1. Data Processor and Data Protection Officer – contact details

The Data Processor as defined in data protection legislation is

Deutscher Akademischer Austauschdienst e.V. (DAAD)
Kennedyallee 50
53175 Bonn
Germany

Tel.: +49 228 882-0
Email: datenschutz@daad.de

If you have any questions or suggestions about data protection, please feel free to contact us.

2. Object of data protection

The object of data protection is personal data. Personal data means any information relating to an identified or identifiable natural person (a so-called data subject). This includes details such as name, postal address, email address or telephone number, as well as information that necessarily arises from the use of our website and the use of your DAAD ID, such as details about the start, end and scope of use.

3. Type, scope, purposes and legal basis for data processing

Below you will find a summary of the type, scope, purposes and legal basis of data processing in connection with the use of our website and your DAAD ID.

3.1 Provision of our website

When you access our website on your device, we process the following data:

• Date and time of access
• Duration of visit
• Your operating system
• Volume of data sent
• Type of access
• IP address
• Domain name

We process this data on the basis of GDPR Article 6 (1) point f, as they are required for us to provide the service, to ensure technical operation and to investigate and remove malfunctions. It is in our interest to ensure the use and technical operability of our website. This data is automatically processed when our website is accessed. Unless they are provided, you cannot use our services. We usually erase these data after seven days unless, under exceptional circumstances, we need them for a longer period for the above-mentioned purposes. In such a case we erase the data as soon as they are no longer required for the relevant purpose.

3.2 DAAD ID login function

Functionality and purpose

The DAAD offers numerous services that are not available for use until you have registered. The DAAD ID is your main user profile that will enable you to access all our services with a single log-in in future. It saves you having to remember multiple user names and passwords.

Registration using your DAAD ID is currently possible for the following DAAD services, for which the DAAD is solely or jointly responsible under data protection law:

• Mein DAAD
• DAAD application portal for personal funding, project funding and insurance
• My GUIDE
• HSI Monitor
• Europa macht Schule application portal
• Alumniportal Deutschland
• Lehmanns media order portals
• DUZ-DAAD app

In addition, the DAAD ID can be used for authentication with some external services provided by cooperation partners, networks and external academic/scientific projects. The DAAD is not responsible for these services under data protection law. These are as follows:

• DFN-AAI (authentification and authorization infrastructure of the association for the promotion of a German research network)
• eduGAIN interfederation service
• Digital Campus

For more information on these services, please refer to the relevant data privacy statements.

Data categories
Your DAAD ID consists of the following categories of personal data that we require in order to ensure functionality:

• Email address
• Password
• Gender
• Surname, first name
• Preferred language
• Where applicable, role authorisations for the relevant closed areas subject to restricted access
• Object-ID (anonymous system code)

This data is initially processed when registering or updating data and when registering with one of the DAAD services or external partners, networks and projects listed above.

Legal basis, deletion
Processing is carried out in accordance with Article 6 (1) point b GDPR. We delete the data when it is no longer required for the purpose pursued by us of ensuring the functionality of the “DAAD ID” service, when you have deleted your DAAD account and when there are no other legal grounds that intervene, in particular statutory or contractual retention periods.

3.3 Contact form

You have the option to contact us using the “Contact form for technical questions about the DAAD ID” on the following page: https://www.daad.de/en/the-daad/contact/technical-enquiries-about-the-daad-id/

Therefore we need the following mandatory details (marked as such): first name, surname, email address, description of error. However, you can voluntarily provide additional details, such as a screenshot.

The data is used to fulfil your contact request. We process this data based on Article 6 (1) points b and f GDPR. The sole purpose of processing your data is to deal with your enquiry. Our legitimate interest in this respect lies in the processing of your enquiry.

The data collected via the contact form is transferred by us to a ticket system for processing the request. In order to be able to process the requests in the long term, the data is retained there for six months. The additional personal data collected during the submission process is deleted if the data is no longer necessary for the purposes for which it was collected or otherwise processed.

3.4 Google Analytics

This website uses Google Analytics, a web analysis service of Google LLC (hereinafter: “Google”). Google Analytics uses cookies (see clause 3.5), i.e. text files which are saved to your computer and allow us to analyse your use of the website. The information that is created by cookies on your use of our website is usually sent to a Google server in the United States, where it is then stored. However, if you have activated IP anonymisation for this website, your IP address will not be sent without first being truncated by Google within the Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the United States and then truncated there. Acting on behalf of the site operators, Google will use this information to analyse your use of the website, to create reports on website activities for us as site operators and to provide us with other services connected with website and internet use. The IP address which Google Analytics sends via your browser will not be linked by Google with any other data Google may have.

This website uses Google Analytics with the extension “_anonymizeIp()”. This has the effect of truncating IP addresses before further processing, so that the data cannot be related to any specific person. If the data that is collected about you allows conclusions about you as a person, this is immediately prevented and the relevant personal data are thus erased immediately.

We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offerings and make them more interesting for you as a user. In the exceptional cases where personal data is transferred to the USA, your personal data is transferred to a third country (outside the European Economic Area). In order to guarantee an appropriate level of data protection, we have concluded so-called EU standard contractual clauses with Google. We are able to provide you with a copy of the concrete provisions which have been agreed in order to ensure the reasonable level of data protection. Please use the information stated under Section 1 for this purpose.

The legal basis for the use of Google Analytics is Article 6 (1) (a) clause 1 (a) GDPR, namely your consent. The data sent by us and linked to cookies, user identifications (e.g. user ID) or advertising IDs is automatically deleted after 14 months. Data whose retention period has been reached is deleted automatically once a month. You can prevent cookies from being stored by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to the full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) for Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:  Google Analytics Opt-out Browser Add-on Download Page

Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Universal Analytics across different devices, you must opt out on all systems used. If you click here, the opt-out cookie will be applied: Deactivate Google Analytics

Further details about Google and its use of personal data can be obtained from the following addresses:

• Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
• https://www.google.com/analytics/terms/us.html
• data privacy overview:
  • https://support.google.com/analytics/answer/6004245?hl=en
  • https://policies.google.com/privacy

3.5 Cookies

We use so-called cookies to provide you with extensive functions, to make our website more user-friendly and to optimise our website. Cookies are small files which are saved to your device via your web browser.

Categories of cookies

We use cookies for a variety of purposes and with different functions. Moreover, we make distinctions between cookies, depending on whether they are mandatory from a technical perspective (i.e. a technical requirement), how long they are stored and used (known as the retention period) and whether they have been set by our website itself or by a third party and, if so, by whom (i.e. by which cookie provider).

Technical requirement and legal basis

Technically mandatory cookies: We use certain cookies because they are mandatory requirements to ensure that our website and its functions can work in a legally compliant manner. Such cookies are automatically set when the website or a specific function is accessed, unless you have prevented the setting of cookies through your browser settings. Any data collected through the use of such cookies are processed by us on the basis of GDPR Article 6 (1) point f.

Technically non-mandatory cookies: On the other hand, non-mandatory cookies are set to improve, for instance, the convenience and performance of our website or to save certain settings you have made. We also use technically non-mandatory cookies to obtain information on the frequency with which certain parts of our website are used, so that we can tailor them more closely to your needs in the future. We do not store technically non-mandatory cookies until you click the relevant box, confirming that you have read our cookie note, and continue to use our website. Any data collected through the use of such cookies is processed by us on the basis of GDPR Article 6 (1) point a.

Retention period

Session cookies: Most cookies are only required for as long as you access the current service or continue your session. They are either erased or lose their validity as soon as you leave our website or your current session has expired (these are so-called session cookies). Session cookies are used, for instance, to retain certain information during your session.

Permanent cookies: It happens occasionally that cookies are saved for a longer period of time, for instance, to recognise you when you open our website again at a later point. It means that you can call up saved settings again. This means you can access our website faster and more conveniently, and you don’t have to make certain settings again, e.g. specify the relevant language. Permanent cookies are automatically deleted upon the expiry of a defined period of time following the date on which you visited the site or domain where the cookie was set.

Cookie providers

Third-party cookies: So-called third-party cookies are set and used by other providers or websites, for example by operators of web analysis tools. Further details on web analysis tools and range measurement can be found below in this Policy. Third-party providers can also use cookies to display adverts or to integrate social media content, e.g. social plug-ins.

Erasure of and objection to the use of cookies

The acceptance of cookies is not mandatory in the use of our website. If you do not want cookies to be saved to your device, you can disable the relevant option in the system settings of your browser. Saved cookies can be deleted through the system settings in your browser at any time. Please note, however, that if you do not accept cookies, the functions of our services may be limited.

When you access our website, the following cookies may be stored:

Name of cookie	Technical requirement	Retention period	Cookie providers	Purpose of use and interest
DaadCookieConsent	Yes	Permanent cookie (1 year)	DAAD	This cookie prevents the note on the use of cookies from being displayed whenever you visit this website.
_ga	No	Permanent cookie (2 years)	Google LLC	This cookie enables Google Analytics to distinguish between users.
_gat	No	Permanent cookie (1 minute)	Google LLC	This cookie has the purpose of limiting the number of requests sent to Google Analytics.
_gid	No	Permanent cookie (24h)	Google LLC	This cookie enables Google Analytics to distinguish between users.
pll_language	Yes	Permanent cookie (1 year)	DAAD	This cookies has to the purpose to save the language in which the website has been used.
MeinDaadHelpSettings	Yes	Permanent cookie (1 year)	DAAD	This cookie stores the filters used in the Help Center.
saml_login	Yes	Permanent cookie (1 month)	DAAD	Cookie for single sign on (only for users who are logged in)
saml_nameid	Yes	Permanent cookie (1 month )	DAAD	Cookie for single sign on (only for users who are logged in)
saml_sessionindex	Yes	Permanent cookie (1 month)	DAAD	Cookie for single sign on (only for users who are logged in)
wordpress*	Yes	Session cookie (end of session)	DAAD	WordPress cookie (only for users who are logged in)
wordpress_logged_in_*	Yes	Session cookie (end of session)	DAAD	WordPress cookie (only for users who are logged in)

Click here to change the cookie settings: Change cookie settings.

3.6 YouTube Videos

On our website video clips from the video portal YouTube are embedded. YouTube is a portal of YouTube, LLC, a subsidiary of Google LLC.

For reasons of data protection, we have decided not to integrate the video clips directly into our site, but to deactivate them by default. Therefore, when you call up our site, no data is transmitted to Google. Therefore you will find on our website only a preview image of the video clip. To play the video clip, you need to activate it by clicking on the preview image. By clicking, you give your consent to the transfer of data to YouTube. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 para. 1 lit. a, 49 para. 1 lit. a DSGVO. Only after this activation a connection to the servers of Google is established and data is transmitted to Google. In this respect, your personal data will be transferred to bodies in a third country (outside the European Economic Area), although a level of data protection comparable to that under EU law is not guaranteed. Therefore, compliance with the data protection principles of EU law is not guaranteed. We have no influence on the scope of the data collected in this respect.

For more information about the purpose and scope of data collection, the further processing and use of data by Google, your rights in this regard and setting options for protecting your privacy, please refer to Google’s privacy policy at:
https://www.google.de/intl/de/policies/privacy/.

The YouTube terms of use can be found at:
https://www.youtube.com/t/terms.

3.7 Service Area for Alumni

The Service Area for Alumni is solely accessible to DAAD alumni who received personal funding. It offers you exclusive services whereby your personal data are processed as follows:

3.7.1 The ‘Are you a DAAD alumna/alumnus?’ function

Functionality and purpose

Your DAAD ID must have the role authorisation ‘Alumni’ to enable us to grant you access to the Service Area for Alumni. You can use this function to obtain the required role authorisation if this is not the case. We need additional information for this assignment to enable us to correctly allocate your former funding.

Data categories

Use of the function requires the following information from you for further processing:

• Date of birth

• Personal reference number from the former funding (optional)

• Email address (optional)

Legal basis, erasure

Data processing is performed in accordance with Article 6 Paragraph 1 Letter b) GDPR. We erase the data when they are no longer required for the purpose stated above and where there are no other legal bases (in particular legal or contractual retention obligations) that intervene.

3.7.2 The ‘Update personal data’ function

Functionality and purpose

We store the personal contact data that we received from you in the context of your funding in the DAAD contact management system even after expiry of that funding, among other reasons in order to be able to offer you alumni services (cf. also the details under 2 b.dd in the document ‘Datenschutzhinweise Personenförderung deutsch – 10/2021’). You can yourself update this information in the contact management system and thus keep it up to date so that we can reach out and support you via the correct contact data as part of our alumni activities. Your contact address is used for purposes including postal provision of the DAAD Letter (which can be ordered via the Service Area for Alumni).

Data categories

In the course of such data updates you can view and as required amend the following information from the DAAD contact management system:

• First name
• Surname
• Birth name
• Title
• Address supplement
• Street / house number / postcode
• Town/city
• Country
• Phone
• Fax
• Email address
• Alternative email address

Legal basis, erasure

Data processing is performed in accordance with Article 6 Paragraph 1 Letter b) GDPR. We erase the data when they are no longer required for the purpose stated above and where there are no other legal bases (in particular legal or contractual retention obligations) that intervene.

3.7.3 The ‘Registration of a personal alumni email address’ function

Functionality and purpose

As an alumna/alumnus you have the option of registering your own email address for alumni.

Data categories

Use of the function requires the following information from you for further processing:

• Your desired email alias for the new email address
• Password

Legal basis, erasure

Data processing is performed in accordance with Article 6 Paragraph 1 Letter b) GDPR. We erase the data when they are no longer required for the purpose stated above and where there are no other legal bases (in particular legal or contractual retention obligations) that intervene.

4. Recipients of personal data

Internal recipients:

Within the DAAD, access is limited to persons requiring it for the purposes specified under clause 3.

External recipients:

We only pass your personal data on to external recipients outside DAAD if this is justified by law or if you have issued your consent to this effect.

External recipients can include:

1. Processors
   External service providers we use for the provision of services, for instance in the technical infrastructure and maintenance of the DAAD’s own services or for the provision of content. We carefully select such processors and regularly check them to ensure the safeguarding of your privacy. Service providers may only use data for the purposes we specify.
2. Public bodies
   Public authorities and state institutions, such as public prosecutors, courts of law and fiscal authorities to which we need to send personal data for mandatory legal reasons.
3. Private bodies
   Cooperation partners and assistants, to whom data is transmitted on the basis of consent or a mandatory requirement. For information on the transfer of your data to external partners, networks and projects when logging in with your DAAD ID, see Section 3.2.

5. Sources

We primarily process the personal data which we have received from you directly during use of DAAD services. Under certain circumstances, we may also obtain your personal data from third parties. We will inform you about this separately and in more detail if necessary.

6. Data processing in third countries

Should a data transfer take place to bodies whose place of business or data processing location is not in a Member State of the European Union or another Member State of the European Economic Area, prior to the transfer, we will ensure that apart from the exceptional cases permitted by law, either a reasonable level of data protection exists on the part of the recipient (for example by means of an adequacy decision of the European Commission or through suitable guarantees such as the agreement of so-called standard EU contractual clauses with the recipient) or your sufficient consent is present. You can receive from us an overview of the recipients in third countries and a copy of the concrete provisions which have been agreed in order to ensure the reasonable level of data protection. Please use the information stated under Section 1 for this purpose.

7. Retention period

You will find the retention period for personal data in the relevant chapter on data processing. We generally apply the rule whereby we only save your personal data for as long as they are required to fulfil their purposes or – if you have given your consent – until you revoke your consent. If you revoke your consent, we erase your personal data, unless further processing is permitted under the relevant applicable statutory provisions. We also erase your personal data if we are under an obligation to do so on legal grounds.

8. Automated decision-making, profiling

We do not use automated decision making or profiling in accordance with Article 22 GDPR.

9. Rights of data subjects

As a data subject you are entitled to the following rights:

• Right to information: You have a right to access the data we have stored about you as a person.
• Right to rectification and erasure: You can require us to correct inaccurate data or – provided that the legal grounds are in place – to erase your data.
• Restriction of processing: Provided that the legal grounds are in place, you can require us to restrict the processing of your data. to restrict the processing of your data.
• Data portability: If you have provided us with data on the basis of a contract or your consent, and as long as there are legal grounds, you can require us to send you the data you gave us in a structured, commonly used and machine-readable format, or you can require us to send your data to a different controller.

—————————————————————————————————

Objection to data processing on the legal basis of “legitimate interest” under GDPR Article 6 (1) point f: If there are reasons arising from your specific situation, you are entitled to object to our processing of your data at any time, provided that such an objection has its legal basis in a “legitimate interest”. If you make use of your right to object, we shall discontinue the processing of your data, unless we can – within the parameters of the law – demonstrate compelling legitimate grounds for further processing, outweighing your own rights. To make use of your right to object, please use the contact details specified in clause 1.

—————————————————————————————————

• Objection to cookies: You can also object to the use of cookies at any time. You will find the relevant details in our notes on cookies in clause 5.
• Revocation of consent: If you have given us your consent to the processing of your data, you can revoke the same at any time with future effect. This, however, does not affect the legitimacy of processing your data until the date of revocation.
• Right to lodge a complaint with the supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data has breached the latest applicable law. To do so, you can contact the data protection authority responsible for your place of residence or country or the data protection authority responsible for ourselves.

Your contact with us:

In addition, if you have any questions about the processing of your personal data, your rights as a data subject or any consent you may have given, please feel free to contact us without incurring any charge. To exercise any of the aforementioned rights, please contact datenschutz@daad.de or write to the postal address specified in clause 1. When you do so, please make sure that we can clearly identify you.

10. Commissioner for data protection

Contact details of our commissioner for data protection:

Dr Gregor Scheja
Scheja & Partners GmbH & Co. KG
Adenauerallee 136
53113 Bonn

Telephone: +49 228 227226-0
Fax: +49 228 227226-26

www.scheja-partner.de
Contact via https://www.scheja-partner.de/kontakt/kontakt.html

11. Update status

The latest version of this data protection statement shall be applicable. Last updated: 11/29/2022.

An overview of the latest updates to this privacy policy can be found at: Updates Data Privacy Statement