Privacy notice "Web seminars / video conferences"
Your privacy is a matter of importance to the Deutscher Akademischer Austauschdienst e.V. (DAAD). We would therefore like to take this opportunity to inform you about the processing of your personal data and your data protection rights as a data subject in the context of participation in web seminars and video conferences. Your personal data is processed exclusively within the scope of the applicable statutory provisions of data protection law, specifically the General Data Protection Regulation (referred to in the following as “GDPR”).
I. Who is responsible for data processing and who is the data protection officer?
1. The data controller
The data controller within the meaning of data protection laws is:
Deutscher Akademischer Austauschdienst e.V.
53175 Bonn (Deutschland)
Tel.: (+49) 0228-882 firstname.lastname@example.org
2. Our data protection officer can be contacted as follows:
Dr Gregor Scheja
Scheja und Partner Rechtsanwälte mbB
Tel.: (+49) 0228-227 226 0
Encrypted contact form: https://www.scheja-partner.de/kontakt/kontakt.html
II. What is the subject of data privacy?
The subject of data privacy is personal data. This is all information that relates to an identified or identifiable natural person (so-called data subject). It can include details such as name, postal address, e-mail address or telephone number.
III. What personal data is processed?
When preparing and carrying out follow-up work for the web seminar/video conference in which you are participating, we process only your personal data that relates to this event. In detail, this may be:
- registration details (e.g. first name, last name, work e-mail address, telephone number, job title/department, password)
- device/hardware information (e.g. IP address)
- duration of participation
- text, audio and video content when using the chat area
- audio and/or video content when participating with active microphone / active camera
- screen sharing content (text, audio and video data when sharing the screen or individual windows
IV. For which purposes is my personal data being processed and on what legal basis is this occurring?
We process your personal data for the purpose of preparing and carrying out the web seminar / video conference.
We process your data on the basis of Art. 88 (1) GDPR in conjunction with § 26 (1) first sentence of German Federal Data Protection Act (BDSG) insofar as you are a DAAD employee. If, on the other hand, you are participating in the web seminar/video conference in the context of a (pre)contractual relationship with DAAD, we process your data on the basis of Article 6 (1) (b) GDPR. If you participate in the web seminar/video conference as an employee of a contract/cooperation or other partner of DAAD, we process the above-mentioned data on the basis of Article 6 (1) (f) GDPR.
We delete the data when it is no longer needed for the pursued objectives and unless other legal bases are applicable.
V. Is my personal data also collected from third parties?
We process primarily the personal data we have received directly from you in the context of your registration and participation in the respective web seminar / video conference.
VI. Does automated decision-making or profiling occur?
We use neither automated decision-making nor profiling according to Art. 22 GDPR.
VII. Who has access to my personal data and which recipients receive it?
Within DAAD, your personal data is accessed only by those departments/sections and their employees that/who require such access to fulfil their functions or duties: the DAAD Branch Office Warsaw.
We only pass on your personal data to external recipients if there is legal justification to do so or if you have consented to this. External recipients can be:
- data processors: service providers appointed by us to maintain our IT systems and in particular those service providers that provide us with the platform used to conduct the web seminars/video conference. We carefully select and regularly monitor these processors to ensure that your personal data remains in good hands. The service providers may use your personal data only for the purposes specified by us.
- public bodies: authorities and state institutions, such as public prosecutors’ offices, courts or tax authorities to which we may be required to transfer personal data in individual cases.
- private entities: private entities to which we transmit your personal data on the basis of a legal provision or your consent.
VIII. Will my personal data be transferred in third countries?
Within the scope of the data processing that is the subject of this privacy notice, your personal data may be transferred to bodies whose headquarters or place of data processing is outside the European Union or is in another country which is a signatory to the Agreement on the European Economic Area. We ensure prior to transfer that, with the exception of cases permitted by law, the recipient either has an adequate level of data protection (e.g. through an adequacy decision by the European Commission, through appropriate safeguards such as agreement of so-called EU standard contractual clauses for data transfers with the recipient) or your explicit consent has been obtained.
We can provide you with a list of the recipients in third countries and a copy of specifically agreed regulations to ensure the appropriate level of data protection. For this purpose, please use the contact details specified in 1.
IX. How long is my personal data stored?
To find out how long your personal data is stored, please refer to the section on data processing under item IV. In general, the following applies: We store your personal data only as long as this is necessary in order to fulfil the purposes and deletion does not conflict with any statutory provisions.
X. What are my rights as a data subject?
You have the following rights regarding the processing of your personal data:
- Right of access
You have the right to obtain confirmation from us as to whether or not we process your personal data. If this is the case, you have the right to obtain information about your personal data and to further information regarding processing.
- Right to rectification
You have the right to demand the rectification of inaccurate personal data and to have incomplete personal data completed.
- Right to erasure (“right to be forgotten”)
Under certain circumstances, you have the right to demand that we erase your personal data. This right exists, for example, if the personal data is no longer needed in relation to the purposes for which it was collected or is otherwise processed, or if the personal data is processed unlawfully.
- Restriction of processing
Under certain circumstances, you have the right to demand that we restrict the processing of your personal data. In this case, we only store the personal data for which you have given your consent or for which the GDPR permits processing. For example, you may have a right to restrict processing if you have contested the accuracy of your personal data.
- Data portability
If you have provided us with data on the basis of an agreement or consent, you have the right to receive your data from us in a structured, commonly used and machine-readable format or demand that this data be transmitted to another controller for processing, provided that the legal requirements are met.
- Withdrawal of consent
If you have given us consent to process your data, you may withdraw this consent at any time with effect for the future. The lawfulness of the processing of your data until withdrawal shall remain unaffected.
- Objection to processing on the basis of “legitimate grounds”
You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data which occurs on the basis of Art. 6 (1) (f) of the GDPR (data processing based on the balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds to do so which override your interests, rights and freedoms, or processing serves to establish, exercise or defend legal claims.
- Right to lodge a complaint with the supervisory authorities
You also have the right to lodge a complaint with the responsible supervisory authority if you are of the opinion that the processing of your personal data infringes applicable law. To do so, you can contact the data protection authority responsible for your habitual residence, place or work or the place of the alleged infringement or the data protection authority responsible for us. The responsible authority is the supervisory authority for the federal state in which you live, work or in which the alleged infringement has taken place that is the subject of the complaint.
XI. Who can I contact if I have questions or wish to assert my rights as a data subject?
If you have any questions regarding the processing of your personal data or assertion of your rights as set forth in section X. nos. 1. to 7. you can contact us free of charge. Please use our contact data specified in item I. 1. To revoke a consent, you may also use the contact channel used to submit your declaration of consent.
If you have any questions regarding this information notice, you can also contact email@example.com.