Privacy Notice for “Research in Germany” Mailing List
We are glad that you are interested in using the “Research in Germany” mailing list. The protection of personal data is our first priority. Your personal data will be processed only within the framework of the applicable statutory provisions relating to data protection law, in particular, the General Data Protection Regulation (hereinafter referred to as “GDPR”) and the German Federal Data Protection Act [Bundesdatenschutzgesetz] (“BDSG”). Below you find information about the processing of your personal data and your rights within the use of our „Research in Germany” mailing list.
I. Who is responsible for data processing?
Regarding this processing activity, we are acting together as joint controllers. The said joint controllers responsible for the data processing are:
Deutscher Akademischer Austauschdienst (DAAD)
Deutsche Forschungsgemeinschaft e. V. (DFG)
Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. (FHG)
Hansastr. 27 c
The joint controllers entered into an agreement on data processing as joint controllers in accordance with Article 26 GDPR. The essence of this agreement is as follows: The joint controllers are each responsible for ensuring the rights of the data subject (Section XI.) and for their respective duties to provide the information pursuant to Article 13, 14 GDPR. The joint controllers ensure mutual support in this respect.
II. Who is the data protection officer?
Data protection officer of DFG and DAAD:
Dr. Gregor Scheja
Scheja und Partner Rechtsanwälte mbB
telephone number: (+49) 0228-227 226 0
Data protection officer of FHG:
Fraunhofer Gesellschaft zur Förderung der angewandten Forschung e.V. (FHG)
Hansastraße 27 c
III. What is the subject matter of data protection?
The subject matter of data protection is personal data. This covers all information referring to an identified or identifiable natural person (who is called a data subject). This includes information as, e.g., name, postal address, e-mail address, or telephone number.
IV. Which of my personal data will be processed?
In the course of the “Research in Germany” Mailing List, we only process those personal data of yours which are related to the provided service. In detail, this may include:
- Country of residence
- Name and title (optional)
- City (optional)
- Areas of interest (optional)
- Career level (optional)
- Your research area (optional)
- Type of institution (optional)
- Area of activity within the institution/company
- For companies: Size of the enterprise (optional)
- For companies: Alignment of the operational business (optional)
- Field of activity in the institution (Drop-Down-Menü) (optional)
V. Type, scope, purpose and legal basis for data processing
We process your personal data on the basis of an explicit consent you have given. Insofar we process your personal data for sending you e-mails with information about offers by “Research in Germany” and participation opportunities.
When you subscribe to our (free) “Research in Germany” Mailing List, the personal data named in paragraph IV. are provided to us. When you subscribe to our “Research in Germany” Mailing List we will send the confirmation link to the e-mail address you provided. It is only after you have activated the confirmation link that you will receive our “Research in Germany” e-mails (a double opt-in).
You may withdraw your consent at any time. However, please note that the withdrawal only takes effect for the future, i.e. that the withdrawal will not affect the lawfulness of the processing of your personal data that was already implemented until the point in time of the withdrawal of the consent.
The data processing is effected on the basis of Article 6 (1) (a) of the GDPR.
VI. Will there be an automated decision-making or profiling?
We use neither automated decision-making nor profiling pursuant to Article 22 of the GDPR.
VII. Do I have to make my personal data available?
For receiving the “Research in Germany” e-mails you have to provide those personal data which are necessary for the performance of this service (E-Mail and Country of residence). Without these data we might not be able to offer you the “Research in Germany” information.
VIII. Who has access to my personal data and which recipients receive them?
Within our organisations, only those departments and the employees who work there have access to your personal data that absolutely need such access in order to be able to fulfil their tasks and
We only forward your personal data to external recipients if there is a justification under statutory law for this or if you have consented thereto. External recipients may include:
- Processors: Service provider that we use for the provision of services, namely Mailingwork GmbH, Birkenweg 7, 09569 Oederan, Germany. We select such processors with due care and they are regularly audited to ensure that your personal data are in good hands. The processors may use your personal data only for the purposes prescribed by us.
- Public bodies: public authorities and government institutions, as, e.g., public prosecutors, courts of law, or financial authorities, to which we may have to transfer personal data in certain individual cases.
IX. Will my personal data be transferred to any third countries?
Your personal data will not be transferred to third countries in the context of providing the “Research in Germany” Mailing List.
X. For how long will my personal data be stored?
Your data will be stored for the duration of your “Research in Germany” Mailing List subscription and it will be erased as soon as it is no longer required for this purpose. If you no longer wish to receive the “Research in Germany” e-mails, you can unsubscribe again at any time. To do so, all you need to do is click on the unsubscribe link, available in each of our “Research in Germany” e-mails. In this case we will delete your personal data, provided no other legal basis applies. In the latter case, we will delete the data after the other legal basis ceases to apply.
XI. To which data subject rights am I entitled?
You are entitled to the following rights in relation to the processing of your personal data and you can exercise those rights towards any controller named in paragraph I.:
1. Right of access
You have the right to receive a confirmation from us whether we process personal data relating to you or not. If this is the case, you have a right of access to your personal data and to further information with respect to the processing.
2. Right to rectification
You have the right to demand that your inaccurate personal data will be rectified and to have incomplete personal data be completed.
3. Right to erasure (“right to be forgotten”)
In certain cases, you are entitled to demand the erasure of your personal data. This right exists, for example, when the personal data are not needed anymore for the purposes for which they were collected or otherwise processed, or when the personal data have been unlawfully processed.
4. Restriction of processing
In certain cases, you are entitled to demand that we restrict the processing of your personal data. In this case, we will only store those of your personal data for which you have given consent, or personal data which the GDPR allows to be processed. For example, you may be entitled to a right to restriction of processing if you have disputed that your personal data are correct.
5. Data portability
If you have made the data available to us based on a contract or consent, you are entitled to demand to receive the data which you provided to us in a structured, commonly used and machine-readable format or to have them transmitted by us to another controller, provided that the statutory requirements are met.
6. Withdrawal of consent
If you have given us your consent to the processing of your personal data, you may withdraw the consent at any time with effect for the future. This does not affect the lawfulness of the processing of your personal data before the withdrawal of the consent.
7. Right to lodge a complaint with the supervisory authority
Furthermore, if you believe that the processing of your personal data is in breach of applicable law, you may lodge a complaint with a supervisory authority. You may contact the data protection authority that is the competent authority for your habitual residence, your workplace, or the location of the alleged breach, or the data protection authority that is the competent authority for us. The supervisory authority in the state in which you live, work, or in which an alleged breach is supposed to have happened, which is the subject matter of the complaint.
XII. Who may I contact if I have questions or if I want to exercise my rights as a data subject?
If you have any questions about the processing of your personal data or if you want to exercise your rights as a data subject, which are described in paragraph XI. no. 1 through 7, you may contact us free of charge. Please use our contact data as specified in paragraph I. no. 1. If you want to withdraw a consent, you can always use the method of communication that was used when you issued the declaration of consent.