Data Protection Policy

A complete listing of all data protection policies of GSI and FAIR can be found on the data protection website.

Information according to Art. 13 and 14 GDPR on the processing of your personal data for website users

The GSI Helmholtzzentrum für Schwerionenforschung GmbH hereby informs you about the processing of your personal data and the rights to which you are entitled under data protection law.

1. Name and address of the person responsible

GSI Helmholtzzentrum für Schwerionenforschung GmbH
Planckstraße 1
64291 Darmstadt
Phone: +49-6159-71-0
E-Mail: info(at)

2. Name and Contact of the Data Protection Officer

Staff unit Data Protection
Planckstraße 1
64291 Darmstadt
Phone: +49-6159-71-1772
Fax: +49-6159-71-1900
E-Mail: datenschutz(at)

The contact data is also available on the internet via

3. Data categories — origin and use

3.1 Provision of the website and generation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The type and amount of data transmitted and processed depends on the Internet browser you are using and its configuration and typically includes:

  1. the accessed website,
  2. source/reference from where you got to the page,
  3. the browser used,
  4. the operating system used,
  5. the IP-address used and
  6. the language you prefer.

Of this data, the following are stored in the log files of our web server:

  1. the accessed website,
  2. source/reference from where you got to the page,
  3. the browser used,
  4. the operating system used,
  5. the IP address used

as well as

  1. in the case of authenticated access, the login name used,
  2. date and time of the access,
  3. success or error status of the retrieval and
  4. the amount of response data transmitted.

This data is not stored together with other personal data of the user.

The temporary storage of the IP address by the system is necessary to enable provision of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

3.2 Use of cookies

Our website uses cookies. Cookies are small text files with visit information that are temporarily stored on your hard drive. When the user is entering a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is entered again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

Most browsers are set to accept cookies. However, you can deactivate the storage of cookies in your browser at any time or set your browser so that you receive a message as soon as cookies are sent. However, we would like to point out that you may then not be able to use all the functions of this website.

The transmission of Flash cookies cannot be prevented via the settings of the browser, but by changing the setting of the Flash Player.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

  1. frontend login,
  2. web phone book,
  3. transfer of language settings,
  4. whole Typo3 web (Content Management System) basically needs cookies and
  5. remembering search terms.

The user data collected through technically necessary cookies will not be used to create profiles of the users.

3.3 Social Media

Data protection information on data processing in the context of the use of our social media offers can be found under

3.4 Registration

On our website, we offer users the opportunity to register by providing personal data. Registration is required in order to receive the "target" magazine. The data is entered in an input mask, transmitted to us and stored.

The following data is collected and stored at the time of the registration process:

  1. the IP address of the user,
  2. date and time of registration and
  3. registration data entered under target_registration.

The registration serves the fulfillment of a contract to which the user is a party. The legal basis is Art. 6 (1) (b) GDPR. The data will not be passed on to third parties.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

3.5 Contact form and e-mail contact

Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:

  1. contact form (last name, first name and e-mail) and
  2. contact press and public relations department (last name, first name, telephone and e-mail).

At the time the message is sent, the following additional data is stored:

  1. the IP address of the user and
  2. date and time of registration.

Alternatively, it is possible to contact us via the email address provided. In this case, the personal data of the user transmitted with the email will be stored.

The data will be used exclusively for the processing of the conversation and no disclosure of this data to third parties.

The processing of personal data from the input mask serves us solely to process the contact.

Other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of fourteen days at the latest.

3.6 Web analytics service Matomo

This website uses the web analytics service Matomo, a service of InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, to analyze the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for users. Matomo is deactivated when users visit our website. Only if you actively give your consent, your usage behavior will be recorded exclusively on the basis of your IP address and for statistical purposes.

For this evaluation, cookies are stored on your computer (for more details, see 3.2). We store the information collected in this way exclusively on our servers in Germany. Users can prevent the analysis by deleting existing cookies and preventing the storage of cookies. Preventing the storage of cookies is possible through the settings in your browser.

This website uses Matomo with the extension "AnonymizeIP". This means that IP addresses are processed in a shortened form, which means that a direct reference to a person can be excluded. The IP address transmitted by your browser via Matomo will not be merged with other data collected by us.

The Matomo program is an open source project. Information from the third-party provider on data protection is available at

4. Legal bases and purposes of data processing

We process your personal data in compliance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA) and all other applicable laws. In this context, the processing is lawful if one of the following conditions is met:

  1. Consent (Art. 6 (1) sentence 1 lit. a GDPR):
    The lawfulness for the processing of personal data is given in case of consent for processing for specified purposes (e.g. use of data for marketing purposes). Consent given can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us prior to the applicability of the GDPR, i.e. prior to May 25, 2018.
  2. Contractual obligations (Art. 6 (1) sentence 1 lit. b GDPR):
    In order to fulfill our contractual obligations or also to carry out pre-contractual measures, which take place upon request, we process personal data. The purposes of the data processing result primarily from your request.
  3. Legal requirements (Art. 6 (1) sentence 1 lit. c GDPR):
    GSI is subject to various legal obligations. These include:
    3.1 Retention requirements under commercial and tax law in accordance with the German Commercial Code and the German Fiscal Code,
    3.2 Fulfillment of control and reporting obligations under tax law.
  4. Balancing of interests (Art. 6 (1) sentence 1 lit. f GDPR):
    To the extent necessary, we process your data beyond the actual performance of the contract in order to protect legitimate interests of us or third parties, e.g. for the purpose of
    4.1 Assertion of legal claims and defense in legal disputes,
    4.2 Ensuring IT security and IT operations,
    4.3 Analyzing and improving the use of our website.

5. Data access and categories of recipients

Within our company, only those persons and offices receive your personal data that require it to fulfill our contractual and legal obligations.

We have some of the aforementioned processes and services carried out by carefully selected service providers who comply with data protection requirements. These external service providers are bound by our instructions and are regularly monitored. They will not pass on your data to third parties.

Data about you will only be disclosed if required by law, you have consented or we are authorized to disclose. If these conditions are met, recipients of personal data may include:

  1. public agencies and institutions (e.g. tax authorities, law enforcement agencies) if a legal or official obligation exists.
  2. other companies or comparable institutions to which we transfer personal data in order to carry out the business relationship with you.
  3. other companies within the Group (e.g. for processing payment transactions or for risk management due to legal obligation).

6. Rights of data subjects

You may obtain information about your personal data stored by us via the e-mail address betroffenenrechte(at) Moreover you may demand – under certain circumstances – the correction or erase of your data.

You may also have the right of a limited processing of your data as well as of being informed about the data provided by you in a structured, commonly used and machine readable format.

The restrictions according to Sections 34 and 35 FDPA apply to the right of information and the right of deletion.

You may revoke your consent to the processing of personal data at any time with effect for the future. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to May 25, 2018.

7. Complaint option

If you have any complaints, you are free to contact our Data Protection Officer (specified above), or alternatively, a data protection supervisory authority.

8. Storing your data

We process and use your data exclusively for the purposes for which we are authorized and for as long as they are required for these purposes.

If the data is no longer required for the purpose or for the fulfillment of legal obligations, it will generally be deleted, unless its further processing - which may be limited in time and scope - is necessary for the purposes of

  1. the fulfillment of retention obligations under commercial and tax law: The German Commercial Code and the German Fiscal Code are to be mentioned. These stipulate retention and documentation periods of up to 10 years.
  2. the preservation of evidence within the framework of the legal statute of limitations: According to Sections 195 ff. of the German Civil Code. The regular limitation period is 3 years, under special circumstances up to 30 years.

9. Data transfer to third countries

An active transfer of personal data to a third country only takes place if this has been expressly indicated in the context of other services.

10. Obligation to the provision of data

Within the scope of using our offers, you must provide those personal data that are required to fulfill the purpose or that we are legally obligated to collect. Without this data, we will generally not be able to provide the requested service.

11. Right of objection (Art. 21 GDPR)

For reasons arising from your particular situation, you are entitled to lodge an objection at any time to the processing of your personal data, which takes place based on Art. 6 (1) sentence 1 lit. f GDPR (data processing on the basis of a balancing of interests); this shall also apply to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. In the event that you lodge an objection to the processing of your data, we will no longer process your personal data – unless we are able to prove compelling justifiable reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

You can send your objection – written in a free form – to:

GSI Helmholtzzentrum für Schwerionenforschung GmbH
Staff Unit Data Protection
Planckstr. 1
64291 Darmstadt
Phone:   +49-6159-71-1772
Fax:       +49-6159-71-1900
E-Mail:  datenschutz(at)