Data Protection Information for WCAIDFM

The service “WHAT CAN Al DO FOR ME?” developed as part of a research project with the Hochschule für Medien Stuttgart and Kenbun GmbH. (“WCAIDFM”) will continue to be made available by thingsTHINKING to AI providers and those interested in AI after the end of the project

When using WHAT CAN Al DO FOR ME? there is a processing of personal data about which we will inform you below.

1. Responsible Person

Responsible for the processing of personal data within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

thingsTHINKING GmbH
represented by the managing directors Dr. Sven J. Körner and Dr. Mathias Landhäußer
Haid-und-Neu-Straße 7, 76131 Karlsruhe
Email: privacy@thingsthinking.net

hereinafter referred to as thingsTHINKING

2. Contact Details of the Data Protection

Susanne Göthel

c/o thingsTHINKING GmbH
Haid-und-Neu-Straße 7
D-76131 Karlsruhe
E-Mail: privacy@thingsthinking.net

3. General Data Protection Information

The service works on the basis of WCAIDFM’s semantic AI architecture and infrastructure, through which those interested in AI can have suitable AI solutions suggested. The project can be divided into the following process steps, within which personal data is processed and which is described in more detail below:

Process step 1: 

AI providers store the description of their AI solution and use cases on WCAIDFM

Process step 2:  

thingsTHINKING evaluates the use Cases and prepares the data for WCAIDFM

Process step 3:

Those who are interested in AI can have suitable AI-solutions suggested.

In some cases, we use data processors within the meaning of Art. 28 GDPR to process your personal data. Such data processors who are bound by our instructions are only used if they meet a high level of information security and thus also data protection standards.

Your personal data will not be processed for the purpose of automated decision-making (including profiling) in accordance with Art. 22 (1) GDPR.

4. Data Processing within the Project

4.1 Process step 1: Data Processing by filling out the online questionnaire for recording AI use cases in WCAIDFM.

thihgsTHINKING provides AI providers with a questionnaire to identify AI solutions.

4.1.1. Processed Data

By answering the questionnaire, the following data in particular is processed:

Information about you as the AI ​​provider, in particular the name of the company, company headquarters, company website, company e-mail address. This data is displayed to those interested in AI when an AI offer is suggested to them.

In addition to the information on the AI company, personal data of the contact person of the AI provider is processed, in particular name, e-mail address, contact details. This data will not be made public.

In the free text field, you as the AI provider can then describe the possible uses of your AI solution and show which problems and use cases your AI solution supports. It is not necessary to provide and thus process personal data.

4.1.2. Purpose of Processing

In your role as an AI provider, your data will be processed in order to record AI solutions and their possible applications and, if necessary, to contact you with questions about the information you provided in the questionnaire. In a further step, the information on the AI solutions and possible applications is cleaned of personal data. The company and company contact details of the AI provider in the data are not filtered out. The data is then processed in such a way that it can be made available to those interested in AI via the WCAIDFM platform.

4.1.3. Legal Basis

Legal basis for the processing of your personal data is Art. 6 (1) 1 lit, a GDPR. The processing of your personal data is based on your consent, which you can revoke at any time. The legality of the data processing operations that have already taken place with your consent remains unaffected.

4.1.4. Storage Period

The personal data collected by means of the questionnaire will be stored until you revoke your consent or the use cases derived from the questionnaires are removed at thingsTHINKING’s own discretion.

4.2. Process step 2: Evaluation of the Questionnaires and Preparation of the Data

The content determined by surveying AI providers is prepared by thingsTHINKING in such a way that it can be analyzed using the WCAIDFM application in order to be able to suggest suitable AI application options on request. As a rule, no personal data is available in this process step, with the exception of the name of the contact person of the AI provider, or it is pseudonymised, so that it cannot be traced.

4.2.1. Purpose of the Processing

The data is processed in order to be able to have the use cases of the AI providers analyzed by the artificial intelligence WCAIDFM.

4.2.2. Legal Basis

If personal data is processed in this process step, in your case as an AI provider, this takes place on the basis of the consent that you have given us in advance, i.e. in accordance with Art. 6 (1) 1 lit. a GDPR.

4.2.3. Storage Period

Any personal data contained in the evaluated data will be stored until you revoke your consent or the use cases derived from the questionnaires are removed at thingsTHINKING’s own discretion.

4.3. Process step 3: Data Processing when using WCAIDFM

Interested in AI can describe the desired application scenario in their own words on the ‘whatcanaidoforme.com’ website. The WCAIDFM service compares the application scenario described with the use cases determined as described above and displays the appropriate hits to those interested in AI.

In particular, the following personal data is processed: Personal data of the person interested in AI is only processed if they provide it in the description of the desired application scenario. There is no need to disclose personal data at this point. We also expressly ask that you refrain from providing personal data in the description. If contact is desired, a contact form is available for this purpose. Processing of personal data from AI providers can take place in this process step as already described above if the company and company contact data of the AI provider contained in the use cases allow conclusions to be drawn about the person, for example because the company name contains the name of the company owner and/or the name of the contact person.

4.3.1. Purpose of the Processing

The processing takes place in order to compare the text with the content stored in our database. In the event of a hit, a corresponding message is played. With the help of such information, we want to support you as a person interested in AI in your further decision-making about the use of AI. Furthermore, the content provided is evaluated in order to optimize the application. In this context, too, personal data may be processed. However, the evaluation of the content is limited to determining whether and which references to a text have been provided, with the aim of improving the quality of the references. The text itself is not used for “training purposes”, i.e. the texts of those interested in AI are not transferred to the database from which WCAIDFM generates hints.

4.3.2. Legal Basis

If personal data is processed in this process step, this takes place in the case of the AI provider, which he has given us in advance, i.e. in accordance with Article 6 (1) 1 lit. a GDPR. If a person interested in AI discloses personal data in this process step, the processing takes place in our legitimate interest, since we have no technical way of preventing the disclosure and the subsequent processing of personal data. The processing is then based on the legal basis of Article 6 (1) 1 lit. f GDPR.

4.3.3. Storage Period

If AI-provider’s personal data is processed in this process step, the information on the storage period from Section 4.2.3 applies here. The data will be stored until the AI provider revokes their consent or the use cases derived from the questionnaires are removed by thingsTHINKING from WCAIDFM at their own discretion.

If a person interested in AI provides personal data when describing his use case, these personal data are usually deleted after 6 months, unless longer storage is exceptionally justified. In such a case, the time of deletion must be determined on a case-by-case basis. In any case, the data will be deleted if any civil law claims according to § 199 BGB have become statute-barred or criminal prosecution is no longer possible due to the statute of limitations according to §§ 78, 79 StGB.

5. Contact

5.1. General Contact

If you contact us, we will process the data you have provided. Depending on the means of communication used (e.g. e-mail or telephone), this relates to personal data such as your name and contact details.

5.1.1. Purpose of Processing

We process your personal data in order to be able to process your request, which you communicated to us when you contacted us.

5.1.2. Legal Basis

The processing can be based on different legal bases depending on the case. For example, Art. 6 (1) (b) GDPR applies if your request relates to a contract concluded with us. In any case, we have a legitimate interest in processing your contact request within the meaning of Art. 6 (1) (f) GDPR.

5.1.3. Storage Period

The data will be deleted as soon as the purpose of the processing has been fulfilled or can no longer be fulfilled. The exact time of deletion is to be determined for each individual case. In any case, the storage will be terminated if civil law claims according to § 199 BGB have become statute-barred or criminal prosecution is no longer possible due to the statute of limitations according to §§ 78, 79 StGB.

5.2 Contact via the Contact Form

For this purpose we provide you with a contact form on our website. If you use the contact form, the personal data you provide will be transmitted to us. In addition, other personal data is processed in particular:

  • Your IP address
  • Date and time of the request
5.2.1. Purpose of Processing

We process your personal data in order to process your request.

5.2.2. Legal Basis

The processing of your personal data is based on your consent, which we ask for before the sending process. Depending on the content of your request, the processing can also be based on other legal bases. For example, Article 6 (1) (b) GDPR applies if your request relates to a contract concluded with us.

5.2.3. Storage Period

The data will be deleted as soon as the purpose of the processing has been fulfilled or can no longer be fulfilled. The exact time of deletion is to be determined for each individual case. In any case, the storage will be terminated if civil law claims according to § 199 BGB have become statute-barred or criminal prosecution is no longer possible due to the statute of limitations according to §§ 78, 79 StGB.

6. Processing of your Personal Data via our Website

6.1. Cookies

We use cookies to personalize content and ads, to provide social media features and to analyze traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of the Services.

When you visit our website, cookies are stored on your end device and the cookie data is transmitted to us. This site uses different types of cookies. Some cookies are placed by third parties that appear on our sites.

You can control the storage and use of cookies by making the appropriate settings in your browser or by subsequently revoking the consent you gave when you accessed our website. If you deactivate the cookies, you may no longer be able to use all the functions of our website – comprehensively.

Please include your consent ID and date when contacting us regarding your consent.

You can find an overview of the cookies here: www.whatcanaidoforme.com/cookies

6.2. Encryption by TLS

We use the encryption technology “Transport Layer Security” or “TLS” for short on our website. This is a protocol that transmits data over an encrypted connection on the Internet. The encryption protects the data from unauthorized access by third parties and from manipulation or forgery. In addition, TLS allows authentication and verification of the identities of the recipient and sender.

6.3. Server Log Files

The provider of our website automatically processes data in so-called server log files, which your browser automatically transmits when you visit our website. This includes the following data:

  • Browser type and browser version
  • Date and time of the server request
  • IP address
  • Referrer URL
  • data transferred
6.3.1. Purpose of Processing

The data is processed in order to be able to display the website to you and to ensure the security and stability of the technology systems used. It cannot be ruled out that the data will be processed in order to provide law enforcement authorities with the necessary information for law enforcement purposes in the event of a cyber attack or to assert our civil claims.

6.3.2. Legal Basis

We have a legitimate interest in data processing within the meaning of Art. 6 (1) (f) GDPR. We legitimately have an interest in a secure and stable website and in asserting our civil claims and successful criminal prosecution.

6.4.3. Storage Period

The data is stored in the log files of the IT system of the host of our website. The data will be deleted as soon as the purpose of the processing has been fulfilled or can no longer be fulfilled. The exact time of deletion is to be determined for each individual case. In any case, the storage will be terminated if civil law claims according to § 199 BGB have become statute-barred or criminal prosecution is no longer possible due to the statute of limitations according to §§ 78, 79 StGB.

7. Tools on our Website

7.1. Google Analytics

We use the web analytics service “Google Analytics” on our website. The provider is Google Ireland Limited (hereinafter “Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies (“Google cookies”), which enable an analysis of your use of the website. To do this, Google stores cookies in your browser that contain a randomly generated user ID in order to recognize you on future visits. In this way, the recorded data enable the evaluation of pseudonymous user profiles.

During your visit to our website, the following data is recorded, among other things:

  • the referrer URL
  • technical information about your browser or the end device you are using (e.g. language setting, screen resolution)
  • your user behavior (e.g. clicks, length of stay, click paths)
  • your IP address in abbreviated form (We would like to point out that on this website Google Analytics has been expanded to include the code “anonymizeIp” in order to ensure anonymous recording of IP addresses (so-called IP masking)).

You can prevent the storage of cookies by declaring that you reject the use of Google cookies via the consent tool when you visit our website. You can also prevent Google cookies from being stored by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the Google cookie and relating to your use of the website (including your IP address) and from processing this data by Google by clicking on the following link (http: //tools.google.com/dlpage/gaoptout?hl=de) Download and install the available browser plugin. You can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie will be set to prevent future collection of your data when you visit this website:

7.1.1. Purpose of the Processing

In joint responsibility with Google, the above information is used to evaluate your use of our website in order to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

7.1.2. Legal Basis

Cookies are only used if you agree. To comply with your consent, we have implemented a cookie layer on our website. If you click on “OK” on this, you give us your consent to set cookies. The legal basis for the processing is Article 6(1)(a) GDPR.

If you agree to the use of Google cookies, your personal data will be processed in the USA, among other places. From the point of view of the European Union (“EU”), the USA does not offer an adequate level of protection for the processing of personal data in line with EU standards. According to the judgment of the European Court of Justice (“ECJ”) of July 16, 2020, Az. C-311/18 (also known as “Schrems II”), the previously applicable EU-US Privacy Shield cannot guarantee an adequate level of protection. For example, there is a risk that your personal data will be disclosed to US intelligence services due to the so-called CLOUD Act (“Clarifying Overseas Use of Data Act”). Consider this fact before you agree to the use of Google cookies and thus trigger the transfer of your personal data to the USA.

7.1.3. Storage Period

Google Analytics stores cookies in your browser for a period of two years since your last visit.

7.1.4. Data Transmission

You can find Google’s data protection information under the following link:

7.1.5. Further information

Die Datenschutzhinweise von Google finden Sie unter folgendem Link: https://policies.google.com/privacy?hl=de

Further information on terms of use and data protection can be found a https://www.google.de/intl/de/policies/

7.2. Google reCAPTCHTA

We use the reCaptcha service from Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043 USA (hereinafter “Google”).

Google uses the following data to check whether you are a human or a computer: IP address of the terminal device used, the website that you are visiting and on which the Captcha is integrated, the date and duration of the visit, the identification data of the device used Browser and operating system type, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. Google processes your personal data on its own responsibility. Nevertheless, we will inform you below about data processing by Google as far as possible.

7.2.1. Purpose of Processing

The tool can be used to determine whether a person or a computer makes a specific entry in our contact or newsletter form.

7.2.2. Legal Basis

Legal basis for the use of Google reCAPTCHA is Art. 6 (1) 1 lit. f GDPR. There is a legitimate interest on our part in this data processing, to ensure the security of our website and to protect us from automated input (attacks).

7.2.3. Storage Period

Unfortunately, we do not know how long Google actually stores the data.

7.2.4. Data Transmission

Your personal data will be transmitted to and processed by Google servers in the USA. It cannot be ruled out that your personal data will be passed on to third parties, please see the explanations in Section 7.1.2.

7.2.5. Further Information

You can find Google’s data protection information under the following link: https://policies.google.com/privacy?hl=de

7.3. LinkedIN Analytics/Ads

We use the LinkedIn Analytics service from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”). The service is a conversion tracking technology and the retargeting function of LinkedIn. For this purpose, the LinkedIn Insight tag is integrated on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time. LinkedIn processes your personal data under its own responsibility. Nevertheless, we will inform you below about data processing by LinkedIn as far as possible.

7.3.1. Purpose of Processing

The technology can be used to show you personalized advertisements on LinkedIn. In order to be able to optimize the advertisements, we receive anonymous reports from Linkedin on the performance of the advertisements and information on website interaction.

7.3.2. Legal Basis

Legal basis for the processing of your personal data is Art. 6 (1) 1 lit. a GDPR. The processing of your personal data is based on your consent, which you can give or refuse when you visit our website. You can also deactivate data processing at any time under the following link if you are logged in to LinkedIn:

https://www.linkedin.com/psettings/enhanced-advertising.

7.3.3. Storage Period

The data will be anonymized within seven days and the anonymized data will be deleted within 90 days.

7.3.4. Further Information

You can find LinkedIn’s data protection information under the following link: https://www.linkedin.com/legal/privacy-policy

7.4. Social Media Links

We have not embedded any social media plugins. Instead, to protect your personal data, we only link to the platform of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (hereinafter “Twitter”) and the Linkedin platform of Linkedin Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

If you follow a link, you will be directed to the respective website of the above-mentioned company. The processing of your personal data on these websites is therefore outside our area of responsibility. For the sake of completeness, however, we would also like to inform you in the case of links within the meaning of Art. 13 DSGVO, as far as this is possible for us:

7.4.1. Purpose of the Processing

On our website, we have given you the opportunity to obtain information about our company and our work via various channels and also to comment on it through the links.

7.4.2. Legal Basis

Legal basis for linking is Art. 6 (1) 1 lit. f GDPR, as we have a legitimate interest in increasing the attractiveness of our website.

7.4.3. Storage Period 

As soon as you follow one of the links and thereby leave our website, the website operators of the linked websites take over the processing of your personal data. We cannot make any statements about how long an external company will process your data. For more information on Linkedin’s respective privacy policies, visit:

https://www.linkedin.com/legal/privacy-policy

You can find Twitter’s data protection regulations here:

https://twitter.com/de/privacy

8. Data Protection Rights as a Data Subject within the Meaning of the GDPR

According to the General Data Protection Regulation, you as the data subject have various data protection rights, which you here:

When processing your personal data, you have the following rights under the GDPR. 

8.1. Art. 7 GDPR – Right to revoke the Declaration of Consent

You have the right to revoke your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

8.2. Art. 15 GDPR – Right to Information

You have the right to request confirmation from the person responsible as to whether personal data relating to you are being processed. If this is the case, you have a right to information about the information specified in Art. 15 GDPR.

8.3. Art 16 GDPR – Right to Rectification of Personal Data

You have the right to demand that the person responsible immediately rectify or complete the incorrect or incomplete personal data concerning you.

8.4 Art. 17 GDPR – Right to Erasure (“Right to be Forgotten”)

Under the conditions of Art. 17 GDPR, you have the right to demand that the person responsible delete personal data relating to you immediately.

8.5. Art. 18 GDPR – Right to Restriction of Processing

In accordance with Art. 18 GDPR, you have the right to request the person responsible to restrict data processing.

8.6. Art. 19 GDPR – Right to Information

You have the right to be informed by the person responsible about which recipients your personal data has been disclosed to and which recipients the person responsible has informed about the correction, deletion or restriction of processing.

8.7. Art. 20 GDPR – Right to Data Portability

In accordance with Art. 20 GDPR, you have the right to receive from the person responsible the personal data that you have provided to the person responsible in a structured, common and machine-readable format. In accordance with Art. 20 GDPR, you also have the right to transmit this data to another person in charge, without hindrance by the person in charge to whom the personal data was provided, insofar as this is technically feasible.

8.8. Art. 21 GDPR – Right to Object to Processing

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which is based on Art. 6. (1) lit e or f GDPR takes place to file an objection; this also applies to profiling based on these provisions. If personal data is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

8.9. Art. 22 GDPR – Right not to be Subject to an Automated Decision, including Profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effect on you or similar way significantly affected.

8.10 Art. 77 GDPR – Right to Lodge a Complaint with a Data Protection Supervisory Authority 

Without prejudice to any other legal remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates this regulation.

A joint project of the following research partners

Logo Hochschule der Medien
Logo semantha
Logo Kenbun