Data Protection Policy

Data controller

The controller in the sense of Art. 4 No. 7 of the EU General Data Protection Regulation for the processing of personal data is:  

Gesellschaft zur Förderung angewandter Informatik e. V. (GFaI)  
Volmerstraße 3  
12489 Berlin    

Phone: +49 30 814563-300  
Fax: +49 30 814563-302  

Comments or questions about our privacy policy please direct to:

SSL encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL encryption. The data you transmit to us cannot be read by third parties. You can recognize an encrypted connection by "https://" in the address line of the browser and by the lock symbol in your browser line. For more information on our SSL certificate, click on the padlock icon. 


The cookies set by GFaI websites are for functional use only (e.g. for caching search queries or form entries) and are only set duration the web session. These cookies contain no personal information and are not used for user tracking.

Tracking Cookies can be activated voluntarily via our cookie banner by clicking "Accept Google Analytics". For more information, see the section "Google Analytics".   

Learn how to clear cookies in the most common browsers: 

Google Analytics

If you have consented, we use Google Analytics to analyze the use of our website. The data obtained from this are used to optimize our website.  

The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. 

During your visit to the website, the following data, among others, are recorded: 

  • Pages accessed, 
  • Your behavior on the pages (for example, time spent on the page, clicks, scrolling behavior), 
  • Your approximate location (country and city), 
  • Your IP address (in shortened form, so that no direct assignment is possible), 
  • Technical information such as browser, Internet provider, terminal device, and screen resolution, 
  • Source of origin of your visit (i. e., via which website or advertising medium you came to our website). 

These data are transferred to Google servers in the USA. We would like to point out that the same level of data protection cannot be guaranteed in the USA as within the EU. 

No personal data such as name, address, or contact details are ever transferred to Google Analytics.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future website visits.  

The recorded data are stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. These user-related data are automatically deleted after 14 months. Other data remain stored in aggregated form indefinitely. 

If you do not agree with the collection, you can prevent it with the one-time installation of the Google Analytics opt-out browser add-on


When you contact us, your data will only be stored to process your request and in case of follow-up questions.

When contacting us via one of our contact forms, the following data are involved: 

  • First name and surname, 
  • Email,
  • Address. 

Depending on the form, additional data may be requested. The personal data collected are used for processing your request. Of course, this data will not be passed on to third parties. You may withdraw your consent to the storage and processing of this data at any time via e-mail or other means. In addition, you can always get information about the stored data and are entitled to request the deletion of the data at any time, in accordance with the legal regulations.

Mail Log Files

Personal data are collected when contacting us via the contact form. The following information is automatically stored in the mail log:   

  • Date and time of submitting,
  • Email. 

The storage occurs in log files to ensure the server's functionality. These data will be automatically erased after 10 days. 

Links to external websites of other providers

Our websites may contain links to websites of other providers, to which this privacy policy does not extend. Please note that this privacy policy applies only to GFaI websites. Please note the privacy policies of the respective providers.

Make an appointment via calendly

We use the calendly tool to make appointments. Calendly is used to improve our services for existing and new customers. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR.

When using the tool, you will be asked for personal information such as name, email address and telephone number. If you use the tool, your details from the inquiry form, including the information you provided there, will be saved and transmitted on the Internet. The data entered is processed exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR).

Our data protection declaration and the data protection declaration of the provider apply to the handling of the data collected through the use of calendly. You can find calendly's privacy policy at:

QR codes

We create QR codes using the QR code generator The QR codes generated with this QR code generator do not have any tracking mechanism. This means that the data of users who scan our QR code generated here is not or cannot be recorded. Only the exact data that we enter ends up in a QR code created with this QR code generator (e.g. link to the email inbox to register for the newsletter). We also assure you that the contents of the QR codes created here are not saved and that no data is passed on to third parties. For more information, see the provider's privacy policy here:


By signing and sending the GFaI membership application, the members or potential members agree that all personal data will be processed and stored in compliance with statutory provisions solely for the purpose of implementing the statutory purposes and tasks of the GFaI by means of EDP.

Application procedure

We process the applicant's data only for the purpose and in the context of the application process in accordance with the legal requirements. The processing of the applicant's data takes place in order to fulfill our (pre-) contractual obligations in the context of the application process within the meaning of Art. 6 para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR if the data processing e.g. is required for us in the context of legal proceedings (in Germany, also § 26 BDSG). The application process requires applicants to provide us with the main applicant's data. The necessary applicant's data is mentioned in the job descriptions and includes, in general, the personal details, postal and contact addresses and the documents that belong to the application, such as cover letter, CV and certificates. In addition, applicants can voluntarily provide us with additional information. By submitting the application to GFaI, the applicant agrees to the processing of their data for the purposes of the application process in accordance with this Privacy Policy. As long as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily communicated within the framework of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) lit. b GDPR. Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants in the context of the application procedure, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. a GDPR. Applicants can send us their applications via e-mail or post. However, please note that e-mails may not be sent encrypted. The data provided by the applicant may be further processed by us in the event of a successful application for employment purposes. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicant's data will also be deleted if an application is withdrawn, which the applicant is entitled to at any time. The cancellation is subject to a legitimate cancellation of the candidate, after the expiration of a period of six months, so that we can answer any follow-up questions to the application and meet our obligations under the German Equal Treatment Act. Invoices for travel expenses are archived in accordance with the applicable tax regulations.

Whistleblower Protection System

Within the framework of the whistleblower protection system, data entered, including an anonymous case number, date, and time of the report, are processed. This includes information about the circumstances and possibly mentioned individuals, as well as (if provided) details about the whistleblower, such as first name, last name, and contact information. The reporting process can be completely anonymous.

Recipient of the Data: The data is exclusively forwarded to the internal reporting office and, if necessary, to individuals who require it for follow-up measures. Otherwise, the data will only be disclosed to additional parties with your consent, except for disclosures mandated by legal provisions.

The hintcatcher system is provided by product kitchen GmbH as a data processor. A data processing agreement has been concluded with the data processor. The purpose of data processing is to receive information and data regarding suspicions of potential violations, especially related to economic crimes and corruption. The legal basis for processing is the Whistleblower Protection Directive of the European Union ((EU) 2019/1937, (EU) 2020/1503). The data will be retained for the duration of the investigation and assessment of the reported hints. After the investigations are concluded, the data will be automatically deleted after 6 months. In the case of legal proceedings, retention may occur until the conclusion of the proceedings/expiry of legal remedy periods.

Rights of the data subject

In principle, you have the following rights: 

  • Right to information, 
  • Right to rectification, 
  • Right to objection, 
  • Right to erasure,  
  • Right to restriction of processing, 
  • Right to data portability. 

For requests of this kind, please contact Please note that when making such requests, we must ensure that it is indeed the data subject.

Complaints can be submitted to a supervisory authority if there are any doubts about the lawfulness of the processing of personal data.