1. Controller

The party responsible (“controller”) for data processing is:
Deutscher Akademischer Austauschdienst e.V.
(German Academic Exchange Service)
Kennedyallee 50
53175 Bonn
Contact: datenschutz@daad.de

2. Data protection officer

You can reach our data protection officer at:
Dr Gregor Scheja
Scheja und Partner Rechtsanwälte mbB | External data protection officers
Adenauerallee 136
D-53113 Bonn
Telephone: +49 (0)228 2272260
Contact: https://www.scheja-partner.de/en/contact/contact.html

3. Your rights as a data subject

As a data subject, you have the following rights under the General Data Protection Regulation (GDPR) insofar as the relevant statutory requirements are met:

Access: You are entitled to receive information about processed data concerning you.

Rectification: You can request that incorrect data concerning you be corrected. Furthermore, you can request that incomplete data be completed.

Erasure: In certain cases, you may request that your personal data be deleted.

Restriction of processing: In certain cases, you may request that the processing of your data be restricted.

Data portability: If you have provided us with data on the basis of a contract or a declaration of consent, you can request that you receive the data you provided in a structured, commonly-used and machine-readable format or that this information be sent to a different controller.

Right to object

Case-specific right to object

You have the right to object at any time – on grounds relating to your particular situation – to the processing of personal data concerning you which is carried out on the basis of Art. 6, section 1 (e) of the GDPR or Art. 6, section 1 (f) of the GDPR; this also applies to profiling based on this provision. These personal data will then no longer be processed for these purposes unless it can be demonstrated that compelling, legitimate grounds exist for such processing which override your interests, rights and freedoms, or if such processing is required for the raising, exercise or defense of legal claims. To make use of your right to object, please use the contact details specified in clause 2.

Right to object to data processing for the purposes of direct marketing

In certain individual cases, your data may be processed for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling to the extent that it is related to such direct marketing. Where you object to data processing for the purposes of direct marketing, your personal data will no longer be processed for these purposes.

Withdrawal of consent: If you have given your consent to the processing of your data, you can withdraw this consent at any time with future effect. However, this does not affect the lawfulness of any processing of your data conducted prior to your withdrawal of consent. In addition to the procedures detailed under “Asserting your rights”, you can also declare your withdrawal under the terms of the relevant information in “Exercise of revocation” in the “Services & cookies” section.

Asserting your rights: In order to exercise any of the rights specified above, please send an email to datenschutz@daad.de or get in contact by post using the address specified above under Point 1. When you do so, please make sure that we can clearly identify you.

Right to appeal: You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your usual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data is unlawful.

4. Automated individual decision-making, including profiling

Automated individual decision-making, including profiling as defined by Article 22 of the GDPR do not take place in connection with the use of our service.

5. Details on services, cookies, etc.

5.1 Our services

5.1.1 General

1. a) Description of service:

• Data categories: Date and time of access, length of visit, type of device, operating system used, functions used, volume of data sent, type of event, IP address, domain name
• Purpose(s): Provision of service
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: Technical operability
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): yes–
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: Immediately following delivery by web server
• Duty to provide personal data and potential consequences of failure to provide: No obligation to provide, automated collection by calling up the service
• Exercising the right to object: —
• Data sources: Direct collection when calling up the website/service

1. b) Log files:

• Data categories: Accessed URL, IP address of user, time and date of access, volume of data transmitted, website from which the user accesses the requested page (referrer), websites accessed by the user’s system through our website, http status, information about browser type and version used, user’s operating system, user’s Internet service provider
• Purpose(s): Statistical analyses, website improvement, system security (e.g. preventing misuse), error diagnosis
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support, government agencies on request
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: 7 days after creation
• Duty to provide personal data and potential consequences of failure to provide: No obligation to provide, automated collection by calling up the service
• Exercising the right to object: —
• Data sources: Direct collection when calling up the website/service

5.1.2. Funding program, research cooperation project, event without registration

1. a) Search of cooperation projects, events, funding programs

• Data categories:
  • Cooperation projects: country, city, grant awarding institution, time period of the funding, duration, areas of the research project
  • Events: date range, event location
  • Funding program: Duration, funded by, Areas of research project
• Purpose(s): Execution of search according to specified criteria
• Legal basis/bases: Article 6, section 1 (b) of the GDPR
• Legitimate interests pursued if applicable: —
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: Duration of session; if registration takes place, the data is transferred to the user profile, see Point 5.1.3a
• Duty to provide personal data and potential consequences of failure to provide: No obligation to provide
• Exercising the right to object: —
• Data sources: Direct collection upon response to questions

5.1.3. Personalized use of ConnectING portal

1. a) Registration for ConnectING portal

• • Data categories: first name, last name, email address, password, ID
  • Purpose(s):Registration for ConnectING portal
  • Legal basis/bases: Article 6, section 1 (b) of the GDPR
  • Legitimate interests pursued if applicable: —
  • Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
  • Third-country transfers, adequacy decision (yes/no): Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; No
  • Safeguards and access possibilities to those: EU standard contractual clauses, consent
  • Storage periods or criteria for their determination: After the user has deleted their account and a DAAD employee has carried out a manual check to ensure that no further DAAD services are linked to the account
  • Duty to provide personal data and potential consequences of failure to provide: Registration is not possible without providing the data
  • Exercising the right to object: —

• Data sources: Direct collection upon registration

1. b) ConnectING, my research projects, funding programs, events

• Data categories:
  • Funding programs: funding provided by, program title, funding organization(s), logo, research field, description, eligibility, beneficiary, what can be funded, duration of funding, grant amount, application deadline, link, contact information (title, name, family, name, designation, email address)
  • Research project: title of project, website, logo, areas of research, leading research institution, partner institution(s), project description, duration, time period of the funding, grant awarding institution, grand received, contact information (title, name, family, name, designation, email address)
  • Event: name, website, logo, organizer, logo of organizer, event date, event location, description, contact information (title, name, family, name, designation, email address)
• Purpose(s): Offering of public information
• Legal basis/bases: Article 6, section 1 (b) of the GDPR
• Legitimate interests pursued if applicable: —
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Storage periods or criteria for their determination: In principle, deletion after the user has removed the data or deleted the account
• Duty to provide personal data and potential consequences of failure to provide: No obligation to provide.
• Exercising the right to object: —
• Data sources: Direct collection in user profile

1. c) Initiating contact with research and funding institutions via ConnectING

• Data categories: name, email-adress, designation, request (mandatory fields)
• Purpose(s): Initiating contact with selected research projects/institutions
• Legal basis/bases: Article 6, section 1 (b) of the GDPR
• Legitimate interests pursued if applicable: —
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support, selected higher education institutions
• Third-country transfers, adequacy decision (yes/no): Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; No
• Safeguards and access possibilities to those: EU standard contractual clauses, consent
• Storage periods or criteria for their determination: In principle, deletion after the user has removed the respective request to the higher education institution or deleted the account
• Duty to provide personal data and potential consequences of failure to provide: Mandatory entries provided in the contact form are marked with “*”. Without this information, contact cannot be initiated
• Exercising the right to object: —
• Data sources: Direct collection in contact form

5.2. Cookies

We use cookies on ConnectING to provide you with an extensive range of functions, to make our portal more user-friendly and to optimise our platform. Cookies are small text files that are generated by a web server and stored on your computer by the web browser used during your online session.

Click here to change the cookie settings: Change cookie settings.

We use what are known as session cookies. These are automatically deleted when you terminate your browser session.

We also use persistent cookies for the primary purpose of being able to provide permanent, recurring settings to you as a visitor to our website. This allows us to customise our website in accordance with your individual preferences. Persistent cookies also permit us to perform analyses of a visitor’s usage behaviour, but only for as long as the cookie remains valid.

This website uses Google Analytics with the extension “_anonymizeIp()”. This has the effect of truncating IP addresses before further processing.

In addition, other cookies (third-party cookies) may be stored in connection with your use of specific third-party services by the providers of those services.

You can configure the browser settings on your device to prevent the storage of cookies if you do not want to them to be used. Please be aware that the functionality and functional scope of our platform may be restricted as a result. Furthermore, we will then only use certain cookies after obtaining your prior consent (see below). You may also avail yourself of special options to opt out of the use of certain cookies (see below). Please refer to the information contained in the following tables for extensive details on the type, scope, purposes, legal bases and opt-out options with regard to data processing in connection with these cookies.

5.2.1. First-party cookies

Name: cookielawinfo-checkbox-functional

• Data categories: Cookie-ID
• Purpose(s): The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category “Functional”.
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: 11 Months
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the “Chronicle” or “Local Data” settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Direct collection when calling up the website/service

Name: cookielawinfo-checkbox-google-analytics

• Data categories: Cookie-ID
• Purpose(s): This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Analytics”.
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: 11 Months
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the “Chronicle” or “Local Data” settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Direct collection when calling up the website/service

Name: cookielawinfo-checkbox-necessary

• Data categories: Cookie-ID
• Purpose(s): This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Necessary”.
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: 11 Months
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the “Chronicle” or “Local Data” settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Direct collection when calling up the website/service

Name: viewed_cookie_policy

• Data categories: Cookie-ID
• Purpose(s): The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: 11 Months
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the “Chronicle” or “Local Data” settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Direct collection when calling up the website/service

Name: wordpress_logged_in_[hash] 

• Data categories: Cookie-ID
• Purpose(s): The cookie wordpress_logged_in_[hash] is used to indicate when you are logged in, and who you are. This cookie is maintained on the front-end of the website as well when logged in..
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: End of session
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the “Chronicle” or “Local Data” settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Direct collection when calling up the website/service

Name: wordpress_sec_

• Data categories: Cookie-ID
• Purpose(s): This cookie provides protection against hackers, store account details.
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: 15 days
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the “Chronicle” or “Local Data” settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Direct collection when calling up the website/service

Name: wp_user_logged_in

• Data categories: Cookie-ID
• Purpose(s): TThis cookie used to check logged is user status
• Legal basis/bases: Article 6, section 1 (b and f) of the GDPR
• Legitimate interests pursued if applicable: See purposes
• Recipients or categories of recipients: Internal departments, hosting provider, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): —
• Safeguards and access possibilities to those: —
• Cookie validity/storage period: End of session
• Duty to provide personal data and potential consequences of failure to provide: Scope of functions may be restricted if cookies are blocked
• If applicable, exercise of withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the “Chronicle” or “Local Data” settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Direct collection when calling up the website/service

5.2.2. Google Analytics/third-party cookies

Name: _ga

• Data categories: Cookie-ID, Domain
• Purpose(s): This cookie enables Google Analytics to distinguish between users
• Legal basis/bases: Article 6, section 1 (a) of the GDPR
• Legitimate interests pursued if applicable: —
• Provider/recipient: Google LLC; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible employee at DAAD, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): USA; no
• If applicable, guarantees for third-country transfers and possibility of access possibilities to these: EU standard contractual clauses, consent
• Cookie validity/retention period: 2 years
• Obligation to provide personal data and potential consequences of non-provision: No obligation to provide
• If applicable, exercise to withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the “Chronicle” or “Local Data” settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Collection by provider upon/following declaration of consent

Name: _gat_gtag_UA_210540589_1

• Data categories: Cookie-ID, Domain, UA
• Purpose(s): This cookie is used to limit the number of requests sent to Google Analytics
• Legal basis/bases: Article 6, section 1 (a) of the GDPR
• Legitimate interests pursued if applicable: —
• Provider/recipient: Google LLC; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible employee at DAAD, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): USA; no
• If applicable, guarantees for third-country transfers and possibility of access possibilities to these: EU standard contractual clauses, consent
• Cookie validity/retention period: 1 minute
• Obligation to provide personal data and potential consequences of non-provision: No obligation to provide
• If applicable, exercise to withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the “Chronicle” or “Local Data” settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Collection by provider upon/following declaration of consent

Name: _gid

• Data categories: Cookie-ID
• Purpose(s): This cookie enables Google Analytics to distinguish between users
• Legal basis/bases: Article 6, section 1 (a) of the GDPR
• Legitimate interests pursued if applicable: —
• Provider/recipient: Google LLC; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible employee at DAAD, external service provider for technical support
• Third-country transfers, adequacy decision (yes/no): USA; no
• If applicable, guarantees for third-country transfers and possibility of access possibilities to these: EU standard contractual clauses, consent
• Cookie validity/retention period: 24 hours
• Obligation to provide personal data and potential consequences of non-provision: No obligation to provide
• If applicable, exercise to withdrawal: If you do not want online services to use cookies and local storage functions, you can control this in the settings of your respective browser, depending on the platform, in the operating system of the respective app. You will also receive an overview of your stored cookies. You can delete or block cookies at any time. You can manage local storage content in your browser using the “Chronicle” or “Local Data” settings, depending on which browser you use. We would like to point out that this may result in functional restrictions.
• Source of data: Collection by provider upon/following declaration of consent

5.3. Social Plug-Ins

This website uses social plug-ins from the social media Facebook, Twitter and LinkedIn operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, and LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, respectively. You will find three buttons on our website, enabling you to share content on Facebook, Twitter and LinkedIn so that you can conveniently recommend our website to friends on your preferred social media platforms. A so-called Shariff solution has been implemented on our website. When you call up our website, data is not automatically sent to the relevant social media.

But when you click on a social media button, your browser uses this social plug-in to set up a direct connection to the server of the relevant social network. We have no influence on the scope of the data which is collected by the social media operators in this way. The operators process the information that you have called up our website. If you are also logged into one of the social media platforms at that time, the operator can match up your account with the relevant social media site. If you then also interact with the social plug-in by clicking “Like” or “Share”, the relevant social media site will process that information. Even if you are not a member of one of these social media platforms, it is possible for them to find out your IP address through the social plug-in and then possibly store this information. Further information about the scope and purpose for which data is processed, collected and used by Facebook, Google and Twitter, as well as your rights in this respect and the setting options, can be found in each company’s data protection policy:

www.facebook.com/policy.php
www.twitter.com/privacy
www.whatsapp.com/legal/
https://www.linkedin.com/legal/privacy-policy

If you do not want social media to collect data via our website, make sure you do not click on the relevant buttons. In addition, you can block social plug-ins via add-ons in your browser.

5.4 Map service

This website uses the map service Google Maps, operated by Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). When you access a page that includes Google Maps, your browser connects directly with the Google servers. The map content is transmitted directly to your browser and integrated into the website by Google via a so-called iFrame. If you do not wish Google to collect, process or use data about you via our website, you can disable JavaScript in your browser settings. However, if you do so, you will not be able to use the map display. Further details about data processing by Google can be found in the Google Privacy.

5.5. Links to third-party websites

If websites and services by other site owners are linked to this website, they have been and will continue to be designed and supplied by third parties. We have no influence on the design, content or function of third-party services, and we expressly distance ourselves from any content provided by linked third-party sites. Please remember that third-party sites linked to this website may have their own cookies which are installed on your device to collect personal data. We have no influence over this. In such cases you may wish to obtain more information directly from the owners of the third-party websites linked to this site.

6. Recipients of personal data

Internal recipients: Within the DAAD, access is limited to persons requiring it for the purposes specified under clause 5.

External recipients: We only share your personal data with external recipients outside the DAAD if this is required for managing or processing your request, if there is some different legitimate permission or if you have given us your consent for this purpose.

External recipients may be:

1. a) Processors
   External service providers we use for the provision of services, for instance in the technical infrastructure and maintenance of the DAAD’s own services or for the provision of content. We carefully select such processors and regularly check them to ensure the safeguarding of your privacy. Service providers may only use data for the purposes we specify.
2. b) Public bodies
   Public authorities and state institutions, such as public prosecutors, courts of law and fiscal authorities to which we need to send personal data for mandatory legal reasons.
3. c) Private bodies
   Cooperation partners and assistants, to whom data is transmitted on the basis of consent or a mandatory requirement.

7. Data processing in third countries

If data is transmitted to bodies that have their head offices or data-processing locations outside EU member states and outside states forming part of the EEA, we ensure before disclosure that – except for certain legally permitted exceptions – those bodies either have your adequate consent or they provide an adequate level of data protection (for instance, through an adequacy decision taken by the European Commission, through suitable guarantees such as the recipient’s self certification for the EU-US Privacy Shield or the agreement of so-called standard EU contractual clauses with the recipient). You can request from us a list of recipients in third countries and a copy of the provisions that have been agreed in each case to ensure an adequate level of data protection. To do so, please use the contact details given in clause 1.

8. Retention period

You will find the retention period for personal data in the relevant chapter on data processing. We generally apply the rule whereby we only save your personal data for as long as they are required to fulfil their purposes or – if you have given your consent – until you revoke your consent. If you revoke your consent, we erase your personal data, unless further processing is permitted under the relevant applicable statutory provisions. We also erase your personal data if we are under an obligation to do so on legal grounds.

 

9. Update status

The latest version of this data protection statement shall be applicable. Last updated: 26th May 2022