We are delighted about your interest in our event. Since we are also very concerned with your privacy, in the following paragraphs we would like to inform you about the way we process your personal data and your data protection rights in the context of your attendance of the event. This is required according to the applicable legal regulations of German data protection law, particularly the General Data Protection Regulation (GDPR).
1. Data Controller and Data Protection Officer, Contact Details
The Data Controller as defined in data protection legislation is:
Deutscher Akademischer Austauschdienst e.V. (DAAD)
53175 Bonn, Germany
Tel.: +49 228 882-0
You can reach our Data Protection Officer at:
Dr Gregor Scheja
Scheja und Partner Rechtsanwälte mbB
53113 Bonn, Germany
Telephone: +49 228 227226-0
Fax: +49 228 227226-26
Contact via https://www.scheja-partner.de/kontakt/kontakt.html
2. Purposes and legal basis for data processing
2.1 Preparation, execution and monitoring of the event
2.1.1. Required Information
We process personal data when it is necessary for the preparation and execution of a contract with you. The purposes depend on the specific contract and encompass in particular
• The support and service before, during, and after the event
• requesting and communicating information relevant for the events
• processing settlements
• providing contact details to contractual partners, external service providers or other event-specific partners of DAAD, involved in the organization and performance of the event.
In order to register for our event, certain informations are required. These fields are marked as mandatory.
Data is processed based on Article 6 Par. 1 b) of the GDPR. You are required to provide the data necessary for the preparation and execution of the events. Without that data, we will not be able to process your registration or to comply with our obligations.
While registering for our event, you may provide further information. Please note that these data are not required for your registration and you are free to decide if you wish to share these data.
To ensure that we are able to take specific needs or requests into account when you register, your consent is required to the processing of special categories of personal data, where applicable. In particular, this applies to data on reduced mobility or health-related requirements regarding the meals provided. If you have declared your consent for certain purposes, those purposes are defined by the specific content of that declaration of consent.
Data is processed based on Article 6 Par. 1 a) or Art. 9 Par. 2 a) of the GDPR. In cases where you are required to provide data, we will inform you explicitly. Without that data, we cannot fulfil the purpose requested in the declaration of consent. You can revoke your consent at any time. This will not affect the legality of any processing that occurred based on your consent until your revocation of consent.
We delete the data when it is no longer needed for our purposes of preparation and execution of a contract and no other legal basis applies. In the latter case, we delete the data after that legal basis is no longer applicable.
2.2 Recorded images
Your consent is principally required for recorded images of individual persons or small groups of persons in which you are visible and which may be published as part of reporting about our events on/in [website of the DAAD, annual report of the DAAD]. Your consent can be granted explicitly at our event upon our request or implied by your willing participation. If you do not wish to appear in such images, please bring this to the attention of the photographers at the event.
Data is processed based on Article 6 Par. 1 a) of the GDPR. You can revoke your consent at any time. This will not affect the legality of any processing that occurred based on your consent until your revocation of consent.
We delete the data when it is no longer needed for our purposes or when you revoke your consent and no other legal basis applies. In the latter case, we delete the data after that legal basis is no longer applicable.
2.2.2 Protection of legitimate interests
We process recorded images of groups of persons (more than four persons) or particular categories of persons (such as speakers at events, lecturers, public figures) in which you are visible and which may be published as part of reporting about our event on/in [website of the DAAD, annual report of the DAAD] for the purpose of protecting our legitimate interests. Our interest in this case is to report on our event.
Data is processed based on Article 6 Par. 1 f) of the GDPR.
We will delete your data once it is no longer required for our purposes and no other legal basis for retention applies. In the latter case, we delete the data after that legal basis is no longer applicable.
3. Recipients of personal data
Internal recipients: Within the DAAD, access is limited to persons requiring it for the purposes specified under clause 2.
External recipients: We only share your personal data with external recipients outside the DAAD if this is required for the purposes listed in clause 2. if we are otherwise legally permitted to do so, or if you have given us your consent for this purpose.
External recipients may be: Journalists, event-cooperating institutions.
External service providers we use for the provision of services, for instance, in the technical infrastructure and maintenance of the DAAD’s own services or for the provision of contract-relevant content. We carefully select such processors and regularly check them to ensure the safeguarding of your privacy. Service providers may only use data for the purposes we specify.
b) Public bodies
Public authorities and state institutions, such as public prosecutors, courts of law and fiscal authorities, to which we need to send personal data for mandatory legal reasons.
c) Private bodies
Service providers, cooperation partners or assisting persons, to whom we send data based on the purposes listed under clause 2.
4. Data processing in third countries
If data is transmitted to bodies that have their head offices or data-processing locations outside EU member states and outside states forming part of the EEA, we ensure before disclosure that – except for certain legally permitted exceptions – those bodies either have your adequate consent or they provide an adequate level of data protection (for instance, through an adequacy decision taken by the European Commission, through suitable guarantees such as the recipient’s self certification for the EU-US Privacy Shield or the agreement of so-called standard EU contractual clauses with the recipient).
You can request from us a list of recipients in third countries and a copy of the provisions that have been agreed in each case to ensure an adequate level of data protection. To do so, please use the contact details given in clause 1.
5. Automated case-by-case decisions including profiling
Automated decisions on a case-by-case basis including profiling as defined by Article 22 of the GDPR do not take place.
6. Retention period
For the retention period of personal data, please refer to clause 2.
In addition, the following applies: We only save your personal data for as long as it is necessary for fulfilling the stated purposes or – if you have given your consent – until you revoke your consent. If you revoke your consent, we erase your personal data, unless further processing is permitted under the relevant applicable statutory provisions.
We also erase your personal data if we are under an obligation to do so on legal grounds.
7. Rights of data subjects
As a person affected by data processing, you are entitled to specific rights. These are in detail:
Right to information: You have a right to access the data we have stored about you as a person.
Right to rectification and erasure: You can require us to correct inaccurate data or – provided that the legal grounds are in place – to erase your data.
Restriction of processing: Provided that the legal grounds are in place, you can require us to restrict the processing of your data.
Data portability: If you have provided us with data based on a contract or your consent, and as long as there are legal grounds, you can require us to send you the data you gave us in a structured, commonly used and machine-readable format, or you can require us to send your data to a different controller.
Objection to data processing for reason of “justified interest” as a legal basis: If there are reasons arising from your specific situation, you are entitled to object to our processing of your data at any time, provided that such an objection has its legal basis in a “legitimate interest”. If you make use of your right to object, we shall discontinue the processing of your data, unless we can – within the parameters of the law – demonstrate compelling legitimate grounds for further processing, outweighing your own rights.
Revocation of consent: If you have given us your consent to the processing of your data, you can revoke this at any time with future effect. This, however, does not affect the legitimacy of processing your data until the date of revocation.
Right to lodge a complaint with the supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data has breached the latest applicable law. To do so, you can contact the data protection authority responsible for your place of residence or country or the data protection authority responsible for ourselves.
Your options for contacting us and for exercising your rights: If you have any questions about the processing of your personal data, your rights as a data subject or any consent you may have given, please feel free to contact us free of charge. To exercise any of the aforementioned rights, please contact email@example.com or write to the address specified in clause 1. When you do so, please make sure that we can clearly identify you.