This website and the contents thereof are protected worldwide by copyright and related intellectual property rights. Users are free to download, use and redistribute files or contents from this website, provided that they are not modified, and that the copyright and disclaimer notice are not removed. Files or contents - as such or in whatever way combined - may not be sold for profit or incorporated in commercial documents without the written permission of the copyright holder. Unauthorized inclusion of single pages, graphics, or other components of this website in other websites, print products, or electronic media is prohibited.
The information on this website is provided 'as is', for informational purposes only and should not be construed as professional advice of any kind. Participants of the Berlin Group accept no liability whatsoever arising from any alleged consequences or damages resulting from use or application of the information and give no warranties of any kind as to the completeness, accuracy, timeliness, availability, functionality and compliance with applicable laws in relation to the information provided.
The participants of the Berlin Group have not reviewed any of the websites that may be linked to or from the Berlin Group website, and the existence of such links does not indicate any approval or endorsement of any material contained on any linked website. The participants of the Berlin Group are not responsible for the contents of any website linked to or from the Berlin Group website.
The Berlin Group reserves the right to change the content on the Berlin Group website at any time and without notice.
Please note: visitors of this website are not obligated by law to provide any information. Visitors hereby acknowledge, warrant and agree that any information that is provided, is provided at own free will and consent, for the purposes and uses described herein.
SRC Security Research & Consulting GmbH
Telephone: +49 (0) 228 / 2806 – 0
Telefax: +49 (0) 228 / 2806 – 199
Managing Director: Gerd Cimiotti
Commercial register: Bonn HRB 9414
VAT number: DE 212254844
Our dataprotection officer can be reached as follows:
Dr. Gregory Scheja
Adenauer Allee 136
Tel .: +49 (0) 228-227 226-0
Fax: +49 (0) 228-227 226-26
Types of processed data
inventory data (e.g. names, addresses).
contact information (e.g. email, phone numbers).
content data (e.g. text input, photographs, videos).
usage data (e.g. websites visited, interest in content, access times).
meta / communication data (e.g. device information, IP addresses).
Purpose of processing
Provision of online information regarding the Berlin Group
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject"); a natural person is considered as identifiable, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (eg cookie) or one or more special features, that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
"Processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data. The scope of this term is quite extended and includes virtually every handling of data.
"Responsible Entity" means the natural or legal person, public authority, body or body that decides, alone or in concert with others, on the purposes and means of processing personal data.
Relevant legal basis
Collaboration with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit data to them or otherwise grant them access to the data, this will be done on the basis of
a legal license (for example, if a transmission of the data to third parties, such as to payment service providers, pursuant to Article 6 (1) sub b. GDPR is required to fulfill the contract),
a legal obligation to do so or
our legitimate interests (for example, when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called "contract processing agreement", this is done in accordance with the relevant requirements of Art. 28 GDPR.
Transfers to third countries
Unless we process data
in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)), or
the processing takes place in the context of the use of services of third parties, or
data is disclosed or transmitted to third parties,
this only happens when needed
to fulfill our (pre) contractual obligations or on the basis of
a legal obligation or
on the basis of our legitimate interests.
Subject to legal or contractual permissions, we process or have the data processed in a third country only when the special requirements of Art. 44 et seq. GDPR apply. This means that the processing takes place e.g. on the basis of specific guarantees, such as the officially EU acknowledged level of data protection (eg for the USA through the Privacy Shield), or on the basis of compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
Right to information: You have the right to obtain information about the data we have stored about you.
Right of rectification and cancellation: You may demand the correction of incorrect data and - insofar as the legal requirements are met - the deletion of your data.
Restriction of processing: As far as the legal requirements are met, you can demand that we restrict the processing of your data.
Data portability: If you have provided us with data based on a contract or consent, you may, subject to the legal requirements, require that you receive the data you provide in a structured, common and machine-readable format, or that we transfer it to another person in charge to transfer.
Objection to data processing in the case of "legitimate interest" legal basis: You have the right, for reasons arising from your particular situation, to object at any time to the processing of data by us, insofar as this is based on a "legitimate interest" legal basis. If you make use of your right of objection, we will stop the processing of your data, unless we can - in accordance with the legal requirements - prove compelling legitimate reasons for further processing that outweigh your rights.
Revocation of consent: If you have given us consent to the processing of your data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected.
Complaints to the supervisory authority: You can also file a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can contact the data protection authority, which is responsible for your place of residence or your country, or the data protection authority responsible for us.
Your contact to us: Furthermore, if you have any questions about the processing of your personal data, your data subject rights and any consent given, you can contact us free of charge. To exercise all of your aforementioned rights, please contact or by post to the address mentioned above. Please make sure that we can clearly identify you.
"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online service and closes his browser. In such a cookie, e.g. the contents of a shopping cart in an online store or login status are stored. The term "permanent" or "persistent" refers to cookies that remain stored even after the browser has been closed. Thus, e.g. the login status could be stored when users visit the site after several days. Likewise, in such a cookie the interests of the users can be stored, which are used for interest measurements or marketing purposes. A "third-party cookie" refers to cookies that are offered by providers other than the person who manages the online offer (otherwise, if it is only their cookies, this is called "first-party cookies").
If users do not want cookies to be stored on their computer, they can disable the option in their browser's system settings. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) sub. f GDPR. Our legitimate interests are the simplification of the use of our website and the recognisability of the user's browser even after a change of the website.
Deletion of data
According to legal requirements in Germany, the storage takes place in particular for 6 years pursuant to § 257 (1) HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, trade and business letters, documents relevant to taxation, etc.).
When contacting us (for example, by contact form, email or telephone), the information provided by the user to process the contact request and the subsequent processing of this request will be processed according to Art. 6 (1) sub. b) GDPR. User information can be stored in a Customer Relationship Management System ("CRM System") or comparable request management system.
We delete the requests, if they are no longer required. We check the necessity every two years. Furthermore, the statutory archiving obligations apply.
Integration of services and contents of third parties
Based on our legitimate interests (ie interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) sub. f GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, to include for instance videos or fonts (collectively referred to as "content").
This always presupposes that the third-party providers of this content know the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only those contents whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online offer.