c/o German Scholars Organization
Friedrichstrasse 60
10117 Berlin
Germany

In this privacy policy, we would like to explain how we process personal data and inform you about your rights. We are aware of the importance of the processing of personal data for you as a data subject, so observe all relevant legal requirements. The protection of your privacy is of the utmost importance to us. Our processing of your personal data complies with the General Data Protection Regulation as well as national data protection regulations. Software from Paulbergmann GmbH, Wichertstrasse 47, 10439 Berlin, is used for our online presence, especially the alumni platform (https://www.alumnii.de).

Data processing controller

German Scholars Organization
Dr. Anne Schreiter
Friedrichstrasse 60
10117 Berlin
Germany
Email: info@gsonet.org

Definitions of Terms

This privacy policy uses the terminology of the General Data Protection Regulation (GDPR).

“Personal data” is any and all information that relates to an identified or identifiable natural entity (hereinafter “data subject”); a natural entity is regarded as identifiable if they can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the natural entity’s physical, physiological, genetic, psychological, economic, cultural or social identity.

“Processing” is any process carried out with or without the help of automated procedures or any series of processes in connection with personal data, such as collection, recording, organization, ordering, storage, adaptation or editing, reading, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

“Restriction of processing” involves the labelling of stored personal data with the aim of restricting its future processing.

A “file system” is any structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is managed centrally, decentrally or according to functional or geographical criteria.

A “controller” is the natural or legal entity, authority, institution or other body that, alone or jointly with others, decides the purposes and means of processing personal data; if the purposes and means of this processing are specified by union law or the law of member states, the controller or the specific criteria for their appointment can be provided for in accordance with union law or member state law.

A “processor” is a natural or legal entity, authority, institution or other body that processes personal data on behalf of the controller.

A “recipient” is a natural or legal entity, authority, institution or other body to which personal data is disclosed, regardless of whether this is a third party or not. Authorities that may receive personal data as part of a specific investigation according to union law or member state law are not considered recipients; these authorities process this data in accordance with applicable data protection regulations and the purposes of the processing.

A “third party” is a natural or legal entity, authority, institution or other body, apart from the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

Informed, unequivocal “consent” is granted by the data subject voluntarily for a particular case upon presentation of a declaration or any other unequivocal action with which the data subject states their agreement to the processing of their personal data.

Processing

We collect and process the following personal data about you:

• Contact details and address insofar as you have provided us with your contact information or registered on our site,

• Online identifiers (e.g. your IP address, browser type and version, the operating system used, referrer URL, IP address, file name, access status, the amount of data transferred, and the date and time of the server request),

• Social media identifiers.

• IP addresses are assigned to every device (e.g. smartphone, tablet, PC) that is connected to the internet. Which IP address this is depends on how your device is currently connected to the internet.

• Application (by post, email or the application portal),

• Carrying out of events,

• Video conferencing

• Management of the alumni platform

Purposes of data processing

• For contact requested by you,

• For information about our services,

• To process contracts,

• For advertising purposes,

• For press and communication purposes,

• To send our email newsletter if you have subscribed,

• For quality assurance purposes,

• For our statistics and

• The preparation and carrying out of virtual and face-to-face events, recordings, especially live streams, and the publication of images, video and sound recordings on social media channels, our website and print media.

When you register as a member of AlumNode, we collect data that is generated when you interact with our system. We save contact data and images that you enter or upload onto the system. We save messages that you send to other members, comments that you leave on the platform, groups that you subscribe to, your tags and your participation in events. In order to regularly improve the relevance of our emails, we record whether you have opened and clicked on the email newsletter.

The purpose of data collection is networking among platform members, article 6 paragraph 1 sentence 1 b) of the GDPR. In order to fulfill our obligations, we need your name and an email address. Without the provision of this data, membership of our network is not possible. We may require additional mandatory information to authenticate members.

All other data can be provided voluntarily; this makes it easier for us and other members to get in touch. You can see the data stored about you in the settings area of your profile; this allows you to find out about stored data. You also have the option of deleting your data in the settings area.

Your data can be viewed by employees of the German Scholars Organization e.V. , the associated Heidelberg Laureate Forum Foundation and the Klaus Tschira group, Schloss-Wolfsbrunnenweg 33, 69118 Heidelberg, in order to ensure the administration and fulfillment of our purpose. Your data will be shared with other members for the purpose of networking (address book). Your profile settings let you control what data can be viewed by other members.

From time to time, we will contact you by email to inform you about career opportunities, news, and events on the platform. A newsletter is also sent out regularly. We also use your address, your status or your program affiliation to this end. You have the option to object to receiving the corresponding newsletter in your profile settings

When members apply for “alumni funding”, their name, occupation and required application documents are made available to a jury. In addition, we use your bank account / PayPal data to transfer the funds in the event of a grant. Even if you have objected to receiving newsletters in general, we reserve the right to send you emails for the purpose of forwarding information regarding relevant events for members.

Legal Basis for Data Processing

Your data is processed on the following legal basis:

• Your consent according to article 6 paragraph 1 a) of the GDPR,

• To execute a contract with you in accordance with article 6 paragraph 1 b) of the GDPR,

• To fulfill legal obligations in accordance with article 6 paragraph 1 c) of the GDPR or

• Based on a legitimate interest in accordance with article 6 paragraph 1 f) of the GDPR.

If we process your personal data for legitimate interests within the meaning of article 6 paragraph 1 f) of the GDPR, this may encompass

• Improving our services

• Preventing misuse or

• Keeping internal statistics.

Data Sources

We receive data from you (including about the devices you use). If we do not collect the personal data directly from you, we will also inform you of the source from which the personal data originates and, if applicable, whether this originates from publicly accessible sources.

Transmission / Data Recipient

When processing your data, we work with the following service providers who have access to your data:

• Our cooperation partner, the Heidelberg Laureate Forum Foundation, Schloss-Wolfsbrunnenweg 33, 69118 Heidelberg, provider of web analysis tools,

• Web hosting providers,

• Administrative service providers,

• Video conferencing service providers,

• Payment service providers,

• Advertising agencies,

• Print service providers,

• Social media.

Data is transferred to third countries outside the European Union. This is done on the basis of statutory contractual provisions that are intended to ensure the adequate protection of your data. You can view these on request.

Duration of Processing

We only store your personal data for as long as is necessary to achieve the processing purpose or for the duration of the statutory retention period if the data is subject to one. We store your data

• Until you revoke your consent at the latest, if you have granted your consent,

• Until the statutory retention period ends or for as long as we have a contractual relation-

  ship with you at the latest, if we need the data for the execution of a contract,

• For as long as your interest in deletion or anonymization does not outweigh our interests, if we use the data based on a legitimate interest.

Your Rights

You have the right - although certain conditions apply in some cases -

• To request information about the processing of your data free of charge and to receive a copy of your personal data. You can request information regarding the purposes of processing, the categories of personal data being processed, the recipients of your data (if it is passed on), the duration of storage or the criteria for determining such duration;

• To correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of processing;

• To have your data deleted or blocked. Reasons for the existence of a right to deletion / blocking may include the revocation of the consent on which the processing is based, the data subject’s objection to the processing or the unlawful nature of the processing of the personal data;

• To have processing restricted;

• To object to the processing of your data;

• To revoke your consent for the processing of your data for the future and

• To complain to the responsible supervisory authority about unlawful data processing.

Further Data Protection Information

Contact Form

The contact form on our website provides you with an easy way to get in touch with us quickly. Some fields are marked as required as these facilitate contact. If you fill out the fields and select “Send Contact Request”, you agree that your data will be sent to us by email along with your message. Data is not saved on the web server.

Email Newsletter

When you subscribe to our newsletter, we use the data required for this or separately provided by you in order to regularly send you our email newsletter. You can unsubscribe from the newsletter at any time either by sending a message via the contact method described above or via the unsubscribe link provided in the newsletter.

Data Security

We have taken extensive technical and organizational measures to protect your data from possible dangers such as unauthorized access, unauthorized disclosure, modification and distribution, as well as loss, destruction and misuse.

In order to protect your personal data from unauthorized third party access during transfer, we secure data transmissions using SSL encryption where necessary. This is a standardized encryption method for online services, especially for the web.

Log Files

Every time our website is accessed, use data is transmitted by the respective internet browser and stored in server log files. The data records saved in this process contain the following data: domain from which the user accessed the website, date and time of retrieval, IP address of the accessing computer, website(s) that the user visited as part of the service, amount of data transferred, browser type and version, operating system used, name of internet service provider, notification as to whether the request was successful. These log file data records are evaluated in an anonymized form in order to improve our service and make it more user-friendly, to find and correct errors, and to control the load on servers.

All personal data is automatically deleted after 24 months at the latest.

Cookies

See https://gsonet.org/cookie-politik-eu/

Social Media

Twitter

Plugins provided by microblogging platform Twitter Inc. (Twitter) are integrated into our website. You can recognize Twitter plugins on our website (Tweet button) by the Twitter logo. You can find out more about Tweet buttons here (https://about.twitter.com/resources/buttons). When you visit a page on our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter is notified that you have visited our site with your IP address. If you click Twitter’s “Tweet button” while you are logged into your Twitter account, you can link the content of our website to your Twitter profile. This enables Twitter to assign your visit to our website to your user account. We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or of how this is used by Twitter. If you do not want Twitter to be able to assign your visit to our website, please log out of your Twitter user account. You can find more information on this in Twitter’s privacy policy.

LinkedIn

In addition, we have included a link (LinkedIn social media icon) to our presence on LinkedIn on our website. If you call up this page and use this provider’s services, usage data may be recorded and possibly saved in server logs. We have no influence on the type or scope of the data transferred or stored. Further information on the data collected by LinkedIn, its storage and its use can be found in the provider’s privacy policy.

YouTube

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.youtube.com; privacy policy: https://policies.google.com/privacy; settings for the display of advertisements: https://adssettings.google.com/authenticated; use is not mandatory.

Payment Services

PayPal

We charge a participation fee for some events. Further information can be found on the relevant event page. As part of this contractual relationship, we offer data subjects an efficient and secure payment option via payment service providers. The data processed by the payment service provider includes data such as name and address, bank details, in particular account numbers or credit card numbers, as well as contract and calculation information. This information is required to carry out the respective transactions. However, the data entered will only be processed and stored by the payment service provider. If you use the PayPal payment service, we do not receive any information related to your account or credit card, just information confirming that the payment has been approved or rejected. These transactions are subject to the relevant provider’s contractual and data protection provisions. The payment service provider is used on the basis of article 6 paragraph 1 b) of the GDPR (contract processing) as well as in the interest of a smooth, comfortable and secure payment process (article 6 paragraph 1 f) of the GDPR). Insofar as your consent is required for further data processing and this has been granted, the legal basis for processing is article 6 paragraph 1 a) of the GDPR; consent can be revoked at any time for the future.

To this end, we refer to the terms and conditions and privacy policy (https://www.paypal.com/de/webapps/mpp/ua/privacy-full ) of the payment service provider PayPal (Europe) S.à.rl et Cie, SCA, 22- 24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full

You also have the option of paying the participation fee by bank transfer. The payment information you enter with your payment service provider, in particular your account data, is processed and stored there. We receive your account-related information and the amount of the payment from your payment service provider

OpenStreetMap

Our website alumnode.org uses OpenStreetMap (OSM), provided by Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. OpenStreetMap is a web service for displaying interactive maps in order to visually display geographical information. When you use this service, the location of other users is shown to you and your location is shown to other users. When you call up the subpages in which the OSM map is integrated, information about your use of the website (such as your IP address) is transmitted to and stored by OSMF. OSMF might save Cookies in your browser and might save text files on your computer that allow an analysis of the use of the website. If you do not wish that Cookies are saved in your browser, you might block that in your browser settings, however, this might interfere with the full scope of functions of the website. Your location can also be recorded if you have this in your device settings - e.g., on your mobile phone. The provider of this site has no influence on this data transfer.

The use of OSM takes place in particular in accordance with article 6 paragraph 1 f) of the GDPR on the basis of OSMF legitimate interests in displaying their services and/or ensuring the needs-based design of its website.

Information on how OpenStreetMap stores your data can be found at: https://wiki.openstreetmap.org/wiki/Privacy_Policy

Audio and Video Conferencing

Among other things, we use online conference tools to communicate with our target group. The individual tools we use are listed below. If you communicate with us online via video or audio conference, your personal data will be recorded and processed by us as well as the provider of the relevant conference tool. These conference tools collect all data that you provide/employ to use the tools (e.g. email address). The conference tools also process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” in connection with the communication process (metadata).

We use the following conference tools:

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://zoom.us/de-de/privacy.html

Wonder

We use Wonder as a video conference system. Wonder is software provided by Yotribe GmbH, Kommandantenstrasse 77, 10117 Berlin. Wonder collects browser data while you use the service. This includes your IP address, browser type, pages accessed, the duration and date of use, device ID and diagnostic data. Wonder’s current privacy policy can be viewed here:

www.wonder.me/privacy-policy.

More Online Tools and Providers

Limesurvey

We use the Limesurvey survey system. Limesurvey is a free survey software program. It can be used to create, publish and conduct web-based surveys. The survey results are recorded in a database and can be evaluated or exported by the survey creators using internal functions. Limesurvey’s current privacy policy can be viewed here:

https://www.limesurvey.org/support/faq/39-data-protection-and-policy

TaskCards

We use the TaskCards online platform. This software enables the creation and sharing of digital notice boards. The TaskCards platform is developed and operated by the German company dSign Systems GmbH. The servers for the platform are exclusively located in Germany. TaskCards’ current privacy policy can be viewed here:

https://www.taskcards.de/#/privacyPolicy

Status of This Privacy Policy

November 2021
We reserve the right to change this privacy policy at any time with future effect.