To make that choice, please click under privacy policy the checkbox (

Transcription

1 Privacy Information Protecting your privacy is important to us, the ARBEITS- UND SERVICESTELLE FÜR INTERNATIONALE STUDIENBEWERBUNGEN (uni-assist) e.v., Geneststraße 5, Berlin, Germany. You may also contact us by to You may contact our external data protection officer Rechtsanwalt Nikolaus Bertermann (attorney at law), daspro GmbH, Kurfürstendamm 21, Berlin via mail or to Below please find the most important information about typical data processing sorted by groups of data subjects. For certain data processing activities, which relate only to specific groups, the duties to provide information are met separately. Where the term data is used in the text, in each case it refers only to personal data as defined in the General Data Protection Regulation ( GDPR ). I. Processing of Data 1. Information on Data Protection for Website Visitors 1.1 Our web server processes a range of data for each request, which your browser automatically transmits to our web server. This includes the IP address allocated to your device, the date and time of the request, the time zone, the specific page or file accessed, the http status code and the data quantities transmitted; in addition, the website from which your request originated, the browser used, the operating system of your device and the language used. The web server uses these data to make the contents of this website available in the best possible way on your device. 1.2 We use the Matomo (formerly Piwik) software for needs-based design of the website. Matomo saves a small text file ( cookie ) on your device to enable us to analyse your visitor behaviour with a pseudonym. For this purpose, Matomo uses various data that your browser transmits automatically. The software uses data provided by your browser. Your IP address is only processed in an anonymous form. The data collected with Matomo are not used to identify the visitors to the website personally. In addition, they are also not combined with other data in order to identify the visitors. The pseudonymous data will be deleted automatically after three months. You may prevent the storage of cookies by using appropriate settings in your browser or reject the analysis of your usage behaviour: You can decide, whether your browser may store a web analysis cookie in order to enable the provider of the website to collect and analyse various statistic data. You may choose not to have a unique web analytics cookie identification number assigned to your computer to avoid the aggregation and analysis of data collected on this website. To make that choice, please click under privacy policy the checkbox ( to receive an opt-out cookie. 1.3 The purpose of the data processing is the online presentation of the association its services as well as the interaction with communication partners.

2 1.4 The legal basis for the processing during the use of the website is Article 6(1)(f) GDPR our legitimate interest in the online presentation of the association, the provision of services and the interaction with communication partners. 1.5 Log and communications data are not passed on to third parties except under special circumstances. In the event of the suspicion of a crime or in investigative proceedings, data may be transmitted to the police and the public prosecutor s office. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems. 1.6 IP addresses are anonymized at the latest after 24 hours. Pseudonymous usage data are deleted in each case after three months. Communication content is deleted after ten calendar years. 1.7 Use of the website without disclosure of personal data such as the IP address is not possible. Communication via the website without providing data is not possible. Use of the website is possible if the user has objected to pseudonymous usage analysis. 2. Study applicants und users of the preliminary review documentation 2.1 The purpose of the data processing is the review of your application as preliminary review for the admission to a university. No change in this purpose is planned. 2.2 The legal basis for the processing are Article 6(1)(b) GDPR (contract for the preliminary review) and Article 6(1)(c) GDPR (legal obligations, in particular commercial and tax provisions). 2.3 If you decide for the preliminary review procedures provided by uni-assist, application data and application documents will be transmitted to the university specified by you. Recipients of data may include bank banks and financial institutions for the processing of payments in each application process. Public authorities and offices may receive data within the scope of their duties, insofar as we are obligated or entitled to transmit data. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems. 2.4 Application data will be deleted three years as of the end of the application process, paper documents one year after the application process. Data relevant for accounting are stored for 10 calendar years in accordance with the storage periods under tax and commercial law. IP addresses are anonymized at the latest after 24 hours. 2.5 The provision of personal data is necessary for the preliminary review of applications documents. Without the provision of personal data the review of application documents cannot be conducted. 2.6 Certain data may be transmitted to the applicants country of origin or to a country in which the applicant obtained certificates or in which the applicant resides e.g. embassies, German institutions, universities or other educational institutions. Therefore data can be transmitted to so called third countries, which means countries outside the European Union and the European Economic Area, without the existence of an adequacy decision by the EU Commission or adequate guaranties according to Article 46, 46 GDPR. It is therefore possible, that your rights under the GDPR are not fully safeguarded. For example it is possible that access to personal data thought public authorities is not restricted in the same way as such restriction apply in Germany. It is also possible that public authorities in third countries will not fully comply with

3 the obligations to provide information. The legal basis for such transmissions is Article 49(1)(b) (the fulfilment of the contract with the data subject). 3. Refugees who apply for a free of charge preliminary review 3.1 The purpose of the data processing is the review of the requirements for a free of charge preliminary review. If you give your consent, the purpose of the processing is to inquire you subsequently about your course of education in Germany. No change in this purpose is planned. 3.2 The legal basis for the processing are Article 6(1)(b) GDPR (preliminary measures for the contract for the preliminary review) and Article 6(1)(c) GDPR (legal obligations, in particular commercial and tax provisions). If you give your consent for surveys via the legal basis is Article 6(1)(a) GDPR (consent). 3.3 Public authorities and offices may receive data within the scope of their duties, insofar as we are obligated or entitled to transmit data. If you give you consent the DAAD, Kennedyallee 50, Bonn, Germany will be recipient of your data. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems. 3.4 The data will be deleted no later than ten years as of the end of the application process. IP addresses are anonymized at the latest after 24 hours. 3.5 The provision of personal data is necessary for the review process. Without the provision of personal data the review whether the requirements for the cost transfer apply cannot be conducted. 3.6 If you want to object the participation in surveys by uni-assist or the DAAD afterwards, please contact us for uni-assist at unsubscribe@uni-assist.de and for the DAAD at p15@daad.de or via the postal addresses set out above. 4. Applicants for Employment 4.1 The purpose of data processing is to select applicants for an employment relationship. No change in this purpose is planned. 4.2 The legal basis is Section 26 BDSG-2017 (New German Federal Data Protection Act) in conjunction with Art. 6(1)(b) (initiation of the employment contract) and Art. 88 GDPR. 4.3 Applicant data are passed on internally to the responsible decision-making employees. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems. 4.4 The data are made anonymous six months after the end of the application process. If an applicant is also interested in other positions, the data will remain stored for up to 12 months. 4.5 The provision of personal data is necessary to review the application and a possible subsequent conclusion of an employment contract. Without the provision of personal data, applications may not be considered. 5. Employees of Member Universities 5.1 We process the data of employees of member universities for the purpose of the performance of the membership. No change in this purpose is planned. 5.2 The legal basis for the processing is Article 6(1)(f) GDPR (legitimate interest, specifically communication with contractual partners).

4 5.3 Recipients of data may include other member universities or study applicants. To the extent employees engage committees and working groups, such groups are committees are recipients. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems. 5.4 Contact data of employees of member universities will be deleted if the member university deletes the employee in the uni-assist university-portal. To the extent employees contribute to documents or engage in committees and working groups, their data will be used. 5.5 Without the provision of the data by the employees the cooperation of the universities and uniassist is not possible. 6. Service Providers, Business Partners, Customers and their Employees 6.1 Purpose of the processing is the preparation and performance of the contractual relationship with service providers, business partners and customers. 6.2 The legal bases for processing are in case of contracts with natural persons Article 6(1)(b) GDPR (contract), in case of contracts with legal entities Article 6(1)(f) GDPR (legitimate interest, specifically communication with contact persons relevant to the contract), as well as always Article 6(1)(c) GDPR (legal obligations, in particular commercial and tax provisions). When checking, asserting or rejecting claims, the legal basis is Article 6(1)(f) GDPR (legitimate interest, specifically asserting or defending claims). 6.3 Contact and contract data may be transferred to public authorities to the extent such transfer is necessary for the fulfilment of the contract. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems. 6.4 All contractual data and data relevant for accounting will be deleted after 10 calendar years as of termination of the contract. 6.5 Processing of the contact data from service providers and business partners and customers is necessary in order to perform the contract or order. If the data are not provided, the contract cannot be established or carried out. II. General Information and Rights of the Data Subjects 1. We do not use any automated decisions on individual cases. 2. You have the right to request information at any time about all your personal data that we process. 3. If your personal data are inaccurate or incomplete, you have the right to correction and amendment. 4. You may request the deletion of your personal data at any time, unless we are legally obligated or entitled to process your data further. 5. In case of legal requirements, you may request a limitation on the processing of your personal data. 6. If processing is performed as a result of the balancing of interests, you may object to the processing stating reasons arising from your particular situation. 7. Where data processing is performed on the basis of your consent or as part of a contract, you have the right to transfer the data provided by you, unless the rights and freedoms of other persons are impaired.

5 8. Where we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with effect for the future. Any processing performed prior to revocation will remain unaffected by the revocation. 9. In addition, you have the right to file a complaint to a data protection supervisory authority at any time if you are of the opinion that data processing has occurred in breach of an applicable law. Last updated 23. May 2018