right to object

Pursuant to Art. 21 GDPR, data subjects also have the right to object to the future processing of data concerning them, provided that the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is admissible.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. Please address your objection to the data protection officer at: info@cis-solutions-gmbh.de.

9 Changes

We reserve the right to amend this privacy policy. You will always find the current version on our website.

The previous version will be archived by us if it is replaced by a new version.

History:

07/02/2025	Creation	v. 1.0
10/03/2025	Change from company to conference data privacy policy	v. 2.0