Privacy Policy
Disclaimer:
The following text is only for informational purposes. In cases of conflicts the German version governs.
Data Protection Policy in Accordance with GDPR
The German American Center/James-F.-Byrnes Institute, Charlottenplatz 17, 70173 Stuttgart (subsequently referred to “the DAZ” or “we”) takes the protection of your personal information very seriously. We handle it exclusively within the framework of current data protection regulations.
Specific terms relating to data protection, which are not defined in this policy, can be looked up in the legal provisions, namely Article 4 GDPR.
In the following, you will find information about which personal data is processed by us when you visit our website and use our services. Further, we will inform you about your rights with respect to the handling of your personal data.
Responsibility for the Processing of Personal Data
The DAZ is responsible for the lawful processing of your data.
1. Personal Data
According to Article 1 GDPR, personal data is all information relating to an identified or identifiable individual. An identifiable individual is someone who can be recognized by means of an identifier such as a name, an identification number, a location, an online identifier, or one or more specific traits, such as the description of the individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.
2. Processed Data and the Purposes of Processing
2.1 Usage Data
When you visit our website, we save the operating system you use, the name of your internet service provider, the website from which you have accessed our site, the pages that you visit on our website, the date, time, and duration of your visit and information about your internet browser. In addition, we save your IP address, although the last four digits are anonymized.
These usage data are processed in order to make our services accessible to you from a technical perspective (for example, to adapt them to the device you are using), to be able identify technical problems that may occur as well as to detect and prevent abuse. In addition, we employ usage data in an anonymized form for statistical purposes and to improve our website. Legal basis for the handling of personal usage date can be found at Article 6(1)(1)(f) GDPR.
2.2 Newsletter
If you would like to receive our newsletter, we require your email address. Further, when you register for the newsletter, your IP address, the date, and the time of registration are saved. These data are exclusively processed for the purpose of sending you the newsletter and detecting possible misuse of an email address. They will be saved by us as long as you make use of our newsletter service.
You can unsubscribe to the newsletter at any time without incurring any costs beyond the transmission costs in accordance with the basic tariffs. You can cancel by clicking on the link in the newsletter or sending a message to info@daz.org. As soon as you have clicked on the unsubscribe link, you will no longer receive the newsletter and your newsletter data will be deleted. The legal basis for the handling of the above-described data is Article 6(1)(1)(a) GDPR (newsletter subscription) or Article 6(1)(1)(f) GDPR (email verification).
2.3 Membership
If you would like to become a member of the DAZ, you can either fill out the form provided on the website or use a paper form (available at the DAZ). The following information will be collected.
- Company name (if applicable)
- Your first and last name
- Your email address
- Your complete address (street, house number, zip code, city)
- Your telephone number.
We will handle these personal data in the processing of your membership application as well as the establishment and implementation of your membership status. The legal basis for the processing of data is Article 6(1)(1)(b) GDPR.
Additionally, you can give us a direct debit authorization for the purpose of withdrawing membership fees by sending us your account details (name of account holder, name of bank, IBAN, BIC) separately. This information will be processed to complete the transaction of paying membership fees. The legal basis for the processing of the above-described data is Article 6(1)(1)(b) GDPR.
These data will be saved as long as you maintain your membership with the DAZ. Your data will be erased immediately upon the termination of your membership. The deletion of the data will not occur if we are legally entitled or required to save them (for example, for billing purposes or to comply with legal retention periods). The legal basis for the processing of the above-described data is Article 6(1)(1)(b,c,f) GDPR.
2.4 English Courses
If you would like to register for one of our English courses, you can either download and fill out one of the forms provided on the website or fill out the corresponding form online. The following data is collected for registration:
- Title
- Your first and last name
- Your email address
- Your full address (street, house number, zip code, city)
- Your telephone number (optional)
- The name of the course that you have selected (which does not however allow conclusions to be drawn about you)
- Course start
- Information about a possible preexisting DAZ membership as well as information about already completed courses.
In order to pay the course fees, you can provide a direct debit authorization by separately sending us your account information (the name of the account holder, the name of the bank, IBAN, BIC). This information will be processed for the purpose of handling your request correctly and, if necessary, managing the payment. The legal basis for the processing of the above-described data is Article 6(1)(1)(b) GDPR.
Digital appointment lists are maintained with the support of YourSecureCloud GmbH (Eichenberg 118, 91729 Haundorf), which receives access to the personal information listed above in order to provide their technical services. The provider was carefully chosen and fulfills high standards of data protection and data security. It is bound to a strict confidentiality policy and processes your data only on our behalf and according to our instructions. The above-mentioned data is saved only as long as you maintain your DAZ membership, or you finish your language course. Your data will be immediately deleted with the cancelation of your membership or the end of your language course. The deletion of the data will not occur if we are legally entitled or required to save them (for example, for billing purposes or to comply with legal retention periods). The legal basis for the processing of this data is, depending on the individual case, Article 6(1)(1)(b,c,f) GDPR.
2.5 Registration for Other Events
It may be required for you to register in advance by email, online form, or mail, if you want to take part in an event in our cultural or school program. For this purpose, we collect your email address and possibly also your contact information (title, first and last name, street address, as well as your telephone number). To facilitate the smooth functioning of the cultural and school programs, the DAZ may also provide personal information to (external) speakers or group leaders, who are running the respective cultural or school program.
If there are special security measures for our events, more information might be required, depending on the security format. You will be specifically informed of this. If you give the information to us, we will also process the title as well as the first and last name of the person accompanying you. We will keep these data exclusively for the purpose of allowing you, and possibly your guest, to attend our event.
The legal basis for this is Article 6(1)(1)(b) GDPR.
2.6 Library Membership
2.6.1. Library Membership (Physical Inventory Held at the DAZ)
Registration and Borrowing
As a part of your registration for general library use (physical inventory), we collect and store the data you provide on the registration form and use it with your identification number or library card number for library services. The data collected includes:
- Title,
- First and last name,
- Email address,
- Date of birth,
- Full address (street, house number, postal code, city),
- User group (for example: adult, member, student)
- Proof of identification
We process your data in order to provide services such as registering you in our library system in compliance with specific borrowing conditions; identifying you for provision of library materials and upon checkout of library materials; and contacting you via email or postally with notifications regarding your library account and library usage; such as payment reminders, clarifications in connection with your library account, or extending your library account. The provision of an identification document upon registration is solely for identification purposes. Data from your identification document will not be saved.
The legal basis is Art. 6 (1) (b) GDPR. It is necessary to process your data in order for the DAZ to provide the services agreed upon in the contract signed during registration for our library. You are not required to provide us with your data, but we cannot complete the registration process without it.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The collected data will be stored for the duration of use. The same applies for the physical copy of the registration form. Library accounts will not be deleted in the case of outstanding library loans or fees. In the case of a legal obligation (for example, to fulfill tax laws), the documents and data legally required for billing purposes will be retained for up to 10 years. The legal basis for this is Art. 6 (1) (c) GDPR.
Use of the Digital Library Catalog “Findus”
In order to provide access to the digital library catalog “Findus;” through which users can search and reserve Media, extend the loan period on borrowed media, and view their library accounts; we use services provided by Findus Internet-OPAC (owned by Richard Lippmann, Gablonzer Str. 1, 90522 Oberasbach). Findus Internet-OPAC receives access to the above-mentioned personal data in order to provide its technical services to us. This library catalog provider has been carefully chosen and fulfills high data protection and security standards. Findus Internet-OPAC is bound to strict confidentiality and only processes data in accordance with our instructions. A corresponding contract for data processing has been concluded with Findus Internet-OPAC.
If you have chosen to be informed via email of due dates for borrowed media or the availability of reserved media, your email will be used for this purpose. You can unsubscribe from this service at any time in the settings of your Findus account.
You also have the option to be informed through Findus of new arrivals in the library catalog. If you subscribe to this service, your email address will be used for this purpose. You can unsubscribe from this service any time via the link provided in these emails.
2.6.2 E-Checkout (eBooksUSA Inventory)
Registration for E-Checkout
Upon registering for E-Checkout, the data you provide on the registration form will be collected, saved, and, together with your identification number, used for library services. The processed data includes:
- Title,
- First and last name,
- Email address,
- Date of birth,
- Address (street, house number, postal code, city),
- User group (for example: adult, member, student),
- Proof of identity
We process your data in order to provide services such as identifying and registering you for the library service, contacting you via email or postally with notifications regarding your library account, clarifications in connection with your library usage, or the extension of your library account. The provision of an identification document upon registration is solely for identification purposes. Data from your identification document will not be saved.
The legal basis is Art. 6 (1) (b) GDPR. The data is processed for the purpose of providing our services under the contract concluded with you for the use of the e-library service. You are not required to provide us with your data, but we cannot complete the registration process without it.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The collected data will be stored for the duration of use. The same applies for the physical copy of the registration form. Library accounts will not be deleted in the case of outstanding library loans or fees. In the case of a legal obligation (for example, to fulfill tax laws), the documents and data legally required for billing purposes will be retained for up to 10 years. The legal basis for this is Art. 6 (1) (c) GDPR.
Overdrive (eBooksUSA lending platform)
In order to enable the borrowing of e-books as part of library use, we use the digital services of the provider OverDrive. OverDrive offers digital content (e.g., e-books and e-audiobooks) for public libraries, schoolchildren, and students. OverDrive, Inc. is a US provider based at One OverDrive Way, Cleveland, OH 44125, USA.
E-books, e-audiobooks, digital magazines and newspapers are offered by OverDrive via the Libby app. Users are responsible for borrowing digital content from OverDrive. To borrow content, users must register for the online library service at the DAZ library or be a DAZ member.
To register, you must create an account with OverDrive or the Libby app. All you need to register is your e-library card number or DAZ membership number and your PIN. OverDrive requires this information to authenticate you as an authorized user. OverDrive compares the information you enter with a database in which we have stored only your membership number or your e-library card number and your PIN.
OverDrive does not give any of your personal data to us. This means, for example, that we cannot connect the borrowing history of a library user to their account.
OverDrive is responsible for the services it provides to you. We have no influence on data processing at OverDrive and are not responsible for it.
When you use OverDrive or the Libby app, OverDrive processes personal data such as: IP addresses, device type, device ID, browser, operating system, referrer URL, website visited, member number or e-library card number, PIN, library name, borrowing history, reservations, reading progress, bookmarks, highlights, notes, and location data. According to OverDrive, OverDrive may also use your data for other purposes, such as for analysis and advertising purposes or service optimization.
The legal basis for storing your data in OverDrive’s authentication database is Art. 6 (1) (b) GDPR. The processing of data is necessary for the performance of our services under the contract concluded with you.
OverDrive does not provide precise information regarding the time by which your data will be deleted. We therefore recommend that you delete your OverDrive account if you are no longer interested in using it and then submit a request as to the deletion status of your data and accounts to OverDrive. We cannot request OverDrive to delete your data. We will delete your data from OverDrive’s authentication database as soon as your DAZ membership or e-library membership has expired.
Further information on data processing at OverDrive is available in English at: https://company.cdn.overdrive.com/policies/privacy-policy. OverDrive provides a German language privacy policy at https://static.od-cdn.com/202010_OverDrive-GeneralDataProtectionStatement-Datenschutzerklarung.pdf.
Please note that OverDrive also transfers data processed in connection with the above-mentioned purposes to servers outside the EU, in particular to the US, when necessary in order to provide these services. As a US provider, OverDrive does not guarantee data protection adhering to the GDPR. For EU citizens in particular, this means an increased risk as US security authorities could view and process your data. Furthermore, the ability to appeal against the actions of the US security authorities is limited. For this reason, it is the responsibility of each user to decide whether the data collected in connection with the borrowing of e-books and e-audiobooks should be processed and stored by OverDrive, or whether to refrain from using these specific services.
For more information on the topic of automated decision-making, including profiling, please refer to section 6.7 of OverDrive’s privacy policy at https://static.od-cdn.com/202010_OverDrive-GeneralDataProtectionStatement-Datenschutzerklarung.pdf.
2.7 Photos and Videos at Events
Photos and videos, depicting you, may be taken or recorded at DAZ events for the purposes of documentation. Your data will be processed based on our legitimate interest in providing visual documentation of the events we organize, and it may be used as part of our reporting, press and publicity, particularly on social media, on the DAZ website and in various radio, TV, and print media. Further, the DAZ’s publicity material may be provided to other media as press information. The legal basis for the processing of the above-described data is Article 6(1)(1)(f) GDPR.
You have the right to object to the creation and use of photos and videos that include you. Please address the event staff on site.
The data stored by us will be deleted as soon as they are no longer required for their intended purpose and their deletion does not conflict with any statutory obligations for retention.
2.8 Job Applications
If you apply for a job at the DAZ and send us your application and accompanying documents, we process the following data:
- First and last name
- Title (in some cases)
- Address
- Telephone number
- Email address
- Qualification-related material, in particular the information contained in a CV, such as education and work experience, copies of recommendation letters and degrees
- Application photo (in some cases)
- Information (in some cases) about (possibly planned or hoped for) future education as well as professional emphases and interests and hobbies (when appropriate).
This information will be handled to facilitate the application process. The legal basis for the processing of the above-described data is Article 6(1)(1)(b) GDPR, possibly in conjunction with Section 26 (1) BDSG.
2.9 Cookies
We use so-called cookies to make visits to our website more attractive and to facilitate the use of particular functions. By “cookies,” we mean small text files that are stored on your device. Some of the cookies used by us are erased after the end of your browser session, when you shut down your browser (so-called session cookies). Other cookies stay on your device and allow us to recognize your browser at your next visit (so-called long-term cookies). The use of cookies does not allow us to ascertain your email address and other identifying information, nor can we access other files on your computer.
The legal basis for the processing of personal data with the use of cookies is your consent following Article 6(1)(1)(a) GDPR. This consent can be withdrawn anytime with effect for the future.
Cookies are saved on your device, and you have full control over their use. By changing the settings of your internet browser, you can deactivate or reduce the transmission of cookies. Already saved cookies can be deleted at any time. This can also happen automatically. If you disable cookies for our website, you may not be able to fully use all the functions of the website.
2.10 Website Analytics Service
The DAZ websites also use the functions of the web analytics service Matomo. The service provider is Innocraft Limited, 6/150 Willis Street, Te Aro, Wellington 6011, New Zealand.
Matomo uses cookies as well. The information collected with the use of cookies through this internet site are transferred onto, and saved on, a server in the EU. The data are anonymized in the transfer. In so far as there is any transfer of personal information to New Zealand, personal data is adequately protected; the European Commission has recognized that the level of data protection in New Zealand as appropriate (2013/65/EU).
The categories of personal data, which is processed by Matomo (only with anonymized in personal form) include your IP address, time zone, screen resolution, approximate location, browser language setting, device used, and data about your use behavior (for example, what you have viewed, date/time of access, clicked links, number of website visits, etc). Further information about the type of collected data can be found at https://matomo.org/faq/general/faq_18254/.
Matomo uses the information generated by the Matomo cookie on behalf of the DAZ, evaluating the use of website in order to generate reports about activity on the website. The Matomo-Cookie is deployed only after previous consent.
More detailed information can be found at https://matomo.org/gdpr-analytics/.
The legal basis for this processing of personal data is your consent following Article 6(1)(1)(a) GDPR.
2.11 Google Services
The DAZ uses Google Ads including Conversion Tracking and Tag Manager. Please refer to the German version of our privacy policy for more details.
The DAZ uses map material from the service Google Maps on its website to show the location of the center. The service provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). In order to increase the protection of your data, Google Maps has been integrated into our website by way of a “2 click solution.” This means that a connection with the Google server is first created when you activate the Plugin and thereby indicate that you want to use the service. When you call up the map, you also activate cookies used by Google Maps, which transmit your IP address. The information collected in this transaction is usually transferred to a Google server in the USA and saved there. Further information about the conditions of usage and data protection is available at http://www.google.com/intl/de_de/help/terms_maps.html or https://policies.google.com/privacy?hl=de.
The DAZ websites also make use of YouTube, a video platform from YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA (“YouTube”). YouTube is a subsidiary of Google. To enhance the protection of your data, YouTube has been integrated into our website by way of a “2 click solution.” This means that a connection with the YouTube server is first created when you activate the Plugin and thereby indicate that you want to use the service. YouTube videos are used in “Enhanced Privacy Mode.” According to YouTube, “Enhanced Privacy Mode” does not place any cookies. You can find further information about data protection at https://policies.google.com/privacy?hl=de.
The legal basis for this processing of your personal data is Article 6(1)(1)(f) GDPR.
You can prevent the transfer of your information to Google by not using the Google services incorporated into our website.
2.12 Social Media
We also offer you information about our programs on our Facebook, Instagram, and LinkedIn sites. If you send a request via these sites, we forward it to the appropriate department. The information is exclusively used to answer your request and is not provided to a third party. The legal basis for the processing of personal data in terms of the context of processing your request is Article 6(1)(1)(f) GDPR.
You must be registered with Facebook, Instagram or LinkedIn in order to contact us on these sites. The companies that run these services may also process your personal information. We have no control over the manner, amount, or processing of these data. In order to limit our responsibility in relation to your personal information on Facebook/Instagram and LinkedIn, we have completed a contract with the respective companies that you can see at https://www.facebook.com/legal/terms/page_controller_addendum and https://legal.linkedin.com/pages-joint-controller-addendum.
The legal basis for the processing of your data is Article 6(1)(1)(f) GDPR.
2.13 Online-Meetings via Zoom and Microsoft Teams
We process personal data to the extent that it is necessary to communicate and collaborate with you on Zoom or Microsoft Teams. We handle the following categories of personal information, to the extent it is necessary:
- Details, which you have entered into your own accounts at Zoom or Microsoft Team, especially username, language preference, possibly a profile picture
- Technical data that are necessary for the functioning of a Zoom or Microsoft Teams, especially IP address, time and length of use, Meeting-ID, protocol and other usage data
- Audio and/or video data from participants in audio or video conferences or chat communication
- Contact information, especially first and last name, title (in some cases), address, telephone number, email address
- Other information in the context of the communication and collaboration.
Zoom Video Communications, Inc. 55 Almaden Blvd, Suite 600, San Jose, CA 95113 (“Zoom”) handles the personal information exchanged through its teleconferencing tool as a processor on our behalf and according to our instructions, subject to strict confidentiality obligations. You can find information about the processing of your personal information through Zoom, for Zoom’s own purposes at https://zoom.us/privacy.
You can also contact Zoom through its EU representative Lionheart Squared Ltd, Attn: Data Privacy, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin DO2 EK84, Republic of Ireland (zoom@LionheartSquared.eu) or directly at privacy@zoom.us. You can also contact us for requests about the handling of personal data in the context of a Zoom Meeting.
The service provider for Microsoft Teams is Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich (“Microsoft”). For the technical implementation of Microsoft Teams functions, we transfer the aforementioned data to Microsoft. Microsoft is obligated to maintain strict confidentiality and processes the data only on behalf, and following the instructions, of the DAZ. You can find information about the processing of your personal data by Teams for Teams’ own purposes at https://learn.microsoft.com/de-de/microsoftteams/teams-privacy and https://www.microsoft.com/de-de/trust-center/privacy?rtc=1. The Microsoft corporation, as the US-parent corporation of Microsoft, is certified in the Data Privacy Framework, so that your data are also adequately protected there. You can find further information here:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active
The purpose of, as well as the legal basis for, processing this personal information derives in principle from the particular context of communication or cooperation. Such contexts and the corresponding legal bases are described in this data protection information document in sections 2.1 and 2.13. Additionally, according to the legal framework Article 6(1)(1)(f) GDPR, it is in our legitimate interest to use Zoom and Microsoft Teams as an instrument to facilitate communication with you.
Audio and video data via Zoom or Microsoft Teams, which emerge during an audio or video conference or screen sharing session, are only processed for the duration of the conference, or session, and are directly erased following the conference or session. Recordings that are preserved after the fact cannot be created without your special, express permission. Furthermore, personal data from this session are deleted or anonymized as soon as their storage is no longer required, unless legal regulations require or permit further storage.
3. The Duration of Data Processing
We save your data only as long as it is necessary to serve the purpose for which we have collected it, including the purpose of fulfilling legal, accounting, or reporting requirements. In order to determine the appropriate amount of time to store the data, we take into account the amount, kind, and sensitivity of the data, the potential risk of damage through unauthorized use of it, as well as the reason that we are processing your data, and if we can achieve this purpose by other means and following other legal requirements. The longest period of retention is 10 years (retention period according to Section 147 of the Fiscal Code of Germany for tax-related documents).
Cookies, whose purpose is described above, are saved for 30 days. You can also delete cookies at an earlier point yourself (also described above). Data from requests or contact forms (membership at the DAZ, language courses, library membership) are deleted when the matter is completed. We save the newsletter ordering information until the subscription to the newsletter is cancelled.
4. Sharing Your Data with a Third Party
For the specific technical processes of data analytics, processing, and storage, we employ external service providers (for example, for the storage of back-up copies or to solve technical problems). These service providers are carefully selected and fulfill high standards of data protection and data security. They are obligated to strict confidentiality requirements and process your data on our behalf, according to our instructions.
We work with companies and other parties, which have a special expertise in certain areas or on specialist topics (for example shipping services, auditors, and lawyers). These parties are either subject to a professional obligation to confidentiality or have been obligated by us to confidentiality by means of a contract concerning data processing. In terms of the necessary forwarding of personal data to these entities, the legal basis for the cooperation depends on the content of the respective cooperation Article 6(1)(1) (b) or (f) GDPR, given that the DAZ has a legitimate interest in making use of the support of these entities.
With the use of Zoom, and in the context of the services of Google and YouTube, your data may be transferred to countries outside of the European Union/European Economic Area, where there is an inadequate level of protection provided according to the European Commission. To protect your personal information, the DAZ has concluded contracts with the respective providers that contain the European Commission’s standard clauses (you may request these by writing to the DAZ, contact information provided below).
The DAZ only discloses personal data to authorities and third parties in accordance with legal regulations. Third parties only receive information if a legal provision requires or permits it.
5. Your Rights
You have the right to information about the personal data processed by the DAZ and, if legal requirements are met, a right to the rectification, deletion, and restriction of data processing. You also have the right, if legal requirements are met, to receive the personal information you have provided in a conventional, structured, and machine-readable format. This includes the right to transmit this data to a designated controller. If it is technically possible, you also have the right to request that the DAZ transmits this information directly to this outside controller.
If you have given permission for the processing of your data, you can withdraw this consent at any time with effect for the future.
If the processing of your data is based on the balance of interests, according to Article 6(1)(1)(f) GDPR, you can object to the processing of your data at any time under the conditions described in Article 21 GDPR. In this case, we will not process your data unless there is a legal precedent/there is an exceptional case regulated by law.
In order to exercise your rights and for questions and complaints about the use of personal data, you can contact us at info@daz.org at any time.
Moreover, you have the right to contact the relevant regulatory authority with complaints.
Status of the Data Privacy Policy in translation: July 2026