top of page


​This website and the contents thereof as well as the contents of mailings are protected worldwide by copyright and related intellectual property rights. Users are free to download, use and redistribute files or contents from this website or from mailings, provided that they are not modified, and that the copyright and disclaimer notice are not removed. Files or contents - as such or in whatever way combined - may not be sold for profit or incorporated in commercial documents without the written permission of the copyright holder. Unauthorized inclusion of single pages, graphics, or other components of this website or mailings in other websites, print products, or electronic media is prohibited.

The information on this website and in mailings is provided 'as is', for informational purposes only and should not be construed as professional advice of any kind. Participants of the Berlin Group accept no liability whatsoever arising from any alleged consequences or damages resulting from use or application of the information and give no warranties of any kind as to the completeness, accuracy, timeliness, availability, functionality and compliance with applicable laws in relation to the information provided.

The participants of the Berlin Group have not reviewed any of the websites that may be linked to or from the Berlin Group website, and the existence of such links does not indicate any approval or endorsement of any material contained on any linked website. The participants of the Berlin Group are not responsible for the contents of any website linked to or from the Berlin Group website.


The Berlin Group reserves the right to change the content on the Berlin Group website at any time and without notice.

Dataprivacy Policy

The Berlin Group is highly committed to protecting and respecting personal information and obeys the applicable Privacy Protection Laws and Regulations. We strongly urge visitors to read this Dataprivacy Policy and make sure that they fully understand and agree with it, before accessing or using the website or any of the available applications or services. If this Dataprivacy Policy is not read, fully understood and agreed to, it is advised to immediately leave this website, application or service, and avoid or discontinue all use of any of the offered applications or services. Accessing the website or using any of the offered applications or services signifies and affirms informed consent to this Dataprivacy Policy, including to the collection and processing of personal information (either collected and processed directly or indirectly through third-party services). Services may only be used with full consent to the practices described in this Dataprivacy Policy.


Please note: visitors of this website are not obligated by law to provide any information. Visitors hereby acknowledge, warrant and agree that any information that is provided, is provided at own free will and consent, for the purposes and uses described herein.


This Dataprivacy Policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as "Data") within our online website offering, features and content, as well as external online presence, e.g. on social media profiles (collectively referred to as "online offer"). With regard to the terminology used, e.g. "Processing" or "Responsible", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).


Responsible Entity

SRC Security Research & Consulting GmbH


D-53113 Bonn

Telephone: +49 (0) 228 / 2806 – 0

Telefax: +49 (0) 228 / 2806 – 199


eMail: info[at]

Managing Director: Gerd Cimiotti

Commercial register: Bonn HRB 9414

VAT number: DE 212254844


Our dataprotection officer can be reached as follows:

Dr. Gregory Scheja

Adenauer Allee 136

53113 Bonn

Tel .: +49 (0) 228-227 226-0

Fax: +49 (0) 228-227 226-26



Types of processed data

  • inventory data (e.g. names, addresses).

  • contact information (e.g. email, phone numbers).

  • content data (e.g. text input, photographs, videos).

  • usage data (e.g. websites visited, interest in content, access times).

  • meta / communication data (e.g. device information, IP addresses).

Purpose of processing

  • Provision of online information regarding the Berlin Group


Applicable terms

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject"); a natural person is considered as identifiable, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (eg cookie) or one or more special features, that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.


"Processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data. The scope of this term is quite extended and includes virtually every handling of data.


"Responsible Entity" means the natural or legal person, public authority, body or body that decides, alone or in concert with others, on the purposes and means of processing personal data.


Relevant legal basis

In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. Unless the legal basis in the Dataprivacy Policy is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) sub. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) sub. b GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) sub. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) sub. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) sub. d GDPR serves as the legal basis.


Safety measures

We ask you to regularly inform yourself about the content of our Dataprivacy Policy. We will adjust the Dataprivacy Policy as soon as changes resulting from our data processing are required. We will notify you as soon as the changes require your participation (e.g. consent) or any other type of individual notification.


Collaboration with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit data to them or otherwise grant them access to the data, this will be done on the basis of

  • a legal license (for example, if a transmission of the data to third parties, such as to payment service providers, pursuant to Article 6 (1) sub b. GDPR is required to fulfill the contract),

  • your consent

  • a legal obligation to do so or

  • our legitimate interests (for example, when using agents, web hosts, etc.).


If we commission third parties to process data on the basis of a so-called "contract processing agreement", this is done in accordance with the relevant requirements of Art. 28 GDPR.


Transfers to third countries

Unless we process data

  • in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)), or

  • the processing takes place in the context of the use of services of third parties, or

  • data is disclosed or transmitted to third parties,

this only happens when needed

  • to fulfill our (pre) contractual obligations or on the basis of

  • your consent,

  • a legal obligation or

  • on the basis of our legitimate interests.


Subject to legal or contractual permissions, we process or have the data processed in a third country only when the special requirements of Art. 44 et seq. GDPR apply. This means that the processing takes place e.g. on the basis of specific guarantees, such as the officially EU acknowledged level of data protection (eg for the USA through the Privacy Shield), or on the basis of compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").


Affected rights

Right to information: You have the right to obtain information about the data we have stored about you.

Right of rectification and cancellation: You may demand the correction of incorrect data and - insofar as the legal requirements are met - the deletion of your data.

Restriction of processing: As far as the legal requirements are met, you can demand that we restrict the processing of your data.


Data portability: If you have provided us with data based on a contract or consent, you may, subject to the legal requirements, require that you receive the data you provide in a structured, common and machine-readable format, or that we transfer it to another person in charge to transfer.


Objection to data processing in the case of "legitimate interest" legal basis: You have the right, for reasons arising from your particular situation, to object at any time to the processing of data by us, insofar as this is based on a "legitimate interest" legal basis. If you make use of your right of objection, we will stop the processing of your data, unless we can - in accordance with the legal requirements - prove compelling legitimate reasons for further processing that outweigh your rights.


Opposition to cookies: You may also object to the use of cookies at any time. For details, please refer to the respective statements on the use of the respective cookies.


Revocation of consent: If you have given us consent to the processing of your data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected.


Complaints to the supervisory authority: You can also file a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can contact the data protection authority, which is responsible for your place of residence or your country, or the data protection authority responsible for us.


Your contact to us: Furthermore, if you have any questions about the processing of your personal data, your data subject rights and any consent given, you can contact us free of charge. To exercise all of your aforementioned rights, please contact or by post to the address mentioned above. Please make sure that we can clearly identify you.



"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online service and closes his browser. In such a cookie, e.g. the contents of a shopping cart in an online store or login status are stored. The term "permanent" or "persistent" refers to cookies that remain stored even after the browser has been closed. Thus, e.g. the login status could be stored when users visit the site after several days. Likewise, in such a cookie the interests of the users can be stored, which are used for interest measurements or marketing purposes. A "third-party cookie" refers to cookies that are offered by providers other than the person who manages the online offer (otherwise, if it is only their cookies, this is called "first-party cookies").


We can use temporary and permanent cookies and clarify this in the context of using our website. When you visit our website for the first time, you will see a pop-up message at the bottom of the screen informing you about the use of cookies. If you click the Accept button, we will save a cookie so that we know that you have taken notice of our message and that it will not be redisplayed on your next visit.


If users do not want cookies to be stored on their computer, they can disable the option in their browser's system settings. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.


The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) sub. f GDPR. Our legitimate interests are the simplification of the use of our website and the recognisability of the user's browser even after a change of the website.


Deletion of data

The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this Dataprivacy Policy, the data stored by us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example for data that must be kept for commercial or tax reasons.


According to legal requirements in Germany, the storage takes place in particular for 6 years pursuant to § 257 (1) HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, trade and business letters, documents relevant to taxation, etc.).



When contacting us (for example, by contact form, email or telephone), the information provided by the user to process the contact request and the subsequent processing of this request will be processed according to Art. 6 (1) sub. b) GDPR. User information can be stored in a Customer Relationship Management System ("CRM System") or comparable request management system.


We delete the requests, if they are no longer required. We check the necessity every two years. Furthermore, the statutory archiving obligations apply.


Integration of services and contents of third parties

Based on our legitimate interests (ie interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) sub. f GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, to include for instance videos or fonts (collectively referred to as "content").


This always presupposes that the third-party providers of this content know the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only those contents whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online offer.


Google fonts

We incorporate the fonts ("Google Fonts") provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy:, opt-out feature provided by Google:



bottom of page