MyGuide

Link switches to other language version

Check your entrance qualification and contact universities
Header Image

Data Privacy Statement

Thank you for your interest in using My GUIDE. Protecting your personal data is a top priority for us. Below you will find information concerning the processing of your personal data and the rights granted to you when using My GUIDE.

1. Controller

The party responsible ("controller") for data processing is:
Deutscher Akademischer Austauschdienst e.V.
(German Academic Exchange Service)
Kennedyallee 50
53175 Bonn
Contact: datenschutz@daad.de

2. Data protection officer

You can reach our data protection officer at:
Dr Gregor Scheja
Scheja und Partner Rechtsanwälte mbB | External data protection officers
Adenauerallee 136
D-53113 Bonn
Telephone: +49 (0)228 2272260
Contact: https://www.scheja-partner.de/en/contact/contact.html

3. Your rights as a data subject

As a data subject, you have the following rights under the General Data Protection Regulation (GDPR) insofar as the relevant statutory requirements are met:

Access: You are entitled to receive information about processed data concerning you.

Rectification: You can request that incorrect data concerning you be corrected. Furthermore, you can request that incomplete data be completed.

Erasure: In certain cases, you may request that your personal data be deleted.

Restriction of processing: In certain cases, you may request that the processing of your data be restricted.

Data portability: If you have provided us with data on the basis of a contract or a declaration of consent, you can request that you receive the data you provided in a structured, commonly-used and machine-readable format or that this information be sent to a different controller.

Right to object

Case-specific right to object

You have the right to object at any time – on grounds relating to your particular situation – to the processing of personal data concerning you which is carried out on the basis of Art. 6, section 1 (e) of the GDPR or Art. 6, section 1 (f) of the GDPR; this also applies to profiling based on this provision. These personal data will then no longer be processed for these purposes unless it can be demonstrated that compelling, legitimate grounds exist for such processing which override your interests, rights and freedoms, or if such processing is required for the raising, exercise or defence of legal claims.

Right to object to data processing for the purposes of direct marketing

In certain individual cases, your data may be processed for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling to the extent that it is related to such direct marketing. Where you object to data processing for the purposes of direct marketing, your personal data will no longer be processed for these purposes.

Withdrawal of consent: If you have given your consent to the processing of your data, you can withdraw this consent at any time with future effect. However, this does not affect the lawfulness of any processing of your data conducted prior to your withdrawal of consent. In addition to the procedures detailed under "Asserting your rights", you can also declare your withdrawal under the terms of the relevant information in "Exercise of revocation" in the "Services & cookies" section.

Asserting your rights: In order to exercise any of the rights specified above, please send an email to datenschutz@daad.de or get in contact by post using the address specified above under Point 1. When you do so, please make sure that we can clearly identify you.

Right to appeal: You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your usual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data is unlawful.

4. Automated individual decision-making, including profiling

Automated individual decision-making, including profiling as defined by Article 22 of the GDPR do not take place in connection with the use of our service.

5. Details on services, cookies, etc.

5.1 Our services

5.1.1 General

a) Description of service:
  • Data categories: Date and time of access, length of visit, type of device, operating system used, functions used, volume of data sent, type of event, IP address, domain name
  • Purpose(s): Provision of service
  • Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
  • Legitimate interests pursued if applicable: Technical operability
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): --
  • Safeguards and access possibilities to those: --
  • Storage periods or criteria for their determination: Immediately following delivery by web server
  • Duty to provide personal data and potential consequences of failure to provide: No obligation to provide, automated collection by calling up the service
  • Exercising the right to object: --
  • Data sources: Direct collection when calling up the website/service
b) Log files:
  • Data categories: Accessed URL, IP address of user, time and date of access, volume of data transmitted, website from which the user accesses the requested page (referrer), websites accessed by the user's system through our website, http status, information about browser type and version used, user's operating system, user's Internet service provider
  • Purpose(s):Statistical analyses, website improvement, system security (e.g. preventing misuse), error diagnosis
  • Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
  • Legitimate interests pursued if applicable: See purposes
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support, government agencies on request
  • Third-country transfers, adequacy decision (yes/no): --
  • Safeguards and access possibilities to those: --
  • Storage periods or criteria for their determination: 7 days after creation
  • Duty to provide personal data and potential consequences of failure to provide: No obligation to provide, automated collection by calling up the service
  • Exercising the right to object: --
  • Data sources: Direct collection when calling up the website/service

5.1.2. Degree programme search function without registration

a) Search of our courses offered
  • Data categories: Field of interest, desired degree level, desired language of instruction
  • Purpose(s):Execution of search according to specified criteria
  • Legal basis/bases: Article 6, section 1 (b) of the GDPR
  • Legitimate interests pursued if applicable: --
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): --
  • Safeguards and access possibilities to those: --
  • Storage periods or criteria for their determination: Duration of session; if registration takes place, the data is transferred to the user profile, see Point 5.1.3a
  • Duty to provide personal data and potential consequences of failure to provide: No obligation to provide
  • Exercising the right to object: --
  • Data sources: Direct collection upon response to questions

5.1.3. Personalised use of My GUIDE portal

a) Registration for My GUIDE portal
  • Data categories: Transfer of data specified under Point 5.1.2 (field of interest, desired degree level, desired language of instruction) plus first name, last name, email address, password, title, preferred language, ID
  • Purpose(s):Registration for My GUIDE portal
  • Legal basis/bases: Article 6, section 1 (b) of the GDPR
  • Legitimate interests pursued if applicable: --
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; No
  • Safeguards and access possibilities to those: EU-US-Privacy-Shield; standard data protection clauses according to Art. 46, section 2 of the GDPR; Request copy from the contact listed under Point 1
  • Storage periods or criteria for their determination: After the user has deleted their account and a DAAD employee has carried out a manual check to ensure that no further DAAD services are linked to the account
  • Duty to provide personal data and potential consequences of failure to provide: Registration is not possible without providing the data
  • Exercising the right to object: --
  • Data sources: Direct collection upon registration or search for courses offered (see Point 5.1.2)
b) My GUIDE Profile, watch list, request to higher education institution
  • Data categories: Nationality, provisional value of higher education entrance qualification, country (gained most recent qualification), subject group (gained most recent qualification), level of German language proficiency, level of English language proficiency, preferred subject, intended degree, preferred course language (not mandatory fields), request to the higher education institution (cf. 5.1.3. c)  
  • Purpose(s): Search for personalised courses
  • Legal basis/bases: Article 6, section 1 (b) of the GDPR
  • Legitimate interests pursued if applicable: --
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): --
  • Safeguards and access possibilities to those: --
  • Storage periods or criteria for their determination: In principle, deletion after the user has removed the data or deleted the account
  • Duty to provide personal data and potential consequences of failure to provide: No obligation to provide.
  • Exercising the right to object: --
  • Data sources: Direct collection in user profile
c) Initiating contact with the higher education institution via My GUIDE
  • Data categories: Enquiry, first name, last name, nationality, email address, highest education level achieved, level of German language proficiency, intended degree, preferred start date, message to the higher education institution (mandatory fields); country (gained most recent qualification), subject group (gained most recent qualification), level of English language proficiency, provisional value of higher education entrance qualification (not mandatory fields)
  • Purpose(s): Initiating contact with selected higher education institutions
  • Legal basis/bases: Article 6, section 1 (b) of the GDPR
  • Legitimate interests pursued if applicable: --
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support, selected higher education institutions
  • Third-country transfers, adequacy decision (yes/no): Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; No
  • Safeguards and access possibilities to those: EU-US-Privacy-Shield; standard data protection clauses according to Art. 46, section 2 of the GDPR; Request copy from the contact listed under Point 1
  • Storage periods or criteria for their determination: In principle, deletion after the user has removed the respective request to the higher education institution or deleted the account
  • Duty to provide personal data and potential consequences of failure to provide: Mandatory entries provided in the contact form are marked with "*". Without this information, contact cannot be initiated
  • Exercising the right to object: --
  • Data sources: Direct collection in contact form

5.2. Cookies

We use cookies on My GUIDE to provide you with an extensive range of functions, to make our portal more user-friendly and to optimise our platform. Cookies are small text files that are generated by a web server and stored on your computer by the web browser used during your online session.

We use what are known as session cookies. These are automatically deleted when you terminate your browser session.

We also use persistent cookies for the primary purpose of being able to provide permanent, recurring settings to you as a visitor to our website. This allows us to customise our website in accordance with your individual preferences. Persistent cookies also permit us to perform analyses of a visitor's usage behaviour, but only for as long as the cookie remains valid.

In addition, other cookies (third-party cookies) may be stored in connection with your use of specific third-party services by the providers of those services.

You can configure the browser settings on your device to prevent the storage of cookies if you do not want to them to be used. Please be aware that the functionality and functional scope of our platform may be restricted as a result. Furthermore, we will then only use certain cookies after obtaining your prior consent (see below). You may also avail yourself of special options to opt out of the use of certain cookies (see below). Please refer to the information contained in the following tables for extensive details on the type, scope, purposes, legal bases and opt-out options with regard to data processing in connection with these cookies.

5.2.1. First-party cookies

Name: hide_sticky_alert_mg
  • Data categories: Cookie-ID
  • Purpose(s): This cookie controls the display of the layer that provides important news and notices.
  • Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
  • Legitimate interests pursued if applicable: See purposes
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): --
  • Safeguards and access possibilities to those: --
  • Cookie validity/storage period: 24 hours
  • Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
  • If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the "Chronicle" or "Local Data" settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
  • Source of data: Direct collection when calling up the website/service
Name: ga-disable-UA-107536349
  • Data categories: Cookie-ID, UA
  • Purpose(s): This cookie prevents Google Analytics tracking from being applied to publication ordering property
  • Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
  • Legitimate interests pursued if applicable: See purposes
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): --
  • Safeguards and access possibilities to those: --
  • Cookie validity/storage period: Depending on browser settings of the user (approx. 80 years)
  • Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
  • If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the "Chronicle" or "Local Data" settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
  • Source of data: Direct collection when calling up the website/service
Name: at
  • Data categories: Cookie-ID
  • Purpose(s): This cookie is necessary in order to authenticate users
  • Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
  • Legitimate interests pursued if applicable: See purposes
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): --
  • Safeguards and access possibilities to those: --
  • Cookie validity/storage period: Login session
  • Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
  • If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the "Chronicle" or "Local Data" settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
  • Source of data: Will be set when the user performs a login and will be updated when the user performs an action on the website
Name: atttl
  • Data categories: Cookie-ID
  • Purpose(s): This cookie is necessary in order to authenticate users
  • Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
  • Legitimate interests pursued if applicable: See purposes
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): --
  • Safeguards and access possibilities to those: --
  • Cookie validity/storage period: Login session
  • Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
  • If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the "Chronicle" or "Local Data" settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
  • Source of data: Will be set when the user performs a login and will be updated when the user performs an action on the website
Name: rt
  • Data categories: Cookie-ID
  • Purpose(s): This cookie is necessary in order to authenticate users
  • Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
  • Legitimate interests pursued if applicable: See purposes
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): --
  • Safeguards and access possibilities to those: --
  • Cookie validity/storage period: Login session
  • Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
  • If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the "Chronicle" or "Local Data" settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
  • Source of data: Will be set when the user performs a login and will be updated when the user performs an action on the website
Name: rtttl
  • Data categories: Cookie-ID
  • Purpose(s): This cookie is necessary in order to authenticate users
  • Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
  • Legitimate interests pursued if applicable: See purposes
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): --
  • Safeguards and access possibilities to those: --
  • Cookie validity/storage period: Login session
  • Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
  • If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the "Chronicle" or "Local Data" settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
  • Source of data: Will be set when the user performs a login and will be updated when the user performs an action on the website

5.2.2. Google Analytics/third-party cookies

Name: _ga
  • Data categories: Cookie-ID, Domain
  • Purpose(s): This cookie enables Google Analytics to distinguish between users
  • Legal basis/bases: Article 6, section 1 (a) of the GDPR
  • Legitimate interests pursued if applicable: --
  • Provider/recipient: Google LLC; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible employee at DAAD, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): USA; no
  • If applicable, guarantees for third-country transfers and possibility of access possibilities to these: Google has submitted to the EU-US-Privacy-Shield
  • Cookie validity/retention period: 2 years
  • Obligation to provide personal data and potential consequences of non-provision: No obligation to provide
  • If applicable, exercise to withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the "Chronicle" or "Local Data" settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
  • Source of data: Collection by provider upon/following declaration of consent
Name: _gat_UA-107536349-26
  • Data categories: Cookie-ID, Domain, UA
  • Purpose(s): This cookie is used to limit the number of requests sent to Google Analytics
  • Legal basis/bases: Article 6, section 1 (a) of the GDPR
  • Legitimate interests pursued if applicable: --
  • Provider/recipient: Google LLC; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible employee at DAAD, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): USA; no
  • If applicable, guarantees for third-country transfers and possibility of access possibilities to these: Google has submitted to the EU-US-Privacy-Shield
  • Cookie validity/retention period: 1 minute
  • Obligation to provide personal data and potential consequences of non-provision: No obligation to provide
  • If applicable, exercise to withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the "Chronicle" or "Local Data" settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
  • Source of data: Collection by provider upon/following declaration of consent
Name: _gid
  • Data categories: Cookie-ID
  • Purpose(s): This cookie enables Google Analytics to distinguish between users
  • Legal basis/bases: Article 6, section 1 (a) of the GDPR
  • Legitimate interests pursued if applicable: --
  • Provider/recipient: Google LLC; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible employee at DAAD, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): USA; no
  • If applicable, guarantees for third-country transfers and possibility of access possibilities to these: Google has submitted to the EU-US-Privacy-Shield
  • Cookie validity/retention period: 24 hours
  • Obligation to provide personal data and potential consequences of non-provision: No obligation to provide
  • If applicable, exercise to withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the "Chronicle" or "Local Data" settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
  • Source of data: Collection by provider upon/following declaration of consent
Check your entrance qualification and contact universities