Privacy policy

Thank you for visiting our website and for your interest in our institute. The protection of your privacy is important to us. We therefore proceed with all data processing procedures, such as collection, processing and transmission, in accordance with the legal regulations of European and German data protection law.
The following declaration gives you an overview of which of your data is requested on our Internet pages, how this data is used and passed on, how you can obtain information about the information given to us and what security measures we take to protect your data.
Name and address of the data controller
The person responsible in the sense of the data protection regulations for all data processing processes carried out via our Internet pages is the:
Institute for Food and Environmental Research e.V.
Arthur-Scheunert-Allee 40-41
14558 Nuthetal
Telephone: +49 33200 518-80
Fax: +49 30 7001 4321 93
Please direct any enquiries on the subject of data protection and the assertion of data subject rights to the above address.
Basic information
In order to meet the requirements of a precise, transparent and comprehensible form (Art. 12 Para. 1 DSGVO), we would like to provide you with comprehensible and (hopefully) understandable information on the type, scope and purpose of data processing in the following sections.
As a matter of principle, it is possible to use our website without providing any personal data. However, if you want to use the services of our institute via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will always obtain your consent as the data subject.
The processing of personal data, for example your name, address, e-mail address or telephone number, is always in compliance with the legal regulations of the European as well as the German data protection law.
The purpose of the processing of data is basically the operation of our website with information and the presentation of our institute, our competences and our services.

Collection of usage data
Each time you access our website, a series of general data and information is collected. This information is stored in the log files of the server of our web hoster (domainfactory GmbH, whose data centre is located in Germany). This information provides information about your IP address, the time of access, the pages or files accessed, the so-called referrer (the previously visited page) as well as the amount of data transferred and the terminal device and browser used.
This information is essentially required in order to (1) correctly deliver the contents of our website to the user’s computer, (2) ensure the permanent functionality and security of our website and (3) for other administrative purposes. This data is not stored together with other personal data of the user. Likewise, we do not draw any conclusions about the person concerned from this information. The data is not passed on to third parties or used in any other way.
Our legitimate interest for the temporary storage of the data and the log files lies in the aforementioned purposes in accordance with Art. 6 Para. 1 Letter f DSGVO. The data of the log files are generally deleted after three days. Storage beyond this period is possible.
Contact form and e-mail
Our website offers the option of contacting us directly via a contact form or via the e-mail address provided. If you, as a user, contact us via the contact form or by e-mail, your details from the contact form or the personal data you send by e-mail are automatically stored.
We use your data to process your enquiry and may contact you for this purpose using the contact details provided. We do not use this data for advertising purposes or pass it on to third parties.
The legal basis for the processing of the data which is transmitted by you in the course of contacting us via the contact form or by e-mail is our legitimate interest in responding to your request in accordance with Art. 6 (1) letter f DSGVO. If the e-mail contact is aimed at concluding a contract, Art. 6 (1) letter b DSGVO is also the legal basis for the processing. Your data will be deleted after final processing of your request. This is the case when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

Data protection for applications and in the application process

We collect and process the personal data of applicants for the purpose of processing the application procedure. The processing may also take place electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail. If we conclude an employment contract with you as an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If, on the other hand, no employment contract is concluded with the applicant, the application documents are generally deleted six months after notification of the rejection decision, provided that no other legitimate interests prevent deletion.


For the sake of completeness, we would like to inform you as a user of our Internet pages that so-called cookies are also used on our pages. Cookies are small text files which are stored by the web server on your end device via your internet browser when you visit our internet pages.

Strictly speaking, there is only one type of cookie, namely a so-called session cookie. This session cookie, recognisable by the so-called hash code, a randomly generated value of numbers and letters, is of a technical nature and is used exclusively internally by the web server to identify your user session. This cookie is mandatory and is automatically deleted after you close your internet browser. The session cookie used does not give us any knowledge of your identity.

Tools and miscellaneous

Google Web Fonts

Our internet pages use so-called web fonts for the uniform display of fonts. These are provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). When you access our website, your browser loads the required web fonts in order to display texts and fonts correctly. For this purpose, the browser you use must connect to Google servers. Through this connection, Google can generally learn that our website has been accessed via your IP address.

Google Web Fonts are used in the interest of a uniform and appealing presentation of our internet pages. This justifies our legitimate interest according to Art. 6 Para. 1 Letter f DSGVO. If your browser does not support the web fonts, a standard font from your computer will be used.

Google reCAPTCHA

We use the reCAPTCHA service for protection when submitting forms, such as our contact form. The provider of reCaptcha is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This service is intended to ensure that the contact form is used exclusively by visitors, in the sense of a natural person, to our website and not abusively by automated processing (so-called “bots”). This constitutes a legitimate interest according to Art. 6 para. 1 letter f DSGVO. This includes sending your IP address and, if applicable, further data required by Google for reCAPTCHA to Google.

Google, which is based in the USA, is certified for the EU-US Privacy Shield. In this respect, the requirements for data protection-compliant handling of the data are met. Further information on Google services can be found in Google’s privacy policy.

Duration of storage of personal data

As a matter of principle, we process and store your personal data only for the period of time required to achieve the purpose of storage or if this is provided for in laws or regulations to which the controller is subject (e.g. retention obligations for medical records, retention periods under commercial and tax law). After expiry of the period, the corresponding data will be routinely deleted insofar as they are no longer required for the fulfilment of the contract or the initiation of the contract and/or there is no further justified interest on our part in the continued storage.

Data security

On our Internet pages, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest encryption level supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether our Internet pages are transmitted in encrypted form by the closed or green lock symbol in the address bar of your browser.

In addition, as the controller, we have implemented further technical and organisational measures to ensure the most complete protection of personal data processed through our website. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are also free to transmit personal data to us by alternative means, for example by telephone.

Data subject rights

If your personal data is processed, you are a data subject within the meaning of the GDPR. You are entitled to comprehensive rights vis-à-vis the controller, which we inform you about below:

Right to information: you have the right to free information about your personal data stored by us, in particular its origin and recipient as well as the purpose of the data processing and the planned storage period (Art. 15 DSGVO).

Right to rectification: You have the right to have any inaccurate data relating to you corrected without delay and/or to have any incomplete data stored by us completed (Art. 16 DSGVO).

Right to deletion: You have the right to demand the immediate deletion of your personal data if the requirements of Art. 17 (1) DSGVO are met. However, this right does not exist in particular if the processing is necessary for the fulfilment of a legal obligation to which our company is subject (Art. 17 (3) DSGVO).
Right to restriction of processing: You have the right to demand the restriction of the processing of your personal data, provided that one of the conditions according to Art. 18 (1) applies.

Right to information: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients (Art. 19 GDPR).

Right to data portability: Art. 20 DSGVO grants you the right to receive the personal data concerning you that you have provided to us as the controller in a structured, common and machine-readable format, provided that one of the conditions pursuant to Art. 20 (1) applies.

Right to object: In addition, Art. 21 DSGVO guarantees you the right to object at any time to the processing of personal data concerning you, provided that this is carried out on the basis of Art. 6(1)(e) or (f). If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

Right to withdraw consent given: Pursuant to Art. 7 (3) DSGVO, you have the right to revoke consent to the processing of data, once given, at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Right to complain to a supervisory authority: If you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy (Article 77 GDPR).

Procedure for automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

Changes to this privacy policy

We reserve the right to change this data protection declaration from time to time and without prior notice. We would therefore ask you to check this page regularly for any changes to this data protection declaration.