Privacy Policy
Disclaimer:
The following text is only for informational purposes. In cases of conflicts the German version governs.
Data Protection Policy in Accordance with GDPR
The German American Center/James-F.-Byrnes Institute, Charlottenplatz 17, 70173 Stuttgart (subsequently referred to “the DAZ” or “we”) takes the protection of your personal information very seriously. We handle it exclusively within the framework of current data protection regulations.
Specific terms relating to data protection, which are not defined in this policy, can be looked up in the legal provisions, namely Article 4 GDPR.
In the following, you will find information about which personal data is processed by us when you visit our website and use our services. Further, we will inform you about your rights with respect to the handling of your personal data.
Responsibility for the Processing of Personal Data
The DAZ is responsible for the lawful processing of your data.
1. Personal Data
According to Article 1 GDPR, personal data is all information relating to an identified or identifiable individual. An identifiable individual is someone who can be recognized by means of an identifier such as a name, an identification number, a location, an online identifier, or one or more specific traits, such as the description of the individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.
2. Processed Data and the Purposes of Processing
2.1 Usage Data
When you visit our website, we save the operating system you use, the name of your internet service provider, the website from which you have accessed our site, the pages that you visit on our website, the date, time, and duration of your visit and information about your internet browser. In addition, we save your IP address, although the last four digits are anonymized.
These usage data are processed in order to make our services accessible to you from a technical perspective (for example, to adapt them to the device you are using), to be able identify technical problems that may occur as well as to detect and prevent abuse. In addition, we employ usage data in an anonymized form for statistical purposes and to improve our website. Legal basis for the handling of personal usage date can be found at Article 6(1)(1)(f) GDPR.
2.2 Newsletter
If you would like to receive our newsletter, we require your email address. Further, when you register for the newsletter, your IP address, the date, and the time of registration are saved. These data are exclusively processed for the purpose of sending you the newsletter and detecting possible misuse of an email address. They will be saved by us as long as you make use of our newsletter service.
You can unsubscribe to the newsletter at any time without incurring any costs beyond the transmission costs in accordance with the basic tariffs. You can cancel by clicking on the link in the newsletter or sending a message to info@daz.org. As soon as you have clicked on the unsubscribe link, you will no longer receive the newsletter and your newsletter data will be deleted. The legal basis for the handling of the above-described data is Article 6(1)(1)(a) GDPR (newsletter subscription) or Article 6(1)(1)(f) GDPR (email verification).
2.3 Membership
If you would like to become a member of the DAZ, you can either fill out the form provided on the website or use a paper form (available at the DAZ). The following information will be collected.
- Company name (if applicable)
- Your first and last name
- Your email address
- Your complete address (street, house number, zip code, city)
- Your telephone number.
We will handle these personal data in the processing of your membership application as well as the establishment and implementation of your membership status. The legal basis for the processing of data is Article 6(1)(1)(b) GDPR.
Additionally, you can give us a direct debit authorization for the purpose of withdrawing membership fees by sending us your account details (name of account holder, name of bank, IBAN, BIC) separately. This information will be processed to complete the transaction of paying membership fees. The legal basis for the processing of the above-described data is Article 6(1)(1)(b) GDPR.
These data will be saved as long as you maintain your membership with the DAZ. Your data will be erased immediately upon the termination of your membership. The deletion of the data will not occur if we are legally entitled or required to save them (for example, for billing purposes or to comply with legal retention periods). The legal basis for the processing of the above-described data is Article 6(1)(1)(b,c,f) GDPR.
2.4 English Courses
If you would like to register for one of our English courses, you can either download and fill out one of the forms provided on the website or fill out the corresponding form online. The following data is collected for registration:
- Title
- Your first and last name
- Your email address
- Your full address (street, house number, zip code, city)
- Your telephone number (optional)
- The name of the course that you have selected (which does not however allow conclusions to be drawn about you)
- Course start
- Information about a possible preexisting DAZ membership as well as information about already completed courses.
In order to pay the course fees, you can provide a direct debit authorization by separately sending us your account information (the name of the account holder, the name of the bank, IBAN, BIC). This information will be processed for the purpose of handling your request correctly and, if necessary, managing the payment. The legal basis for the processing of the above-described data is Article 6(1)(1)(b) GDPR.
Digital appointment lists are maintained with the support of YourSecureCloud GmbH (Eichenberg 118, 91729 Haundorf), which receives access to the personal information listed above in order to provide their technical services. The provider was carefully chosen and fulfills high standards of data protection and data security. It is bound to a strict confidentiality policy and processes your data only on our behalf and according to our instructions. The above-mentioned data is saved only as long as you maintain your DAZ membership, or you finish your language course. Your data will be immediately deleted with the cancelation of your membership or the end of your language course. The deletion of the data will not occur if we are legally entitled or required to save them (for example, for billing purposes or to comply with legal retention periods). The legal basis for the processing of this data is, depending on the individual case, Article 6(1)(1)(b,c,f) GDPR.
2.5 Registration for Other Events
It may be required for you to register in advance by email, online form, or mail, if you want to take part in an event in our cultural or school program. For this purpose, we collect your email address and possibly also your contact information (title, first and last name, street address, as well as your telephone number). To facilitate the smooth functioning of the cultural and school programs, the DAZ may also provide personal information to (external) speakers or group leaders, who are running the respective cultural or school program.
If there are special security measures for our events, more information might be required, depending on the security format. You will be specifically informed of this. If you give the information to us, we will also process the title as well as the first and last name of the person accompanying you. We will keep these data exclusively for the purpose of allowing you, and possibly your guest, to attend our event.
The legal basis for this is Article 6(1)(1)(b) GDPR.
2.6 Library Membership
If you would like to become a member of the DAZ library, you can fill out the form provided in the DAZ. This form requires the following information:
- Title
- Your first and last name
- Your email address
- Your birthdate
- Your full address (street, house number, zip code, city)
- Specification of user group (for example, adult, DAZ member, high-school or college student).
This information will be used for the purposes of establishing and implementing of your library membership, i.e., enabling you to use the library according to its terms of use. Specifically, your email address will be used to inform you about new acquisitions in the library catalogue if you have selected this particular function. You can unsubscribe from this function at any time by following the link in the emails. The legal basis for the processing of the above-described data is Article 6(1)(1)(b) GDPR.
The above-mentioned information is saved only as long as you maintain your library membership at the DAZ. Your data will be erased in the year that you end your library membership. The deletion of data will not occur if we are legally entitled or required to save them (for example, for billing purposes or to comply with legal retention periods). The legal basis for the processing of this data is, depending on the individual case, Article 6(1)(1)(b,c,f) GDPR.
In order to provide the digital library catalogue Findus, with which users can look for and reserve media, as well as being able to access their own library account and extend loans, we use the support of the provider Findus Internet-OPAC (proprietor Richard Lippmann, Gablonzer Str. 1, 90522 Oberaschbach), The provider receives access to the personal information listed above in order to deliver their technical services. The provider was carefully chosen and fulfills high data protection and data security standards. It is bound to a strict confidentiality policy and processes your data only on our behalf and according to our instructions. A contract for processing has been concluded with Findus Internet-OPAC.
2.7 Photos and Videos at Events
Photos and videos, depicting you, may be taken or recorded at DAZ events for the purposes of documentation. Your data will be processed based on our legitimate interest in providing visual documentation of the events we organize, and it may be used as part of our reporting, press and publicity, particularly on social media, on the DAZ website and in various radio, TV, and print media. Further, the DAZ’s publicity material may be provided to other media as press information. The legal basis for the processing of the above-described data is Article 6(1)(1)(f) GDPR.
You have the right to object to the creation and use of photos and videos that include you. Please address the event staff on site.
The data stored by us will be deleted as soon as they are no longer required for their intended purpose and their deletion does not conflict with any statutory obligations for retention.
2.8 Job Applications
If you apply for a job at the DAZ and send us your application and accompanying documents, we process the following data:
- First and last name
- Title (in some cases)
- Address
- Telephone number
- Email address
- Qualification-related material, in particular the information contained in a CV, such as education and work experience, copies of recommendation letters and degrees
- Application photo (in some cases)
- Information (in some cases) about (possibly planned or hoped for) future education as well as professional emphases and interests and hobbies (when appropriate).
This information will be handled to facilitate the application process. The legal basis for the processing of the above-described data is Article 6(1)(1)(b) GDPR, possibly in conjunction with Section 26 (1) BDSG.
2.9 Cookies
We use so-called cookies to make visits to our website more attractive and to facilitate the use of particular functions. By “cookies,” we mean small text files that are stored on your device. Some of the cookies used by us are erased after the end of your browser session, when you shut down your browser (so-called session cookies). Other cookies stay on your device and allow us to recognize your browser at your next visit (so-called long-term cookies). The use of cookies does not allow us to ascertain your email address and other identifying information, nor can we access other files on your computer.
The legal basis for the processing of personal data with the use of cookies is your consent following Article 6(1)(1)(a) GDPR. This consent can be withdrawn anytime with effect for the future.
Cookies are saved on your device, and you have full control over their use. By changing the settings of your internet browser, you can deactivate or reduce the transmission of cookies. Already saved cookies can be deleted at any time. This can also happen automatically. If you disable cookies for our website, you may not be able to fully use all the functions of the website.
2.10 Website Analytics Service
The DAZ websites also use the functions of the web analytics service Matomo. The service provider is Innocraft Limited, 6/150 Willis Street, Te Aro, Wellington 6011, New Zealand.
Matomo uses cookies as well. The information collected with the use of cookies through this internet site are transferred onto, and saved on, a server in the EU. The data are anonymized in the transfer. In so far as there is any transfer of personal information to New Zealand, personal data is adequately protected; the European Commission has recognized that the level of data protection in New Zealand as appropriate (2013/65/EU).
The categories of personal data, which is processed by Matomo (only with anonymized in personal form) include your IP address, time zone, screen resolution, approximate location, browser language setting, device used, and data about your use behavior (for example, what you have viewed, date/time of access, clicked links, number of website visits, etc). Further information about the type of collected data can be found at https://matomo.org/faq/general/faq_18254/.
Matomo uses the information generated by the Matomo cookie on behalf of the DAZ, evaluating the use of website in order to generate reports about activity on the website. The Matomo-Cookie is deployed only after previous consent.
More detailed information can be found at https://matomo.org/gdpr-analytics/.
The legal basis for this processing of personal data is your consent following Article 6(1)(1)(a) GDPR.
2.11 Google Services
Additionally, the DAZ uses map material from the service Google Maps on its website to show the location of the center. The service provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). In order to increase the protection of your data, Google Maps has been integrated into our website by way of a “2 click solution.” This means that a connection with the Google server is first created when you activate the Plugin and thereby indicate that you want to use the service. When you call up the map, you also activate cookies used by Google Maps, which transmit your IP address. The information collected in this transaction is usually transferred to a Google server in the USA and saved there. Further information about the conditions of usage and data protection is available at http://www.google.com/intl/de_de/help/terms_maps.html or https://policies.google.com/privacy?hl=de.
The DAZ websites also make use of YouTube, a video platform from YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA (“YouTube”). YouTube is a subsidiary of Google. To enhance the protection of your data, YouTube has been integrated into our website by way of a “2 click solution.” This means that a connection with the YouTube server is first created when you activate the Plugin and thereby indicate that you want to use the service. YouTube videos are used in “Enhanced Privacy Mode.” According to YouTube, “Enhanced Privacy Mode” does not place any cookies. You can find further information about data protection at https://policies.google.com/privacy?hl=de.
The legal basis for this processing of your personal data is Article 6(1)(1)(f) GDPR.
You can prevent the transfer of your information to Google by not using the Google services incorporated into our website.
2.12 Social Media
We also offer you information about our programs on our Facebook, Instagram, and LinkedIn sites. If you send a request via these sites, we forward it to the appropriate department. The information is exclusively used to answer your request and is not provided to a third party. The legal basis for the processing of personal data in terms of the context of processing your request is Article 6(1)(1)(f) GDPR.
You must be registered with Facebook, Instagram or LinkedIn in order to contact us on these sites. The companies that run these services may also process your personal information. We have no control over the manner, amount, or processing of these data. In order to limit our responsibility in relation to your personal information on Facebook/Instagram and LinkedIn, we have completed a contract with the respective companies that you can see at https://www.facebook.com/legal/terms/page_controller_addendum and https://legal.linkedin.com/pages-joint-controller-addendum.
The legal basis for the processing of your data is Article 6(1)(1)(f) GDPR.
2.13 Online-Meetings via Zoom and Microsoft Teams
We process personal data to the extent that it is necessary to communicate and collaborate with you on Zoom or Microsoft Teams. We handle the following categories of personal information, to the extent it is necessary:
- Details, which you have entered into your own accounts at Zoom or Microsoft Team, especially username, language preference, possibly a profile picture
- Technical data that are necessary for the functioning of a Zoom or Microsoft Teams, especially IP address, time and length of use, Meeting-ID, protocol and other usage data
- Audio and/or video data from participants in audio or video conferences or chat communication
- Contact information, especially first and last name, title (in some cases), address, telephone number, email address
- Other information in the context of the communication and collaboration.
Zoom Video Communications, Inc. 55 Almaden Blvd, Suite 600, San Jose, CA 95113 (“Zoom”) handles the personal information exchanged through its teleconferencing tool as a processor on our behalf and according to our instructions, subject to strict confidentiality obligations. You can find information about the processing of your personal information through Zoom, for Zoom’s own purposes at https://zoom.us/privacy.
You can also contact Zoom through its EU representative Lionheart Squared Ltd, Attn: Data Privacy, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin DO2 EK84, Republic of Ireland (zoom@LionheartSquared.eu) or directly at privacy@zoom.us. You can also contact us for requests about the handling of personal data in the context of a Zoom Meeting.
The service provider for Microsoft Teams is Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich (“Microsoft”). For the technical implementation of Microsoft Teams functions, we transfer the aforementioned data to Microsoft. Microsoft is obligated to maintain strict confidentiality and processes the data only on behalf, and following the instructions, of the DAZ. You can find information about the processing of your personal data by Teams for Teams’ own purposes at https://learn.microsoft.com/de-de/microsoftteams/teams-privacy and https://www.microsoft.com/de-de/trust-center/privacy?rtc=1. The Microsoft corporation, as the US-parent corporation of Microsoft, is certified in the Data Privacy Framework, so that your data are also adequately protected there. You can find further information here:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active
The purpose of, as well as the legal basis for, processing this personal information derives in principle from the particular context of communication or cooperation. Such contexts and the corresponding legal bases are described in this data protection information document in sections 2.1 and 2.13. Additionally, according to the legal framework Article 6(1)(1)(f) GDPR, it is in our legitimate interest to use Zoom and Microsoft Teams as an instrument to facilitate communication with you.
Audio and video data via Zoom or Microsoft Teams, which emerge during an audio or video conference or screen sharing session, are only processed for the duration of the conference, or session, and are directly erased following the conference or session. Recordings that are preserved after the fact cannot be created without your special, express permission. Furthermore, personal data from this session are deleted or anonymized as soon as their storage is no longer required, unless legal regulations require or permit further storage.
3. The Duration of Data Processing
We save your data only as long as it is necessary to serve the purpose for which we have collected it, including the purpose of fulfilling legal, accounting, or reporting requirements. In order to determine the appropriate amount of time to store the data, we take into account the amount, kind, and sensitivity of the data, the potential risk of damage through unauthorized use of it, as well as the reason that we are processing your data, and if we can achieve this purpose by other means and following other legal requirements. The longest period of retention is 10 years (retention period according to Section 147 of the Fiscal Code of Germany for tax-related documents).
Cookies, whose purpose is described above, are saved for 30 days. You can also delete cookies at an earlier point yourself (also described above). Data from requests or contact forms (membership at the DAZ, language courses, library membership) are deleted when the matter is completed. We save the newsletter ordering information until the subscription to the newsletter is cancelled.
4. Sharing Your Data with a Third Party
For the specific technical processes of data analytics, processing, and storage, we employ external service providers (for example, for the storage of back-up copies or to solve technical problems). These service providers are carefully selected and fulfill high standards of data protection and data security. They are obligated to strict confidentiality requirements and process your data on our behalf, according to our instructions.
We work with companies and other parties, which have a special expertise in certain areas or on specialist topics (for example shipping services, auditors, and lawyers). These parties are either subject to a professional obligation to confidentiality or have been obligated by us to confidentiality by means of a contract concerning data processing. In terms of the necessary forwarding of personal data to these entities, the legal basis for the cooperation depends on the content of the respective cooperation Article 6(1)(1) (b) or (f) GDPR, given that the DAZ has a legitimate interest in making use of the support of these entities.
With the use of Zoom, and in the context of the services of Google and YouTube, your data may be transferred to countries outside of the European Union/European Economic Area, where there is an inadequate level of protection provided according to the European Commission. To protect your personal information, the DAZ has concluded contracts with the respective providers that contain the European Commission’s standard clauses (you may request these by writing to the DAZ, contact information provided below).
The DAZ only discloses personal data to authorities and third parties in accordance with legal regulations. Third parties only receive information if a legal provision requires or permits it.
5. Your Rights
You have the right to information about the personal data processed by the DAZ and, if legal requirements are met, a right to the rectification, deletion, and restriction of data processing. You also have the right, if legal requirements are met, to receive the personal information you have provided in a conventional, structured, and machine-readable format. This includes the right to transmit this data to a designated controller. If it is technically possible, you also have the right to request that the DAZ transmits this information directly to this outside controller.
If you have given permission for the processing of your data, you can withdraw this consent at any time with effect for the future.
If the processing of your data is based on the balance of interests, according to Article 6(1)(1)(f) GDPR, you can object to the processing of your data at any time under the conditions described in Article 21 GDPR. In this case, we will not process your data unless there is a legal precedent/there is an exceptional case regulated by law.
In order to exercise your rights and for questions and complaints about the use of personal data, you can contact us at info@daz.org at any time.
Moreover, you have the right to contact the relevant regulatory authority with complaints.
Status of the Data Privacy Policy in translation: October 2023