Data Privacy Notice for Reviewers
As Deutscher Akademischer Austauschdienst e.V. (DAAD), we are pleased that you are willing to participate as a reviewer in the funding decisions within the context of the SAFE project. The processing of your personal data takes place exclusively within the scope of the applicable statutory provisions of data protection law, in particular the General Data Protection Regulation (hereinafter "GDPR"). As your privacy is an important concern for us, we would like to inform you at this point about the processing of your personal data and about your privacy rights within the context of your activity as a reviewer.
I. Who is responsible for the data processing and who is the data protection officer?
1. Controller responsible for the data processing
The controller responsible for the data processing within the meaning of the data protection laws is:
Deutscher Akademischer Austauschdienst e.V.
Kennedyallee 50
53175 Bonn (Germany)
Tel.: (+49) 0228-882 0
Email: datenschutz@daad.de
https://www.daad.de
2. You can contact our data protection officer as follows:
Dr Gregor Scheja
Scheja & Partners GmbH & Co. KG
Adenauerallee 136
53113 Bonn
Germany
Tel.: (+49) 0228-227 226 0
https://www.scheja-partner.de/kontakt/kontakt.html
www.scheja-partner.de
II. What is the subject-matter of the data protection?
The subject-matter of the data protection is personal data. Personal data are any information relating to an identified or identifiable natural person (so-called data subject). This includes, e.g. details such as name, postal address, email address or telephone number.
III. Which of my personal data are processed?
Within the context of your activity as a reviewer, we process only the personal data from you that relate to your activity as a reviewer.
In detail, these may be:
- contact details, including your name, date of birth, your email address, telephone number and address
- the name of your institution
- your specialised field
- data, in the form of a CV, relating to your current professional activity, your expertise, also in respect of any activity as a reviewer, and your international experience
IV. What purposes are pursed by the processing of my personal data, and on what legal basis does this take place?
Below, we provide you with an overview of the purposes and legal bases of the processing of your personal data within the context of your activity as a reviewer:
1. Data processing for the purposes of the performance of a task and for compliance with the duty to report
We process your personal data for the preparation and implementation of the activity as a reviewer within the context of the SAFE project. The purposes depend upon your specific task and encompass in particular:
The data processing takes place on the basis of Article 6 (1) b) GDPR. Moreover, the data processing by DAAD takes place for the purposes of compliance with the duty to report to DAAD's funding providers, also on the basis of Article 6 (1) c) GDPR.
Insofar as we purposefully process special categories of personal data within the meaning of Art. 9 (1) GDPR, this takes place exclusively on the basis of your express consent (Art. 9 (2) a) GDPR).
You may withdraw your consent at any time. Please note that such withdrawal will only be effective for the future; i.e. it will not affect the lawfulness of the data processing that has already taken place on the basis of your consent up to the time of withdrawal.
The data processing takes place on the basis of Article 6 (1) a) GDPR.
We shall delete the data when they are no longer necessary for the purposes pursued by us within the context of the activity as a reviewer, and there are no other applicable legal bases, in particular statutory or contractual retention periods.
2. Compliance with further legal obligations
In some circumstances, we also process your personal data in order to comply with statutory obligations ensuing from, e.g. commercial, tax, finance or criminal law. In this respect, the purposes of the processing ensue from the respective statutory obligation. As a rule, the processing takes place for compliance with state obligations to monitor and to provide information.
In this respect, the data processing takes place on the basis of Article 6 (1) a) GDPR.
We shall delete the data after the legal obligation ends, and insofar as there are no other applicable legal bases, in particular statutory or contractual retention periods.
3. Processing for safeguarding legitimate interests
To the extent necessary, we likewise process your personal data for safeguarding our legitimate interests. We process your personal data only if this is consistent with your fundamental rights and freedoms.
This may be the case in the following instances:
- protection and security of IT resources
- processing for statistical purposes
- processing for conducting a complaint procedure
The data processing in this respect takes place on the basis of Article 6 (1) f) GDPR. Our legitimate interests in this regard lie in the pursuit of these purposes.
We shall delete the data when they are no longer necessary for the purposes pursued by us, and there is no other applicable legal basis.
V. Are my personal data also collected from third parties?
We process only the personal data we receive directly from you within the context of your activity as a reviewer.
VI. Does automated decision-making or profiling take place?
We use neither automated decision-making nor profiling, in accordance with Art. 22 GDPR.
VII. Do I have to provide my personal data?
Within the context of your activity as a reviewer, you must provide the personal data necessary for the preparation and implementation of the activity as a reviewer and for the performance of the contractual or statutory duties associated therewith, or that we are legally obliged to process. If these data are not provided, you may possibly be unable to act as a reviewer.
VIII. Who has access to my data, and which recipients receive these?
Within DAAD, only those employees who absolutely need to access your personal data in order to perform their roles or tasks will have access to your personal data.
We shall pass on your personal data to external recipients only if there is a legal justification for doing so, or you have consented thereto. External recipients may include:
- Cooperation partners of DAAD in the SAFE project (Campus France, Collège de France, UNIMED)
- Members of the SAFE selection commission (consortium partners of the SAFE project as well as external experts from research and science, science management, selected subject-matter experts - selection takes place at a later point in time)
- Processors: service providers that, for example, we use for rendering services in the human resources sphere or that are entrusted with the maintenance of our IT systems. We diligently select and regularly review these processors in order to ensure that your personal data are in good hands. The service providers may use your personal data only for the purposes pre-specified by us.
- Public entities: authorities and state institutions, e.g. public prosecution offices, courts or financial authorities as well as public financiers of DAAD, to whom we are required to transfer personal data in some cases where necessary.
- Private entities: traders, other cooperation partners or auxiliary persons to whom the data are transferred for holding the selection meetings on the basis of consent or a legal basis, for example hotels, event organisers etc.
IX. Are my personal data intended to be transferred to third countries?
Within the context of your activity as a reviewer, your personal data will, in some cases, be transferred to entities whose registered office or place of data processing is not situated in a Member State of the European Union or in another state that is party to the Agreement on the European Economic Area. Prior to such transfer, we shall ensure that, apart from in exceptional cases permitted by law, either there is an adequate level of data protection at the recipient (e.g. as a result of an adequacy decision of the European Commission, as a result of suitable safeguards such as an agreement on so-called EU standard data protection clauses of the European Commission with the recipient) or you have expressly given your consent.
X. For how long will my data be stored?
For information on the duration of storage of your personal data, please refer to the relevant chapter relating to data processing under Section IV.
XI. What data subject rights am I entitled to?
You are entitled to the following rights with regard to the processing of your personal data:
- Right of access to your personal data
You have the right to obtain from us confirmation of whether or not we process personal data concerning you. If this is the case, you have the right to access your personal data and further information regarding the processing.
- Right to rectification
You have the right to obtain rectification of your incorrect personal data and completion of incomplete personal data.
- Right to erasure ("right to be forgotten")
Under certain circumstances, you have the right to obtain from us the erasure of your personal data. This right exists, for example, if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, or if the personal data have been unlawfully processed.
- Restriction of the processing
Under certain circumstances, you have the right to obtain from us restriction of the processing of your personal data. In such case, we shall store only the personal data for which you have given your consent or for which the GDPR allows processing. For example, you may have a right to restriction of the processing if you have disputed the accuracy of your personal data.
- Data portability
Unless you have provided us with personal data on the basis of a contract or consent, you may, provided that the statutory prerequisites are met, demand to receive in a structured, commonly used and machine-readable format the personal data provided by you, or that we transfer these data to another controller responsible for the processing.
- Withdrawal of consent
Where you have given us your consent to the processing of your personal data, you may withdraw this consent at any time with effect for the future. The lawfulness of the processing of your personal data up to the time of withdrawal will remain unaffected hereby.
- Objection to the processing on the basis of a "legitimate interest"
You have the right to object, on grounds relating to your particular situation, at any time to the processing of the personal data concerning you that takes place on the basis of Art. 6 (1) f) GDPR (data processing on the basis of a balancing of interests). If you lodge an objection, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
- Right to complain to the supervisory authority
Moreover, you have the right to lodge a complaint with the competent supervisory authority if you are of the opinion that the processing of your personal data breaches applicable law. To this end, you may turn to the data protection authority that is competent for the place where you reside or work or where an alleged breach took place, or to the data protection authority that is competent for us. The competent authority is the supervisory authority of the Federal State where you reside or work or where the alleged breach that is the subject-matter of the complaint took place.
XII. To whom can I turn with questions or for asserting my data subject rights?
For questions relating to the processing of your personal data or for asserting your data subject rights specified in Section XI. nos. 1 to 7, you can contact us free of charge. Please use our contact details under Section I. no. 1. For withdrawing your consent, you may also always choose the contact channel you used to submit the declaration of consent.
