Privacy notice "Web seminars / video conferences"

I. Who is responsible for data processing and who is the data protection officer?

1. The data controller

The data controller within the meaning of data protection laws is:

Deutscher Akademischer Austauschdienst e.V.

Kennedyallee 50

53175 Bonn (Deutschland)

Tel.: (+49) 0228-882 0

https://www.daad.de

2. Our data protection officer can be contacted as follows:

Dr Gregor Scheja

Scheja und Partner Rechtsanwälte mbB

Adenauerallee 136

53113 Bonn

Deutschland

Tel.: (+49) 0228-227 226 0

Encrypted contact form: https://www.scheja-partner.de/kontakt/kontakt.html

www.scheja-partner.de

II. What is the subject of data privacy?

The subject of data privacy is personal data. This is all information that relates to an identified or identifiable natural person (so-called data subject). It can include details such as name, postal address, e-mail address or telephone number.

III. What personal data is processed?

When preparing and carrying out follow-up work for the web seminar/video conference in which you are participating, we process only your personal data that relates to this event. In detail, this may be:

• registration details (e.g. first name, last name, work e-mail address, telephone number, job title/department, password)
• device/hardware information (e.g. IP address)
• duration of participation
• text, audio and video content when using the chat area
• audio and/or video content when participating with active microphone / active camera
• screen sharing content (text, audio and video data when sharing the screen or individual windows

IV. For which purposes is my personal data being processed and on what legal basis is this occurring?

We process your personal data for the purpose of preparing and carrying out the web seminar / video conference.

We process your data on the basis of Art. 88 (1) GDPR in conjunction with § 26 (1) first sentence of German Federal Data Protection Act (BDSG) insofar as you are a DAAD employee. If, on the other hand, you are participating in the web seminar/video conference in the context of a (pre)contractual relationship with DAAD, we process your data on the basis of Article 6 (1) (b) GDPR. If you participate in the web seminar/video conference as an employee of a contract/cooperation or other partner of DAAD, we process the above-mentioned data on the basis of Article 6 (1) (f) GDPR.

We delete the data when it is no longer needed for the pursued objectives and unless other legal bases are applicable.

V. Is my personal data also collected from third parties?

We process primarily the personal data we have received directly from you in the context of your registration and participation in the respective web seminar / video conference.

VI. Does automated decision-making or profiling occur?

We use neither automated decision-making nor profiling according to Art. 22 GDPR.

VII. Who has access to my personal data and which recipients receive it?

Within DAAD, your personal data is accessed only by those departments/sections and their employees that/who require such access to fulfil their functions or duties: the DAAD Branch Office Warsaw.

We only pass on your personal data to external recipients if there is legal justification to do so or if you have consented to this. External recipients can be:

• data processors: service providers appointed by us to maintain our IT systems and in particular those service providers that provide us with the platform used to conduct the web seminars/video conference. We carefully select and regularly monitor these processors to ensure that your personal data remains in good hands. The service providers may use your personal data only for the purposes specified by us.
• public bodies: authorities and state institutions, such as public prosecutors’ offices, courts or tax authorities to which we may be required to transfer personal data in individual cases.
• private entities: private entities to which we transmit your personal data on the basis of a legal provision or your consent.

VIII. Will my personal data be transferred in third countries?

Within the scope of the data processing that is the subject of this privacy notice, your personal data may be transferred to bodies whose headquarters or place of data processing is outside the European Union or is in another country which is a signatory to the Agreement on the European Economic Area. We ensure prior to transfer that, with the exception of cases permitted by law, the recipient either has an adequate level of data protection (e.g. through an adequacy decision by the European Commission, through appropriate safeguards such as agreement of so-called EU standard contractual clauses for data transfers with the recipient) or your explicit consent has been obtained.

We can provide you with a list of the recipients in third countries and a copy of specifically agreed regulations to ensure the appropriate level of data protection. For this purpose, please use the contact details specified in 1.

IX. How long is my personal data stored?

To find out how long your personal data is stored, please refer to the section on data processing under item IV. In general, the following applies: We store your personal data only as long as this is necessary in order to fulfil the purposes and deletion does not conflict with any statutory provisions.

X. What are my rights as a data subject?

You have the following rights regarding the processing of your personal data:

1. Right of access

You have the right to obtain confirmation from us as to whether or not we process your personal data. If this is the case, you have the right to obtain information about your personal data and to further information regarding processing.

2. Right to rectification

You have the right to demand the rectification of inaccurate personal data and to have incomplete personal data completed.

3. Right to erasure (“right to be forgotten”)

Under certain circumstances, you have the right to demand that we erase your personal data. This right exists, for example, if the personal data is no longer needed in relation to the purposes for which it was collected or is otherwise processed, or if the personal data is processed unlawfully.

4. Restriction of processing

Under certain circumstances, you have the right to demand that we restrict the processing of your personal data. In this case, we only store the personal data for which you have given your consent or for which the GDPR permits processing. For example, you may have a right to restrict processing if you have contested the accuracy of your personal data.

5. Data portability

If you have provided us with data on the basis of an agreement or consent, you have the right to receive your data from us in a structured, commonly used and machine-readable format or demand that this data be transmitted to another controller for processing, provided that the legal requirements are met.

6. Withdrawal of consent

If you have given us consent to process your data, you may withdraw this consent at any time with effect for the future. The lawfulness of the processing of your data until withdrawal shall remain unaffected.

7. Objection to processing on the basis of “legitimate grounds”

You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data which occurs on the basis of Art. 6 (1) (f) of the GDPR (data processing based on the balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds to do so which override your interests, rights and freedoms, or processing serves to establish, exercise or defend legal claims.

8. Right to lodge a complaint with the supervisory authorities

You also have the right to lodge a complaint with the responsible supervisory authority if you are of the opinion that the processing of your personal data infringes applicable law. To do so, you can contact the data protection authority responsible for your habitual residence, place or work or the place of the alleged infringement or the data protection authority responsible for us. The responsible authority is the supervisory authority for the federal state in which you live, work or in which the alleged infringement has taken place that is the subject of the complaint.

XI. Who can I contact if I have questions or wish to assert my rights as a data subject?

If you have any questions regarding the processing of your personal data or assertion of your rights as set forth in section X. nos. 1. to 7. you can contact us free of charge. Please use our contact data specified in item I. 1. To revoke a consent, you may also use the contact channel used to submit your declaration of consent.

If you have any questions regarding this information notice, you can also contact datenschutzdaad.de.

Date: 25.10.2021