Data Privacy Statement

We – Deutscher Akademischer Austauschdienst e.V. (the German Academic Exchange Service), hereinafter referred to as either “we” or “DAAD” – are pleased to see you visiting our website. Thank you for your interest.

Your privacy is important to us. We take the protection of your personal data and their confidential treatment very seriously. Your data will be processed exclusively within the legal framework of the data protection provisions of the European Union, particularly the General Data Protection Regulation (hereinafter: “GDPR”). This data protection statement provides you with information about the processing of your personal data and your data protection rights when using our website.

1. Data Processor and Data Protection Officer – contact details

The Data Processor as defined in data protection legislation is

Deutscher Akademischer Austauschdienst e.V. (DAAD)
Kennedyallee 50
53175 Bonn
Germany

Tel.: +49 228 882-0
Email: datenschutz@daad.de

If you have any questions or suggestions about data protection, please feel free to contact us.

2. Object of data protection

The object of data protection is personal data. Personal data means any information relating to an identified or identifiable natural person (a so-called data subject). This includes, for example, details such as the name, postal address, email address and phone number, though other details are also necessarily created while using our website, such as the beginning, end and extent of use.

3. Type, scope, purposes and legal basis for data processing

Below you will find an overview of the type, scope, purposes and legal basis of data processing on our website.

3.1 Provision of our website

When you access our website on your device, we process the following data:

  • Date and time of access
  • Duration of visit
  • Your operating system
  • Volume of data sent
  • Type of access
  • IP address
  • Domain name

We process this data on the basis of GDPR Article 6 (1) point f, as they are required for us to provide the service, to ensure technical operation and to investigate and remove malfunctions. It is in our interest to ensure the use and technical operability of our website. This data is automatically processed when our website is accessed. Unless they are provided, you cannot use our services. We usually erase these data after seven days unless, under exceptional circumstances, we need them for a longer period for the above-mentioned purposes. In such a case we erase the data as soon as they are no longer required for the relevant purpose.

3.2 Contact form

a) You have the option of contacting the DAAD through a form.

If you use the “Contact form for Germans who want to go abroad”, we need the following mandatory details (marked as such): first name, surname, email address, country of origin, current level of education, subject area, target nation, project, question. However, you can voluntarily provide additional details, such as gender, nationality, information about scholarship and how you became aware of the DAAD.

If you use the “Contact form for foreigners wanting to come to Germany”, we need the following mandatory details (marked as such): name, email address, country of origin, country of residence, current level of education, subject area, project reason, question. However, you can voluntarily provide additional details, such as age, gender, graduation year, name of original certificate, how you became aware of the DAAD.

If you use the “Contact form for technical enquiries”, we need the following mandatory details (marked as such): first name, surname, email address, your message. However, you can voluntarily provide additional details, such as “error page”.

We process this data on the basis of the European Union, particularly the General Data Protection Regulation GDPR Article 6 (1) point f. The purpose of processing your data is solely to deal with your contact request.

We transfer the data collected via the contact form to a ticket system for processing the request. In order to effectively handle your contact request, we will retain your data for up to six months. Any personal data that were additionally collected during the sending process are erased if they are no longer required for the purposes for which they were collected or otherwise processed.

b) You have further options of contacting us through different forms.

If you use the “Contact form for press enquiries”, we need the following mandatory details (marked as such): first name, surname, email address, your message.

If you use the “Contact form for technical enquiries about the DAAD portal”, we need the following mandatory details (marked as such): first name, surname, email address, description of error. However, you can voluntarily provide additional details, such as your DAAD portal user name, funding programme and a screenshot.

The data serves the purpose of meeting your request for contact. We process this data on the basis of GDPR Article 6 (1) point f. The purpose of processing your data is solely to deal with your contact request. As soon as your contact request has been concluded, we will erase the data we have collected via the contact form. Any personal data that were additionally collected during the sending process are erased if they are no longer required for the purposes for which they were collected or otherwise processed.

If you use the contact form "Leadership for Africa", we require the following (labelled) mandatory information from you: First name, surname, country of residence, country of origin, e-mail, year of birth. You can also provide voluntary (additional) information such as gender, current level of education, place of study, declaration if you did not study in your home or host country, graduation year, academic degree, DAFI scholarship holder and period, language skills, refugee status, UNHCR registration/recognition of host country, how long have you been living in the host country, what is the purpose of your stay in the host country, project planned in Germany, field of specialisation in Germany, how you became aware of the DAAD, question.
We transfer the data collected via the contact form to a database for processing the enquiry and for statistical purposes. In order to be able to process the enquiries in the long term, they are stored there for six months. The additional personal data collected during the sending process will be deleted if the data is no longer required for the purposes for which it was collected or otherwise processed.
         

3.3 Chatbot

We offer a chatbot based on Microsoft LUIS/Botframework on our website. After the activation of the chat by clicking on the button, all entries made by you will be transmitted to us anonymously and stored on DSGVO compliant servers in the EU. Deanonymisation is excluded. In order to use the chatbot, you do not have to provide any further personal information.
We process this data based on regulations of the European Union, particularly the General Data Protection Regulation GDPR Article 6 (1) point a. The purpose of processing your data is solely to deal with your contact request.
For more information about Microsoft and the treatment of personal information, click this link please: https://privacy.microsoft.com/de-de/privacystatement

3.4 Newsletter

When you subscribe to our (free) newsletter, the following personal data are sent to us from the input dialogue: [Email address, surname*, first name* (*not mandatory)] .

When you subscribe to our newsletter we will send the confirmation link to the email address you provided. It is only after you have activated the confirmation link that you will receive our newsletter (a double opt-in). As part of our data processing, registration includes a procedure in which we obtain your consent (under GDPR Article 6 (1) point a), and where we refer to this data protection statement. Your data will be used exclusively for sending you the newsletter and will definitely not be disclosed to third parties. We obtain your email address for the purpose of sending you our newsletter. All other personal data collected under the registration process serves the purpose of preventing any abuse of our services or of the email address we use. If you no longer wish to receive the newsletter, you can unsubscribe again at any time. To do so, all you need to do is click on the unsubscribe link, available in each of our newsletters. Your data will be stored for the duration of your newsletter subscription, And it will be erased as soon as it is no longer required for this purpose. Any personal data that was additionally collected during the subscription process is usually erased when this data is no longer required for the purposes for which it was collected or otherwise processed.

3.5 Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (hereinafter: “Google”). Google Analytics uses cookies (see clause 5), i.e. text files which are saved to your computer and allow us to analyse your use of the website. The information that is created by cookies on your use of our website is usually sent to a Google server in the United States, where it is then stored. However, if you have activated IP anonymisation for this website, your IP address will not be sent without first being truncated by Google within the Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the United States and then truncated there. Acting on behalf of the site operators, Google will use this information to analyse your use of the website, to create reports on website activities for us as site operators and to provide us with other services connected with website and internet use. The IP address which Google Analytics sends via your browser will not be linked by Google with any other data Google may have.

This website uses Google Analytics with the extension “_anonymizeIp()”. This has the effect of truncating IP addresses before further processing, so that the data cannot be related to any specific person. If the data that is collected about you allows conclusions about you as a person, this is immediately prevented and the relevant personal data are thus erased immediately.

We use Google Analytics to analyse use of our website and to improve it at regular intervals. The statistical data we receive in this way helps us to improve our website and to make it more interesting for you as a user.

In the exceptional cases in which personal data is transferred to Google (USA) in the USA, your personal data is transferred to a third country (outside the European Economic Area). To ensure an adequate level of data protection, we have concluded so-called EU standard contractual clauses with Google. You can obtain from us a copy of the specifically agreed regulations to ensure an adequate level of data protection. Please use the information provided under point 1.

The legal basis for the use of Google Analytics is GDPR Article 6 (1) point a, i.e. your consent. Any data that we send, and which is linked to cookies, user IDs or advertising IDs, is automatically erased after 14 months. Any data that has reached the end of its retention period is automatically erased once a month.

You can prevent the storage of cookies through a suitable setting in your cookie settings. Please note, however, that if you do so, you may not be able to use all the functions of this website in full.

Click here to change the cookie settings: Change cookie settings.

Further details about Google and its use of personal data can be obtained from the following addresses:

3.6 Map service

To provide you with maps on our website, we use maps from the OpenStreetMap service (https://www.openstreetmap.de/). OpenStreetMap is an open source mapping tool which is offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). To display the map, you must first click on "Show Map". Only then your IP address will be forwarded to OpenStreetMap. Your data will be processed on the basis of your consent (Art. 6 para. 1 letter a) DSGVO).
Further information on the processing of your data can be found on the OpenStreetMap data protection page
here https://wiki.osmfoundation.org/wiki/Privacy_Policy and
here https://wiki.osmfoundation.org/wiki/Licence/Licence_and_Legal_FAQ.

3.7 Pageflow

To allow us to present images, videos and audio content on our website in an interactive way, we use Pageflow software and make use of external service providers who process your personal data when this content is accessed. These service providers are bound by our instructions. They have been carefully selected by us and have received written agreement for the services to be performed. Your data is processed on the basis of Art. 6 para. 1 letter f) DSGVO.

3.8 YouTube Videos

On our website video clips from the video portal YouTube are embedded. YouTube is a portal of YouTube, LLC, a subsidiary of Google Inc..

For reasons of data protection, we have decided not to integrate the video clips directly into our site, but to deactivate them by default. Therefore, when you call up our site, no data is transmitted to Google. Therefore you will find on our website only a preview image of the video clip. To play the video clip, you need to activate it by clicking on the preview image. By clicking, you give your consent to the transfer of data to YouTube. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 para. 1 lit. a, 49 para. 1 lit. a DSGVO. Only after this activation a connection to the servers of Google is established and data is transmitted to Google. In this respect, your personal data will be transferred to bodies in a third country (outside the European Economic Area), although a level of data protection comparable to that under EU law is not guaranteed. Therefore, compliance with the data protection principles of EU law is not guaranteed. We have no influence on the scope of the data collected in this respect. 

For more information about the purpose and scope of data collection, the further processing and use of data by Google, your rights in this regard and setting options for protecting your privacy, please refer to Google's privacy policy at: https://www.google.de/intl/de/policies/privacy/

The YouTube terms of use can be found at: https://www.youtube.com/t/terms.
 

4. Links to third-party websites

If websites and services by other site owners are linked to this website, they have been and will continue to be designed and supplied by third parties. We have no influence on the design, content or function of third-party services, and we expressly distance ourselves from any content provided by linked third-party sites. Please remember that third-party sites linked to this website may have their own cookies which are installed on your device to collect personal data. We have no influence over this. In such cases you may wish to obtain more information directly from the owners of the third-party websites linked to this site.

5. Cookies

We use so-called cookies to provide you with extensive functions, to make our website more user-friendly and to optimise our website. Cookies are small files which are saved to your device via your web browser.

Click here to change the cookie settings: Change cookie settings.

Categories of cookies

We use cookies for a variety of purposes and with different functions. Moreover, we make distinctions between cookies, depending on whether they are mandatory from a technical perspective (i.e. a technical requirement), how long they are stored and used (known as the retention period) and whether they have been set by our website itself or by a third party and, if so, by whom (i.e. by which cookie provider).

Technical requirement and legal basis

Technically mandatory cookies: We use certain cookies because they are mandatory requirements to ensure that our website and its functions can work in a legally compliant manner. Such cookies are automatically set when the website or a specific function is accessed, unless you have prevented the setting of cookies through your browser settings. Any data collected through the use of such cookies are processed by us on the basis of GDPR Article 6 (1) point f.

Technically non-mandatory cookies: On the other hand, non-mandatory cookies are set to improve, for instance, the convenience and performance of our website or to save certain settings you have made. We also use technically non-mandatory cookies to obtain information on the frequency with which certain parts of our website are used, so that we can tailor them more closely to your needs in the future. We do not store technically non-mandatory cookies until you click the relevant box, confirming that you have read our cookie note, and continue to use our website. Any data collected through the use of such cookies is processed by us on the basis of GDPR Article 6 (1) point a.

Retention period

Session cookies: Most cookies are only required for as long as you access the current service or continue your session. They are either erased or lose their validity as soon as you leave our website or your current session has expired (these are so-called session cookies). Session cookies are used, for instance, to retain certain information during your session.

Permanent cookies: It happens occasionally that cookies are saved for a longer period of time, for instance, to recognise you when you open our website again at a later point. It means that you can call up saved settings again. This means you can access our website faster and more conveniently, and you don't have to make certain settings again, e.g. specify the relevant language. Permanent cookies are automatically deleted upon the expiry of a defined period of time following the date on which you visited the site or domain where the cookie was set.

Cookie providers

Third-party cookies: So-called third-party cookies are set and used by other providers or websites, for example by operators of web analysis tools. Further details on web analysis tools and range measurement can be found below in this Policy. Third-party providers can also use cookies to display adverts or to integrate social media content, e.g. social plug-ins.

Erasure of and objection to the use of cookies

The acceptance of cookies is not mandatory in the use of our website. If you do not want cookies to be saved to your device, you can disable the relevant option in the system settings of your browser. Saved cookies can be deleted through the system settings in your browser at any time. Please note, however, that if you do not accept cookies, the functions of our services may be limited.

When you access our website, the following cookies may be stored:

Name of cookie Technical requirement Retention period Cookie providers Purpose of use and interest
PHPSESSID Yes Session cookie
(end of session)
DAAD This cookie is necessary to authenticate users in various databases and to use forms.
daad_cookie_consent Yes Permanent cookie (one year) DAAD This cookie prevents the note on the use of cookies from being displayed whenever you visit this website.
daad_hide_sticky_modal Yes Permanent cookie (7 days) DAAD This cookie prevents the banner with important news from being displayed whenever you visit this website.
daad_hide_sticky_alert_rel, 
hide_sticky_alert_ip,
hide_sticky_alert_sk
No 24 hours DAAD This cookie prevents the banner with important news from being displayed whenever you visit this website. 
botUserId No 24 hours DAAD This cookie is used for user authentication for the DAAD chatbot. For this purpose, an anonymised, randomly generated ID is used.
botState No 24 hours DAAD This cookie stores the opening state of the chatbot.
_ga No Permanent cookie (two years) Google LLC This cookie enables Google Analytics to distinguish between users.
_gat_UA-100127283-1 No Permanent cookie (one minute) Google LLC This cookie has the purpose of limiting the number of requests sent to Google Analytics.
_gid No Permanent cookie (24 hours) Google LLC This cookie enables Google Analytics to distinguish between users.

6. Recipients of personal data

Internal recipients:

Within the DAAD, access is limited to persons requiring it for the purposes specified under clause 3.

External recipients:

We only share your personal data with external recipients outside the DAAD if this is required for managing or processing your request, if there is some different legitimate permission or if you have given us your consent for this purpose. External recipients may be:

  1. Processors
    External service providers we use for the provision of services, for instance in the technical infrastructure and maintenance of the DAAD’s own services or for the provision of content. We carefully select such processors and regularly check them to ensure the safeguarding of your privacy. Service providers may only use data for the purposes we specify.
  2. Public bodies
    Public authorities and state institutions, such as public prosecutors, courts of law and fiscal authorities to which we need to send personal data for mandatory legal reasons.
  3. Private bodies
    Cooperation partners and assistants, to whom data is transmitted on the basis of consent or a mandatory requirement.

7. Data processing in third countries

If data is transmitted to bodies that have their head offices or data-processing locations outside EU member states and outside states forming part of the EEA, we ensure before disclosure that – except for certain legally permitted exceptions – those bodies either have your adequate consent or they provide an adequate level of data protection (for instance, through an adequacy decision taken by the European Commission, through suitable guarantees such as the recipient’s self certification for the EU-US Privacy Shield or the agreement of so-called standard EU contractual clauses with the recipient). You can request from us a list of recipients in third countries and a copy of the provisions that have been agreed in each case to ensure an adequate level of data protection. To do so, please use the contact details given in clause 1.

8. Retention period

You will find the retention period for personal data in the relevant chapter on data processing. We generally apply the rule whereby we only save your personal data for as long as they are required to fulfil their purposes or – if you have given your consent – until you revoke your consent. If you revoke your consent, we erase your personal data, unless further processing is permitted under the relevant applicable statutory provisions. We also erase your personal data if we are under an obligation to do so on legal grounds.

9. Rights of data subjects

As a data subject you are entitled to the following rights:

  • Right to information: You have a right to access the data we have stored about you as a person.
  • Right to rectification and erasure: You can require us to correct inaccurate data or – provided that the legal grounds are in place – to erase your data.
  • Restriction of processing: Provided that the legal grounds are in place, you can require us to restrict the processing of your data.
  • Data portability: If you have provided us with data on the basis of a contract or your consent, and as long as there are legal grounds, you can require us to send you the data you gave us in a structured, commonly used and machine-readable format, or you can require us to send your data to a different controller.

Objection to data processing on the legal basis of “legitimate interest” under GDPR Article 6 (1) point f: If there are reasons arising from your specific situation, you are entitled to object to our processing of your data at any time, provided that such an objection has its legal basis in a “legitimate interest”. If you make use of your right to object, we shall discontinue the processing of your data, unless we can – within the parameters of the law – demonstrate compelling legitimate grounds for further processing, outweighing your own rights. To make use of your right to object, please use the contact details specified in clause 1.


  • Objection to cookies: You can also object to the use of cookies at any time. You will find the relevant details in our notes on cookies in clause 5.
  • Revocation of consent: If you have given us your consent to the processing of your data, you can revoke the same at any time with future effect. This, however, does not affect the legitimacy of processing your data until the date of revocation.
  • Right to lodge a complaint with the supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data has breached the latest applicable law. To do so, you can contact the data protection authority responsible for your place of residence or country or the data protection authority responsible for ourselves.

Your contact with us: In addition, if you have any questions about the processing of your personal data, your rights as a data subject or any consent you may have given, please feel free to contact us without incurring any charge. To exercise any of the aforementioned rights, please contact datenschutz@daad.de or write to the postal address specified in clause 1. When you do so, please make sure that we can clearly identify you.

10. Commissioner for data protection

Contact details of our commissioner for data protection:

Dr Gregor Scheja
Scheja und Partner Rechtsanwälte mbB
Adenauerallee 136
53113 Bonn

Telephone: +49 228 227226-0
Fax: +49 228 227226-26

www.scheja-partner.de
Contact via https://www.scheja-partner.de/kontakt/kontakt.html

11. Update status

The latest version of this data protection statement shall be applicable. Last updated: 06 November 2020.

DAAD - Deutscher Akademischer Austauschdienst - German Academic Exchange Service