Data Privacy Statement

The party responsible („controller“) for data processing is:
Deutscher Akademischer Austauschdienst e.V.
(German Academic Exchange Service)
Kennedyallee 50
53175 Bonn
Contact: datenschutz@daad.de

You can reach our data protection officer at:
Dr Gregor Scheja
Scheja & Partners GmbH & Co. KG | External data protection officers
Adenauerallee 136
D-53113 Bonn
Telephone: +49 (0)228 2272260
Contact: https://www.scheja-partner.de/en/contact/contact.html

As a data subject, you have the following rights under the General Data Protection Regulation (GDPR) insofar as the relevant statutory requirements are met:

Access: You are entitled to receive information about processed data concerning you.

Rectification: You can request that incorrect data concerning you be corrected. Furthermore, you can request that incomplete data be completed.

Erasure: In certain cases, you may request that your personal data be deleted.

Restriction of processing: In certain cases, you may request that the processing of your data be restricted.

Data portability: If you have provided us with data on the basis of a contract or a declaration of consent, you can request that you receive the data you provided in a structured, commonly-used and machine-readable format or that this information be sent to a different controller.

Right to object

Case-specific right to object
You have the right to object at any time – on grounds relating to your particular situation – to the processing of personal data concerning you which is carried out on the basis of Art. 6, section 1 (e) of the GDPR or Art. 6, section 1 (f) of the GDPR; this also applies to profiling based on this provision. These personal data will then no longer be processed for these purposes unless it can be demonstrated that compelling, legitimate grounds exist for such processing which override your interests, rights and freedoms, or if such processing is required for the raising, exercise or defence of legal claims.

Right to object to data processing for the purposes of direct marketing
In certain individual cases, your data may be processed for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling to the extent that it is related to such direct marketing. Where you object to data processing for the purposes of direct marketing, your personal data will no longer be processed for these purposes.

Withdrawal of consent: If you have given your consent to the processing of your data, you can withdraw this consent at any time with future effect. However, this does not affect the lawfulness of any processing of your data conducted prior to your withdrawal of consent. In addition to the procedures detailed under „Asserting your rights“, you can also declare your withdrawal under the terms of the relevant information in „Exercise of revocation“ in the „Services & cookies“ section.

Asserting your rights: In order to exercise any of the rights specified above, please send an e-mail to datenschutz@daad.de or get in contact by post using the address specified above under Point 1. When you do so, please make sure that we can clearly identify you.

Right to appeal: You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your usual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data is unlawful.

Automated individual decision-making, including profiling as defined by Article 22 of the GDPR do not take place in connection with the use of our service.

5.1 Our services

5.1.1 General

a) Description of service:

• Data categories: Date and time of access, length of visit, type of device, operating system used, functions used, volume of data sent, type of event, IP address, domain name
• Purpose(s): Provision of service
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: Technical operability
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: Immediately following delivery by web server
• Duty to provide personal data and potential consequences of failure to provide: No obligation to provide, automated collection by calling up the service
• Exercising the right to object: —
• Data sources: Direct collection when calling up the website/service

b) Log files:

• Data categories: Accessed URL, IP address of user, time and date of access, volume of data transmitted, website from which the user accesses the requested page (referrer), websites accessed by the user’s system through our website, http status, information about browser type and version used, user’s operating system, user’s Internet service provider
• Purpose(s): Statistical analyses, website improvement, system security (e.g. preventing misuse), error diagnosis
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support, government agencies on request
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: 7 days after creation
• Duty to provide personal data and potential consequences of failure to provide: No obligation to provide, automated collection by calling up the service
• Exercising the right to object: —
• Data sources: Direct collection when calling up the website/service

5.1.2. Degree programme search function without registration

a) Search of our courses offered

• Data categories: Field of interest, desired degree level, desired language of instruction
• Purpose(s): Execution of search according to specified criteria
• Legal basis/bases: Article 6, section 1 (b) of the GDPR
• Legitimate interests pursued if applicable: —
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: Duration of session; if registration takes place, the data is transferred to the user profile, see Point 5.1.3a
• Duty to provide personal data and potential consequences of failure to provide: No obligation to provide
• Exercising the right to object: —
• Data sources: Direct collection upon response to questions

5.1.3. Personalised use of My GUIDE portal

a) Registration for My GUIDE portal

• Data categories: Transfer of data specified under Point 5.1.2 (field of interest, desired degree level, desired language of instruction) plus first name, last name, e-mail address, password, title, preferred language, ID
• Purpose(s): Registration for My GUIDE portal
• Legal basis/bases: Article 6, section 1 (b) of the GDPR
• Legitimate interests pursued if applicable: —
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; No
• Safeguards and access possibilities to those: EU standard contractual clauses, consent
• Storage periods or criteria for their determination: After the user has deleted their account and a DAAD employee has carried out a manual check to ensure that no further DAAD services are linked to the account
• Duty to provide personal data and potential consequences of failure to provide: Registration is not possible without providing the data
• Exercising the right to object: —
• Data sources: Direct collection upon registration or search for courses offered (see Point 5.1.2)

b) My GUIDE Profile, watch list, checklist, request to higher education institution

• Data categories: Nationality, country of origin, country of residence, provisional value of higher education entrance qualification, highest education level achieved, country (gained most recent qualification), subject group (gained most recent qualification), higher education degree of your study programme, subject of your studies, study programme of your studies, higher education institution of your studies, level of German language proficiency, level of English language proficiency, preferred subject, intended degree, preferred course language (not mandatory fields), request to the higher education institution (cf. 5.1.3. c), information in checklist including any notes (heading, text)
• Purpose(s): Search for personalised courses
• Legal basis/bases: Article 6, section 1 (b) of the GDPR
• Legitimate interests pursued if applicable: —
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: In principle, deletion after the user has removed the data or deleted the account
• Duty to provide personal data and potential consequences of failure to provide: No obligation to provide.
• Exercising the right to object: —
• Data sources: Direct collection in user profile

c) Initiating contact with the higher education institution via My GUIDE

• Data categories: Enquiry, first name, last name, nationality, e-mail address, highest education level achieved, higher education degree of your study programme, level of German language proficiency, level of English language proficiency, intended degree, preferred start date, message to the higher education institution (mandatory fields); country of residence, country (gained most recent qualification), subject group (gained most recent qualification), subject of your studies, study programme of your studies, higher education institution of your studies, provisional value of higher education entrance qualification (not mandatory fields)
• Purpose(s): Initiating contact with selected higher education institutions
• Legal basis/bases: Article 6, section 1 (b) of the GDPR
• Legitimate interests pursued if applicable: —
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support, selected higher education institutions
• Third-country transfers, adequacy decision (yes/no): Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; No
• Safeguards and access possibilities to those: EU standard contractual clauses, consent
• Storage periods or criteria for their determination: In principle, deletion after the user has removed the respective request to the higher education institution or deleted the account
• Duty to provide personal data and potential consequences of failure to provide: Mandatory entries provided in the contact form are marked with „*“. Without this information, contact cannot be initiated
• Exercising the right to object: —
• Data sources: Direct collection in contact form

d) Search for scholarships

• Data categories: Country of origin, preferred subject, preferred degree level, preferred course language (not mandatory fields)
• Purpose(s): Search for personalised scholarships
• Legal basis/bases: Article 6, section 1 (b) of the GDPR
• Legitimate interests pursued if applicable: —
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: In principle, deletion after the user has removed the data or deleted the account
• Duty to provide personal data and potential consequences of failure to provide: No obligation to provide.
• Exercising the right to object: —
• Data sources: Direct collection in user profile

e) Geo-Location-Service

• Data categories: Geo-coordinates (determined from IP address or due to manual change of city name), based on city name, country ID
• Purpose(s): Display of the physically nearest DAAD contact
• Legal basis/bases: Article 6, section 1 (f) of the GDPR
• Legitimate interests pursued if applicable: See purpose
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: Storage of the determined or manually selected location until the account is deleted
• Duty to provide personal data and potential consequences of failure to provide: No obligation to provide.
• Exercising the right to object: —
• Data sources: Direct collection in user profile

5.1.4. Counselling by network employees

a) Creation of My GUIDE counselling record by counselling person

• Data categories: Mandatory content of an counselling record: e-mail address; optional content when creating a counselling record: first name, last name, profile data, provisional value of higher education entrance qualification, watch list, checklist incl. new notes, code for transferring counselling data; other automatically added content of a counselling record: status (counselling not sent, counselling sent, redeemed, expired), type (personal counselling, e-mail), timestamp of e-mail sending, timestamp of last change, ID of counselling person, source (counselling)
• Purpose(s): Creation of a counselling record by counselling person after active request of the person interested in studying
• Legal basis/bases: Article 6, section 1 (b) of the GDPR
• Legitimate interests pursued if applicable: See purpose(s)
• Recipients or categories of recipients: Internal departments (esp. counselling person), hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: Deletion after removal of the counselling data record by the counselling person or after deletion request by the person interested in studying; otherwise deletion six months after creation of the counselling data record
• Duty to provide personal data and potential consequences of failure to provide: Without the collection of the e-mail address, this function cannot be used
• Exercising the right to object: —
• Data sources: Direct collection through active request of the person interested in studying and provision of data

b) Creation of My GUIDE counselling record by registered user

• Data categories: Depending on the configuration of the counselling record by the registered user, it may contain: Profile data, provisional value of higher education entrance qualification, watch list, checklist; always included, automatically generated data: Code for transfer of counselling data, source (study interest)
• Purpose(s): Creation of a counselling data record by registered user for use in counselling session
• Legal basis/bases: Article 6, section 1 (b) of the GDPR
• Legitimate interests pursued if applicable: See purpose(s)
• Recipients or categories of recipients: Internal departments (esp. counselling person), hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: Deletion automatically after expiration (14 days)
• Duty to provide personal data and potential consequences of failure to provide: No obligation to provide
• Exercising the right to object: —
• Data sources: Direct collection through active request of the person interested in studying and provision of data

5.2. Map service

To provide you with maps on our website, we use maps from the OpenStreetMap service (https://www.openstreetmap.de/). OpenStreetMap is an open source mapping tool which is offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). To display the map, you must first click on „Show Map“. Only then your IP address will be forwarded to OpenStreetMap. Your data will be processed on the basis of your consent (Art. 6 para. 1 letter a) DSGVO).
Further information on the processing of your data can be found on the OpenStreetMap data protection page
here https://wiki.osmfoundation.org/wiki/Privacy_Policy and
here https://wiki.osmfoundation.org/wiki/Licence/Licence_and_Legal_FAQ.

5.3. Cookies

We use cookies on My GUIDE to provide you with an extensive range of functions, to make our portal more user-friendly and to optimise our platform. Cookies are small text files that are generated by a web server and stored on your computer by the web browser used during your online session.

Click here to change the cookie settings: Change cookie settings.

We use what are known as session cookies. These are automatically deleted when you terminate your browser session.

We also use persistent cookies for the primary purpose of being able to provide permanent, recurring settings to you as a visitor to our website. This allows us to customise our website in accordance with your individual preferences. Persistent cookies also permit us to perform analyses of a visitor’s usage behaviour, but only for as long as the cookie remains valid.

This website uses Google Analytics with the extension “_anonymizeIp()”. This has the effect of truncating IP addresses before further processing.

In addition, other cookies (third-party cookies) may be stored in connection with your use of specific third-party services by the providers of those services.

You can configure the browser settings on your device to prevent the storage of cookies if you do not want to them to be used. Please be aware that the functionality and functional scope of our platform may be restricted as a result. Furthermore, we will then only use certain cookies after obtaining your prior consent (see below). You may also avail yourself of special options to opt out of the use of certain cookies (see below). Please refer to the information contained in the following tables for extensive details on the type, scope, purposes, legal bases and opt-out options with regard to data processing in connection with these cookies.

5.3.1. First-party cookies

Name: daad_cookie_consent

• Data categories: Cookie-ID
• Purpose(s): This cookie prevents the note on the use of cookies from being displayed whenever you visit this website.
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: 1 year
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the „Chronicle“ or „Local Data“ settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Direct collection when calling up the website/service

Name: daad_hide_sticky_alert_mg

• Data categories: Cookie-ID
• Purpose(s): This cookie controls the display of the layer that provides important news and notices.
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: 24 hours
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the „Chronicle“ or „Local Data“ settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Direct collection when calling up the website/service

Name: at

• Data categories: Cookie-ID
• Purpose(s): This cookie is necessary in order to authenticate users
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: Login session
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the „Chronicle“ or „Local Data“ settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Will be set when the user performs a login and will be updated when the user performs an action on the website

Name: atttl

• Data categories: Cookie-ID
• Purpose(s): This cookie is necessary in order to authenticate users
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: Login session
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the „Chronicle“ or „Local Data“ settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Will be set when the user performs a login and will be updated when the user performs an action on the website

Name: rt

• Data categories: Cookie-ID
• Purpose(s): This cookie is necessary in order to authenticate users
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: Login session
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the „Chronicle“ or „Local Data“ settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Will be set when the user performs a login and will be updated when the user performs an action on the website

Name: rtttl

• Data categories: Cookie-ID
• Purpose(s): This cookie is necessary in order to authenticate users
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: Login session
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the „Chronicle“ or „Local Data“ settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Will be set when the user performs a login and will be updated when the user performs an action on the website

5.3.2. Google Analytics/third-party cookies

Name: _ga

• Data categories: Cookie-ID, Domain
• Purpose(s): This cookie enables Google Analytics to distinguish between users
• Legal basis/bases: Article 6, section 1 (a) of the GDPR
• Legitimate interests pursued if applicable: —
• Provider/recipient: Google LLC; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible employee at DAAD, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): USA; no
• If applicable, guarantees for third-country transfers and possibility of access possibilities to these: EU standard contractual clauses, consent
• Cookie validity/retention period: 2 years
• Obligation to provide personal data and potential consequences of non-provision: No obligation to provide
• If applicable, exercise to withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the „Chronicle“ or „Local Data“ settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Collection by provider upon/following declaration of consent

Name: _gat_UA-107536349-26

• Data categories: Cookie-ID, Domain, UA
• Purpose(s): This cookie is used to limit the number of requests sent to Google Analytics
• Legal basis/bases: Article 6, section 1 (a) of the GDPR
• Legitimate interests pursued if applicable: —
• Provider/recipient: Google LLC; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible employee at DAAD, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): USA; no
• If applicable, guarantees for third-country transfers and possibility of access possibilities to these: EU standard contractual clauses, consent
• Cookie validity/retention period: 1 minute
• Obligation to provide personal data and potential consequences of non-provision: No obligation to provide
• If applicable, exercise to withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the „Chronicle“ or „Local Data“ settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Collection by provider upon/following declaration of consent

Name: _gid

• Data categories: Cookie-ID
• Purpose(s): This cookie enables Google Analytics to distinguish between users
• Legal basis/bases: Article 6, section 1 (a) of the GDPR
• Legitimate interests pursued if applicable: —
• Provider/recipient: Google LLC; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible employee at DAAD, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): USA; no
• If applicable, guarantees for third-country transfers and possibility of access possibilities to these: EU standard contractual clauses, consent
• Cookie validity/retention period: 24 hours
• Obligation to provide personal data and potential consequences of non-provision: No obligation to provide
• If applicable, exercise to withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the „Chronicle“ or „Local Data“ settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Collection by provider upon/following declaration of consent