We – Deutscher Akademischer Austauschdienst e.V. (the German Academic Exchange Service), hereinafter referred to as either “we” or “DAAD” – are pleased to see you visiting our website. Thank you for your interest in our organisation and funding programmes. Your privacy is important to us. We take the protection of your personal data and their confidential treatment very seriously. Your data will be processed exclusively within the legal framework of the data protection provisions of the European Union, particularly the General Data Protection Regulation (hereinafter: “GDPR”). This data protection statement provides you with information about the processing of your personal data and your data protection rights when using our website.
1. Data Processor and Data Protection Officer – contact details
The Data Processor as defined in data protection legislation is
Deutscher Akademischer Austauschdienst e.V. (DAAD)
Tel: +49 228 882-0
If you have any questions or suggestions about data protection, please feel free to contact us.
2. Object of data protection
The object of data protection is personal data. Personal data means any information relating to an identified or identifiable natural person (a so-called data subject). This includes, for example, details such as the name, postal address, email address and phone number, though other details are also necessarily created while using our website, such as the beginning, end and extent of use.
3. Type, scope, purposes and legal basis for data processing
Below you will find an overview of the type, scope, purposes and legal basis of data processing on our website.
3.1 Provision of our website
When you access our website on your device, we process the following data:
- Date and time of access
- Duration of visit
- Your operating system
- Volume of data sent
- Type of access
- IP address
- Domain name
We process this data on the basis of GDPR Article 6 (1) point f, as they are required for us to provide the service, to ensure technical operation and to investigate and remove malfunctions. It is in our interest to ensure the use and technical operability of our website. This data is automatically processed when our website is accessed. Unless they are provided, you cannot use our services. We usually erase these data after seven days unless, under exceptional circumstances, we need them for a longer period for the above-mentioned purposes. In such a case we erase the data as soon as they are no longer required for the relevant purpose.
3.2 Social plug-ins
This website uses social plug-ins from the social media Facebook, Google+ and Twitter operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, respectively. You will find three buttons on our website, enabling you to share content on Facebook, Google+ and Twitter, so that you can conveniently recommend our website to friends on your preferred social media platforms. A so-called Shariff solution has been implemented on our website. When you call up our website, data is not automatically sent to the relevant social media.
But when you click on a social media button, your browser uses this social plug-in to set up a direct connection to the server of the relevant social network. The legal basis for the transfer of data to the previously mentioned social networks is your consent (pursuant to Art. 6 Para. 1 letter a, 49 Para. 1 letter a DSGVO). In this respect, your personal data will be transferred to bodies in a third country (outside the European Economic Area), although a level of data protection comparable to that under EU law is not guaranteed. Therefore, compliance with the data protection principles of EU law is not guaranteed. We have no influence on the scope of the data which is collected by the social media operators in this way. The operators process the information that you have called up our website. If you are also logged into one of the social media platforms at that time, the operator can match up your account with the relevant social media site. If you then also interact with the social plug-in by clicking “Like” or “Share”, the relevant social media site will process that information. Even if you are not a member of one of these social media platforms, it is possible for them to find out your IP address through the social plug-in and then possibly store this information. Further information about the scope and purpose for which data is processed, collected and used by Facebook, Google and Twitter, as well as your rights in this respect and the setting options, can be found in each company’s data protection policy:
If you do not want social media to collect data via our website, make sure you do not click on the relevant buttons. In addition, you can block social plug-ins via add-ons in your browser.
3.3 Google Analytics
This website uses Google Analytics with the extension “_anonymizeIp()”. This has the effect of truncating IP addresses before further processing, so that the data cannot be related to any specific person. If the data that is collected about you allows conclusions about you as a person, this is immediately prevented and the relevant personal data are thus erased immediately.
We use Google Analytics to analyse use of our website and to improve it at regular intervals. The statistical data we receive in this way helps us to improve our website and to make it more interesting for you as a user. In the exceptional cases in which personal data is transferred to Google (USA), your personal data is transferred to a third country (outside the European Economic Area). To ensure an adequate level of data protection, we have concluded so-called EU standard contractual clauses with Google. You can obtain from us a copy of the specifically agreed regulations to ensure an adequate level of data protection. Please use the information provided under point 1.
The legal basis for the use of Google Analytics is GDPR Article 6 (1) point a, i.e. your consent. Any data that we send, and which is linked to cookies, user IDs or advertising IDs, is automatically erased after 14 months. Any data that has reached the end of its retention period is automatically erased once a month.
You can prevent the storage of cookies through a suitable setting in your browser software. Please note, however, that if you do so, you may not be able to use all the functions of this website in full. Furthermore, if you wish to prevent the collection of data generated by cookies and related to your usage of the website (incl. your IP address) and if you wish to opt out of such data being processed by Google, you can download and install a browser plug-in from the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Opt-out cookies prevent any future collection of your data when visiting this website. To prevent collection via Universal Analytics across multiple devices, you need to implement the opt-out on all the systems you use. Click here to set the opt-out cookie: Deactivate Google Analytics
Further details about Google and its use of personal data can be obtained from the following addresses:
- Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
- https://www.google.com/analytics/terms/us.html, data privacy overview:
3.4 Map service
3.5 YouTube Videos
On our website video clips from the video portal YouTube are embedded. YouTube is a portal of YouTube, LLC, a subsidiary of Google Inc.
For reasons of data protection, we have decided not to integrate the video clips directly into our site, but to deactivate them by default. Therefore, when you call up our site, no data is transmitted to Google. Therefore you will find on our website only a preview image of the video clip. To play the video clip, you need to activate it by clicking on the preview image. By clicking, you give your consent to the transfer of data to YouTube. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 para. 1 lit. a, 49 para. 1 lit. a DSGVO. Only after this activation a connection to the servers of Google is established and data is transmitted to Google. In this respect, your personal data will be transferred to bodies in a third country (outside the European Economic Area), although a level of data protection comparable to that under EU law is not guaranteed. Therefore, compliance with the data protection principles of EU law is not guaranteed. We have no influence on the scope of the data collected in this respect.
4. Links to third-party websites
If websites and services by other site owners are linked to this website, they have been and will continue to be designed and supplied by third parties. We have no influence on the design, content or function of third-party services, and we expressly distance ourselves from any content provided by linked third-party sites. Please remember that third-party sites linked to this website may have their own cookies which are installed on your device to collect personal data. We have no influence over this. In such cases you may wish to obtain more information directly from the owners of the third-party websites linked to this site.
6. Recipients of personal data
Internal recipients: Within the DAAD, access is limited to persons requiring it for the purposes specified under clause 3.
External recipients: We only share your personal data with external recipients outside the DAAD if this is required for managing or processing your request, if there is some different legitimate permission or if you have given us your consent for this purpose.
External recipients may be:
External service providers we use for the provision of services, for instance in the technical infrastructure and maintenance of the DAAD’s own services or for the provision of content. We carefully select such processors and regularly check them to ensure the safeguarding of your privacy. Service providers may only use data for the purposes we specify.
b) Public bodies
Public authorities and state institutions, such as public prosecutors, courts of law and fiscal authorities to which we need to send personal data for mandatory legal reasons.
c) Private bodies
Cooperation partners and assistants, to whom data is transmitted on the basis of consent or a mandatory requirement.
7. Data processing in third countries
If data is transmitted to bodies that have their head offices or data-processing locations outside EU member states and outside states forming part of the EEA, we ensure before disclosure that – except for certain legally permitted exceptions – those bodies either have your adequate consent or they provide an adequate level of data protection (for instance, through an adequacy decision taken by the European Commission, through suitable guarantees such as the recipient’s self certification for the EU-US Privacy Shield or the agreement of so-called standard EU contractual clauses with the recipient). You can request from us a list of recipients in third countries and a copy of the provisions that have been agreed in each case to ensure an adequate level of data protection. To do so, please use the contact details given in clause 1.
8. Retention period
You will find the retention period for personal data in the relevant chapter on data processing. We generally apply the rule whereby we only save your personal data for as long as they are required to fulfil their purposes or – if you have given your consent – until you revoke your consent. If you revoke your consent, we erase your personal data, unless further processing is permitted under the relevant applicable statutory provisions. We also erase your personal data if we are under an obligation to do so on legal grounds.
9. Rights of data subjects
As a data subject you are entitled to the following rights:
Right to information: You have a right to access the data we have stored about you as a person.
Right to rectification and erasure: You can require us to correct inaccurate data or – provided that the legal grounds are in place – to erase your data.
Restriction of processing: Provided that the legal grounds are in place, you can require us to restrict the processing of your data.
Data portability: If you have provided us with data on the basis of a contract or your consent, and as long as there are legal grounds, you can require us to send you the data you gave us in a structured, commonly used and machine-readable format, or you can require us to send your data to a different controller.
Objection to data processing on the legal basis of “legitimate interest” under GDPR Article 6 (1) point f:
If there are reasons arising from your specific situation, you are entitled to object to our processing of your data at any time, provided that such an objection has its legal basis in a “legitimate interest”. If you make use of your right to object, we shall discontinue the processing of your data, unless we can – within the parameters of the law – demonstrate compelling legitimate grounds for further processing, outweighing your own rights.
To make use of your right to object, please use the contact details specified in clause 1.
Revocation of consent: If you have given us your consent to the processing of your data, you can revoke the same at any time with future effect. This, however, does not affect the legitimacy of processing your data until the date of revocation.
Right to lodge a complaint with the supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data has breached the latest applicable law. To do so, you can contact the data protection authority responsible for your place of residence or country or the data protection authority responsible for ourselves.
Your contact with us: In addition, if you have any questions about the processing of your personal data, your rights as a data subject or any consent you may have given, please feel free to contact us without incurring any charge. To exercise any of the aforementioned rights, please contact firstname.lastname@example.org or write to the postal address specified in clause 1. When you do so, please make sure that we can clearly identify you.
10. Commissioner for data protection
Contact details of our commissioner for data protection:
Dr Gregor Scheja
Scheja und Partner Rechtsanwälte mbB
Telephone: +49 228 227226-0
Fax: +49 228 227226-26
11. Update status
The latest version of this data protection statement shall be applicable. Last updated: 25 November 2020.