1. Data controller and contact details for the data protection officer

The data processing controller in accordance with data protection laws is:

• Deutsche Forschungsgemeinschaft e. V. (DFG)
  Kennedyallee 40
  53175 Bonn
  Germany
  Tel. +49 228 885-1
  postmaster@dfg.de
  www.dfg.de/en

Should you have any queries or concerns in relation to data processing, please feel free to get in touch with us.

Joint controllership:

In connection with certain (virtual) events where the DFG cooperates with other partner organisations in Germany and abroad, the DFG is jointly responsible with other organisations for the processing of your personal data. The DFG has concluded a joint controller agreement with these organisations. You will find a list of the relevant cooperations with information concerning the joint controller organisations (including their contact details), as well as information on the essential content of the joint controller agreements here:

• View list

You can contact our data protection officer as follows:

• Dr. Karsten Kinast, LL.M.
  KINAST Rechtsanwaltsgesellschaft mbH
  Hohenzollernring 54
  50672 Köln
  Germany
  Tel. +49 221 222 1830
  mail@kinast.eu
  www.kinast.eu/en

2. Purpose and legal basis of data processing

Below, you will find an overview of the purposes and legal basis of data processing in connection with our (virtual) events. The description of the purposes and legal basis is broken down as follows: information that applies to both types of events and information that applies only to face-to-face events or only to virtual events.

2.1 General

2.1.1 Preparation and hosting the (virtual) event for contract fulfilment

We process personal data relating to you and your accompanying person(s) (where applicable) if this is necessary to prepare and carry out your participation in our (virtual) event. The purposes include the following in particular:

• Compilation of Participant lists; VIP participant lists with publicly accessible pictures,
• Registration of applications,
• Sending of invitations or access data for virtual events,
• Sending of lists of participants to speakers,
• Sending of information material and/or presentations after completion of the virtual event,
• If the production and publication of image and sound material is part of a contractual main obligation between you and the DFG:
  • Recording of the (virtual) event (film and sound recordings) for the purpose of later publication,
  • Live streaming via video conferencing platforms,
  • Live streaming on social media channels (YouTube, Facebook, Twitter, Instagram),
  • Publication of photographs on social media channels, the DFG website, print media,
  • Publication of film and sound material on social media channels, the DFG website.

When registering for the (virtual) event, the following mandatory information will be requested, which is identified by a “*” symbol: Title, first name, surname, company/institution, e-mail address, first name and surname of accompanying person(s) (where applicable). It is not possible to register without providing the mandatory information.

During the registration process, you may also have the option of voluntarily providing additional information: [additional name information, company contact details]. Please note that this information is not required for the registration and it is your decision alone as to whether to provide us with this data or not.

The data processing takes place in accordance with point (b) of Article 6 Paragraph 1 GDPR.

2.1.2 Safeguarding legitimate interests

We also process your personal data in order to safeguard our legitimate interests or those of third parties. During this process, we pursue the following interests, which are also the respective purposes:

• Sending of invitations to (virtual) DFG events,
• Sending of lists of participants to attendees at DFG events who are not speakers so as to bring researchers together to engage in discussion,
• Sending of feedback forms relating to (virtual) DFG events in order to optimise the event format.

The data processing takes place in accordance with point (f) of Article 6 Paragraph 1 GDPR.

2.1.3 Consent

Should you have given your consent for specific purposes, the purposes are stated in the content of the consent which has been given.

In cases where you provide your data for this purpose, the data is processed in accordance with point (a) of Article 6 Paragraph 1 GDPR. You can withdraw your consent at any time, without the lawfulness of the processing which took place with your consent prior to the withdrawal being affected. In the situations described below, the processing of your personal data depends on your consent, providing any contractual relationship with you does not serve as a legal basis under point (b) of Article 6 Paragraph 1 GDPR (see Section 2.1.1) (in particular if you are not acting as a presenter, moderator or similar):

• Recording of the (virtual) event (film and sound recordings) for the purpose of later publication,
• Live streaming via video conferencing platforms,
• Live streaming on social media channels (YouTube, Facebook, Twitter, Instagram),
• If as you are recognisable in photographs and are not merely an “accessory”: Publication of photographs on social media channels, the DFG website, print media,
• Publication of film and sound material on social media channels, the DFG website,
• Publication of lists of participants after the (virtual) event on the DFG website.

2.2 Face-to-face events

2.2.1 Preparation and implementation of a face-to-face event

When preparing and implementing a face-to-face event, we may also process your personal data in order to create name badges.

Data processing takes place in accordance with point (b) of Article 6 Paragraph 1 GDPR.

2.2.2 Safeguarding legitimate interests

We also process your personal data in order to safeguard our legitimate interests. During this process, we pursue the following interests, which are also the respective purposes:

• Taking and publication of photographs (in particular group photos, unless the case stated in Number 2.2.3 applies) on the website of the DFG and in print publications for the purpose of reporting on the event.

The data processing takes place in accordance with point (f) of Article 6 Paragraph 1 GDPR.

2.2.3 Consent

For pictures of individual persons or small groups of persons in which you are featured and which may be published in reports concerning our face-to-face-event on the website of the DFG and in print publications, the consent of you and your accompanying person(s) is generally necessary (see Number 2.1.3). This may be obtained expressly at our event by asking you or your accompanying persons(s) or may take place implicitly by means of the willing participation of you and your accompanying person(s). Should you or your accompanying person(s) not wish such pictures to be taken, you should make the photographers aware of this. More precise information concerning this will be made available at the relevant events.

2.3 Virtual events

2.3.1 Consent

Some virtually organised events may be recorded (see Numbers 2.1.2 and 2.1.3). Here you will be asked to provide your consent before the virtual event. You can also give your consent by implication in that you take part in the event in the knowledge that it will be recorded, without contradiction. If you do not wish your speech to be recorded, you can inform the event organiser immediately prior to speaking so that the event organiser can interrupt the recording.

2.4 Erasure

We erase the data under Numbers 2.1 to 2.3 when it is no longer necessary for the purposes pursued by us of preparing and carrying out your participation in our (virtual) event and where no other legal basis is applicable. Should the latter situation apply, we erase the data once the other legal basis is no longer applicable.

3. Recipients of personal data

Internal recipients: Within the DFG, access is only available to those persons who require it for the purposes named under Number 2. These are the employees in the Central Events Management Department, as well as those employees with professional responsibility or co-responsibility for the event.

External recipients: We only pass your personal data on to external recipients outside of the DFG if this is necessary in order to prepare and carry out your participation in our event, if another legal authorisation exists or if we have received your consent for this.

Possible external recipients include:

a) Bodies who are joint controllers with us

When organising (virtual) events in cooperation with other partner organisations, joint controllership may apply to data processing by us and other organisations. The necessary data will then be exchanged with these organisations. Further information will be made available in each individual instance as part of the invitation to any (virtual) event to which these requirements apply.

b) Processors

External service providers whom we engage for the provision of services, for example the technical infrastructure and maintenance for the offer of the registration platform service. These processors are carefully selected by us and are regularly audited in order to ensure that your privacy remains protected. The service providers may only use the data for the purposes stated by us. We use the following service providers in particular when realising virtual events:

• T-Systems (WebEx).

c) Public bodies

Authorities and state institutions, for example public prosecutor's offices, courts or financial authorities to whom we must provide personal data for legally compelling reasons.

d) Private bodies

Agents, cooperation partners or aids to whom data is transferred in order to carry out our event on the basis of consent or a legal basis, for example participant management systems. Live streaming, video recordings and photographs are regularly posted on the following social media channels:

• YouTube (Google Ireland Limited),
• Facebook (Facebook Ireland Limited),
• Twitter (Twitter International Company),
• Instagram (Facebook Ireland Limited).

4. Data processing in third countries

Should data be transferred to bodies whose place of business or data processing location is not in a Member State of the European Union or another Member State of the European Economic Area, we ensure prior to the handover that, except in exceptional cases permitted by law, either an adequate level of data protection is present on the part of the recipient (for example by means of an adequacy decision of the European Commission, by means of suitable guarantees such as the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or your sufficient consent has been obtained.

5. Sources and categories of data when collected by third parties

We do not only process personal data which we obtain from you directly. We receive some personal data from third parties in advance.

Below, you will find an overview of the sources and the categories of data where this is collected by third parties:

• We receive first name, surname and address data from the following in particular:
  • Alexander von Humboldt Foundation
  • Companies affiliated with Stifterverband für die Deutsche Wissenschaft (Deutsches Stiftungszentrum GmbH, ZiviZ gGmbH, SV Gemeinnützige Gesellschaft für Wissenschaftsstatistik GmbH, Bildung und Begabung gGmbH)
  • Winners of the Heinz Maier-Leibnitz Prize, Gottfried Wilhelm Leibniz Prize and the Communicator Award
  • The universities which have been selected as hosts for the DFG annual general meeting
  • The Foundation for Polish Science (FNP) in connection with the Copernicus Award
  • German Academic Exchange Service (DAAD)
  • German Climate Consortium (DKK)
  • German University Cairo (GUC)
  • German Marine Research Consortium (KDM)
  • Max Planck Society (MPG)
  • Additional partner organisations as well as steering committees within the framework of organising joint events.

We also process data available from public sources such as websites or publication databases.

6. Automated individual decision-making, including profiling

No automated decision-making in an individual case, including profiling as defined in Article 22 of the GDPR, takes place.

7. Duration of storage

Please see the relevant section concerning data processing in order to find out for how long personal data is stored.

In addition, the following generally applies: We only store your personal data for as long as is necessary for the fulfilment of the purposes or, in the case of consent, for as long as you have not withdrawn your consent. If you withdraw your consent, we will erase your personal data, unless the continued processing is permitted in accordance with the applicable statutory provisions.

We will also erase your personal data if we are obliged to do so for legal reasons.

8. Rights of data subjects

As a data subject, you have various rights. These include:

Right of access: You have the right to be informed what data relating to your person is stored by us.

Right to rectification and erasure: You can request that we rectify any incorrect data and, should the statutory requirements be fulfilled, you can request that we erase your data.

Restriction of processing: Should the statutory requirements be fulfilled, you can request that we restrict the processing of your data.

Data portability: Should you have provided data under a contract or with your consent, then provided that the statutory requirements are met, you can request to receive the data which you have provided in a structured, commonly used and machine-readable format or request that we transfer this data to another controller.

Objection to data processing in case of the “legitimate interest” legal basis:

Withdrawal of consent: Should you have given us your consent to the processing of your data, you can withdraw this at any time with effect for the future. The lawfulness of the processing of your data prior to the withdrawal remains unaffected by this.

Right to complain to the supervisory authority: You can also lodge a complaint with the responsible supervisory authority, should you consider that the processing of your data breaches applicable laws. For this purpose, you can contact the data protection authority which is responsible for your place of residence or country or the data protection authority which has jurisdiction over us.

Getting in touch with us and exercising your rights: Should you have any queries concerning the processing of your personal data, your rights as a data subject and any consent which you have given, you can get in touch with us free of charge. In order to exercise any of the rights listed above, please send an email to postmaster@dfg.de or send a letter to the address provided under Number 1. Please ensure that we are able to clearly identify you. To withdraw your consent, you can also use the contact channel which you selected when giving consent.