Data protection

Status: 15.07.2022


This statement provides you with an overview of how your personal data is collected and processed when you use our website and what you can do yourself to better protect your data.

Controller for the processing, Art. 4 (7) EU General Data Protection Regulation (GDPR)

Central Institute for Mental Health (ZI)
State foundation under public law

Postal address: P.O. Box 12 21 20, 68072 Mannheim
House address: J 5, 68159 Mannheim (summonable address)

Phone: 0621 1703-0
Fax: 0621 1703-1205


represented by the Foundation's Management Board / the Foundation's Management Board members Prof. Dr Andreas Meyer-Lindenberg (Chairman of the Management Board / Director) and Andreas-W. Möller (Commercial Director), ibidem, Chairman of the Supervisory Board Dr Carsten Dose, ibidem

Chairman of the Supervisory Board: Dr Carsten Dose

see also our imprint

Data Protection Officer

If you have any questions, complaints or wish to assert your data protection rights, please use the following address:

Data Protection Officer | Central Institute of Mental Health
J 5, 68159 Mannheim

What is personal data?

Personal data is any information relating to an identified or identifiable natural person. The decisive factor is therefore whether a personal reference can be established through the data collected. This includes information such as your name, address, telephone number, email address and user behaviour. Information that is not directly associated with your real identity - such as favourite websites or the number of users of a site - is not personal data.

How do we collect and process your personal data when you visit our website?

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 I 1 lit. f GDPR):

  • IP address
  • Date and time of the enquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status / HTTP status code
  • Amount of data transferred in each case
  • Website from which the request originates
  • browser
  • Operating system and its interface
  • Language and version of the browser software

How do we use your personal data and how do we pass it on?

If the opportunity for the input of personal or business data (e-mail addresses, names, addresses) is given, the input of these data takes place voluntarily. E-mails are sent via a contact form. If you send us such a message, your personal data will only be collected to the extent necessary for a reply. The e-mail is transmitted unencrypted. We use the personal data provided by you exclusively for the purpose of technical administration of the websites and to fulfil your wishes and requirements, i.e. generally to process the contract concluded with you or to answer your enquiry. We only use this data for product-related surveys, marketing purposes and statistical purposes if you have given us your prior consent or if you have not objected to this - insofar as this is provided for by law. Your personal data will not be passed on, sold or otherwise transferred to third parties unless this is necessary for the purpose of contract fulfilment or you have expressly consented to this. Any consent given can be revoked at any time with effect for the future.

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. In doing so, we will also state the specified criteria for the storage period.

How long will your data be stored?

In principle, we store all information that you transmit to us until the respective, e.g. contractual, purpose has been fulfilled. E.g. in the case of enquiries until they have been dealt with, in the case of newsletters until you unsubscribe from the newsletter. If longer storage is provided for by law, the information will be stored within this framework.

When will your data be deleted?

We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. On the other hand, the stored personal data will be deleted if you revoke your consent to storage, if knowledge of the data is no longer required to fulfil the purpose for which it was stored or if storage is not permitted for other legal reasons. Data for billing and accounting purposes are not affected by a request for deletion.

You have the following rights vis-à-vis us with regard to your personal data:

  • Right to information,
  • Right to rectification or erasure,
  • Right to restriction of processing,
  • Right to object to processing,
  • Right to data portability.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

Electronic mails (e-mails)

When transmitting personal data by e-mail, we would like to point out that the Internet itself does not provide any protection mechanisms and that it is therefore generally not possible to exclude the possibility of third parties gaining knowledge of this data. The data transmitted to us will be used exclusively for the purposes specified to us, will be treated confidentially and will be deleted immediately after your enquiry has been processed. No data will be passed on to third parties.

Data protection for applications and in the application process

We collect, process and store the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions and transferred to the personnel file. If no employment contract is concluded with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller.
Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). Applicants may receive an invitation to a so-called "talent pool" for future job advertisements at the Central Institute despite a rejection in a specific application procedure. If the applicant consents, the application data will be deleted after one year at the latest. Finally, the storage period is also assessed according to the statutory limitation periods, which can be up to thirty years, for example according to §§ 195 ff. of the German Civil Code (BGB), whereby the regular limitation period is three years.

What we do for the security of processing

Our institute takes all necessary technical and organisational security measures to protect your personal data from loss and misuse. For example, your data is stored in a secure operating environment that is not accessible to the public. In certain cases, your personal data is encrypted during transmission using secure socket layer technology (SSL). This means that communication between your computer and the servers of our institute takes place using a recognised encryption method if your browser supports SSL.

These are your data protection rights

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and possible recipients and the purpose of data processing (Art. 15 GDPR) and, if applicable, a right to rectification of incorrect data (Art. 16 GDPR), erasure of this data (Art. 17 GDPR), the right to restriction of processing in accordance with Art. 18 GDPR, the right to object (Art. 21 GDPR) and the right to data portability of data provided by you in accordance with Art. 20 GDPR. The restrictions under Sections 9 and 10 LDSG Baden-Württemberg apply to the right of access and the right to erasure.

Furthermore, in the event of violations of data protection law, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR in conjunction with Section 25 LDSG Baden-Württemberg). The competent supervisory authority for data protection issues is the State Commissioner for Data Protection and Freedom of Information of the State of Baden-Württemberg, P.O. Box 10 29 32, 70025 Stuttgart, Tel.: 0711 615541-0, FAX: 0711 615541-15, Email:

How you can withdraw your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. All you need to do is send an informal email to The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Use of cookies

When you visit our website, we use so-called cookies. These are small text files that are stored on your computer. Cookies help us to determine the frequency of use and the number of users of our website, as well as to make our services as convenient and efficient as possible for you. On the one hand, we use so-called session cookies, which are only stored temporarily for the duration of your use of one of our websites. On the other hand, we use permanent cookies to store information about visitors who repeatedly access one of our Internet pages. The purpose of using these cookies is to be able to offer you optimal user guidance, to recognise you and to be able to present you with a website that is as varied as possible and new content in the event of repeated use. The content of a permanent cookie is limited to an identification number. Name, IP address etc. are not stored. An individual profile of your usage behaviour is not created. It is also possible to use our website without cookies. You can deactivate the storage of cookies in your browser, restrict it to certain websites or set your browser so that it notifies you as soon as a cookie is sent. Please note, however, that if you deactivate cookies, you will have to reckon with a restricted display of the site and limited user guidance. Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this privacy policy.

AWStats analysis service

Our website uses AWStats, a free web analysis software available at It is used to analyse log files that web servers create on the basis of visitor requests. 
AWStats does not use cookies for the analysis. The analysis is carried out using the log files stored on our server, which also contain IP addresses. The data from the web server log files are analysed in anonymised form, i.e. without identifying users by IP address or other personal data. These log files are not merged with other data sources, and the log files are also automatically deleted after one month following a statistical analysis. Access to this analysis data is only possible for the Central Institute of Mental Health. This is the operator of the web server.
This data is collected, processed, used and evaluated solely for statistical purposes and to optimise the content of the Stark-im-Sturm website. We use these statistics exclusively to measure activities and to improve or adapt our websites to the needs of users. The legal basis for the processing of log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

If individual pages of our website are accessed, the following data is stored:

  • the website accessed
  • the website from which the user accessed the website (referrer)
  • the subpages that are accessed from the accessed website
  • the time spent on the website
  • the frequency with which the website is accessed.

The programme does not transmit any data to third parties. In particular, no data is transferred abroad, as our server is located in Germany.
Further information on data protection in the measurement process can be found on the website

Use of social media plug-ins

We currently use the following social media plug-ins: Vimeo. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognise the provider of the plug-in by the marking on the box above its initial letter or the logo. We give you the option of communicating directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offering. In addition, the data mentioned under § 3 of this declaration will be transmitted. In the case of Facebook, according to the provider in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, your personal data is therefore transmitted to the respective plug-in provider and stored there (for US providers in the USA). As the plug-in provider collects data via cookies in particular, we recommend that you delete all cookies via your browser's security settings before clicking on the greyed-out box.

We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or customising its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. We offer you the opportunity to interact with the social networks and other users via the plug-ins so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 I 1 lit. f GDPR.

Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent you from being assigned to your profile with the plug-in provider.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy.

Application and use of Vimeo

Vimeo components are integrated on this website. Vimeo is an Internet video and streaming portal that enables video publishers to post video clips and other users to view, rate and comment on them. Vimeo allows the publication of all types of video and live streams.

The operating company of Vimeo is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

Each time you access a page of our website on which a Vimeo component (Vimeo video) has been integrated, your Internet browser is automatically prompted by the respective Vimeo component to download a representation of the corresponding Vimeo component from Vimeo. Further information about Vimeo can be found at During the course of this technical procedure, Vimeo gains knowledge of what specific sub-page of our website you are visiting.

If you are logged in to Vimeo at the same time, Vimeo recognises which specific sub-page of our website the data subject is visiting when a sub-page containing a Vimeo video is accessed. This information is collected by Vimeo and assigned to the respective Vimeo account of the data subject.

Vimeo always receives information via the Vimeo component that the data subject has visited our website if you are logged in to Vimeo at the same time as accessing our website. This takes place regardless of whether you click on a Vimeo video or not. If you do not want this information to be transmitted to Vimeo, you can prevent it by logging out of your Vimeo account before accessing our website.

You can find Vimeo's privacy policy at:

Changes to the privacy policy

Changes may be made to this privacy policy, which will be announced on this page in good time.