Data Privacy Policy

Responsible in accordance with Art. 4 paragraph 7 GDPR (Data Controller)

Stiftung SPI
Müllerstrasse 74 Location map
13349 Berlin
Telephone: 030 459793-0
Fax: 030 459793-66
Email: info( at )

Data protection officer

For the central office/institute directorate and the Colleges, Qualification and Professionalisation business areas:
Ecodata Energiemeß- und Abrechnungsgesellschaft mbH
Isabel Laser
Email: datenschutz( at )

For the business areas of Health, Residence & Employment, Life Situation, Diversity & Urban Development, Brandenburg North-West branch and Brandenburg South-East branch:
3G Business Datenschutz GmbH
Martin Mielke
Email: mielke( at )

For the Strategies for Social Integration business area:
Dr Jan Gregersen
Email: jan.gregersen( at )

Security and protection of your personal data

We consider it our primary task to maintain the confidentiality of the personal data provided by you and to protect it from unauthorised access. We therefore apply extreme care and state-of-the-art security standards to ensure the maximum protection of your personal data.

As a non-profit foundation under civil law, we are subject to the provisions of the European Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by our external service providers.

Definition of terms

The legislation requires that personal data is processed lawfully, in good faith and in a manner comprehensible to the person concerned ("lawfulness, fairness and transparency"). In order to safeguard these principles, we hereby inform you about the individual legal definitions that are also used in this Privacy Policy:

Personal data means all information relating to an identified or identifiable natural person (hereinafter: ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing is every procedure carried out with or without the help of automated processes or every such operational sequence in connection with personal data, such as the collection, the capturing, the organisation, the allocation, the saving, the adaption or changing, the selection, the querying, the use, the disclosure through transmission, the dissemination or other form of provision, the comparison or the linking, the limitation, the deletion or the destruction of the data.

Limitation of processing is the marking of saved personal data with the goal of limiting its future processing.

Pseudonymisation is the processing of personal data in a way which makes the association of the personal data with a specific data subject no longer possible without using additional information, as long as this additional information is stored separately and subject to technical and organisational measures that guarantee that the personal data cannot be associated with an identified or identifiable natural person.

Filing system means any structured set of personal data which is accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of this data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent by the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Lawfulness of the processing

The processing of personal data is lawful only if there is a legal basis for the processing. Legal basis for the processing may, in accordance with Art. 6 paragraph 1a-f GDPR in particular, be if:

a. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c. processing is necessary for compliance with a legal obligation to which the controller is subject;
d. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Information on the collection of personal data

In the following, we inform you about the collection of personal data when using our website. Personal data is, for example, name, address, email addresses, user behaviour. When you contact us by email or via a contact form, the data provided by you (e.g. email address, name, telephone number) will be saved by us in order to answer your questions. We delete the data collected in this context once saving it is no longer necessary, or processing is restricted if statutory retention obligations apply.

Collection of personal data when you visit our website
If you merely use the website for information purposes, i.e. if you do not register or provide us with information otherwise, we collect only that personal data which your browser transfers to our server. If you visit our website, we will collect the following data which is technically necessary for us to be able to display our website and guarantee its stability and security (legal basis is Art. 6 paragraph 1 sentence 1f GDPR):

  • IP address;
  • Date and time of the request;
  • Time zone difference from Greenwich Mean Time (GMT);
  • Contents of the request (specific page);
  • Access status/HTTP status code;
  • Amount of data transferred in each case;
  • Requesting website;
  • Browser;
  • Operating system and its interface;
  • Language and version of the browser software.

Use of cookies
In addition to the previously mentioned data, cookies will also be saved on your computer when you use our website. Cookies are small text files, which are assigned to the browser you are using and stored on your hard drive, and which send certain information to the site setting the cookie. Cookies cannot run any programs or transmit viruses to your computer. They are used to make the Internet site altogether more user-friendly and effective. This website uses the following types of cookies, the scope and function of which is explained in the following.

  • Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These save a so-called session ID through which the different requests of your browser can be associated with the general session. This means that your computer can be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
  • Persistent cookies are automatically deleted after a specified period which differs from cookie to cookie. You can delete the cookies at any time in your browser’s security settings.
  • You can configure your browser’s settings according to your wishes and, for example, disallow the acceptance of third-party cookies or all cookies. So-called third-party cookies are cookies which are set by a third party and not by the actual website that you are currently visiting. We point out that you may not be able to use all the functions of this website if you disable cookies.

Further functions and services of our website

  1. In addition to the purely informative use of our website, we offer various services that you can use if you are interested. To do this, you must generally provide further personal data, which we use to perform the service in question and to which the above-mentioned basic principles of data processing apply.
  2. We sometimes use external service providers for the processing of your data. These have been carefully selected and commissioned by us, are bound by our instructions and are inspected regularly.
  3. Furthermore, we may transfer your data to third parties if the conclusion of a contract or similar services are offered by us together with partners. You will be informed about this in greater detail when you provide your personal data or below in the description of the offer.
  4. If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this fact in the description of the offer.

External scripts and program libraries
Ajax, jQuery and/or jQueryUI technology is used on this website. In this, the corresponding program libraries are called up by servers at Google, whereby streamlining of the page code and the optimisation of loading speeds is achieved. Google uses the CDN (Content delivery network).
If jQuery has been used previously on another page by Google CDN, your browser will rely on the copy stored in the cache. If this does not apply, it will request a download at Google’s external servers, whereby data from your browser must be provided. These server requests with IP address may be logged there. You will find further information in the Google Privacy Policy.
You can prevent the collection and forwarding of this data by disabling the use of JavaScript in your browser or installing a tool such as “NoScript”. This will, however, restrict some functionality of the website.


  1. With your consent, you can subscribe to our newsletter, in which we inform you about our current offers. The advertised goods and services or information are named in the consent form.
  2. We use the so-called double-opt-in procedure for registration for our newsletter. This means that we send an email after your registration to the email address provided, in which we ask you to confirm that you want to receive the newsletter. If you fail to confirm your registration within 24 hours, your information will be blocked and deleted automatically after one month. In addition, we save the IP addresses you used and the times of registration and confirmation. The purpose of the procedure is to be able to prove and, if necessary, investigate the possible misuse of your personal data.
  3. The only mandatory information for receipt of the newsletter is your email address. The provision of further, separately marked data is voluntary and will be used to be able to address you personally. Following your confirmation, we will save your email address for the purposes of sending you the newsletter. Legal basis is Art. 6 paragraph 1 sentence 1a GDPR.
  4. You can revoke the consent you provided for receipt of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in every newsletter email, via this form on the website, by email to redaktion( at ), or by sending a message to the contact address provided in the Legal Notice.