Datenschutz

Data Protection Rules and Consents

The Goethe-Institut e.V., Dachauer Str. 122, 80637 Munich ("Goethe-Institut" or "We") is the operator of the website www.goethe.de ("Website") and the responsible body for the personal data of the website's users ("You") in the sense of the EU data protection basic regulation (GDPR) and German data protection laws, in particular the Federal Data Protection Law (BDSG).

Content

  1. Informational use of the website
  2. Data collection and use for the contract execution
  3. Registration and Goethe.de account
  4. Google reCAPTCHA and Google Maps
    a) Google reCAPTCHA
    b) Google Maps
  5. Data collection and use for the purposes of direct advertising
    a) Postal advertising
    b) Email newsletters
  6. Cookies
  7. Web analytics
    a) Webtrekk
    b) Google(Universal) Analytics
  8. Remarketing
    a) Google AdWords Remarketing
    b) DoubleClick
    c) Google Tag Manager
    d) Facebook Retargeting
  9. Social Networks
    a) Use of social plugins and widgets from Facebook, Twitter, Google+, Instagram and VKontakte using the Shariff solution
    b) Using widgets from Spotify and Soundcloud
    c) Youtube and Vimeo video plugins
  10. Data distribution to third parties
    a) Data transfer to Goethe-Instituts
    b) Data transfer to the central examination archive
    c) Data transfer to German foreign embassies
  11. Data protection
  12. Your rights and data protection contact information
  13. Right of objection


The Goethe-Institut takes the protection of your data very seriously. With this privacy policy we want to transparently inform you about which personal data ("your data") we collect, process and use if you visit our website and/or use the Goethe-Institut website.

 

1. Informational use of the website

You can visit our website and use some of our internet offers without providing any personal information. Whenever a web page is called up, the web server merely automatically stores access data in so-called server log files which are automatically communicated by your browser. This includes data such as the name of the requested file, the last visited website, the date and time of the retrieval, the browser used, the amount of data transmitted, your IP address, the requesting provider etc. Within the scope of a processing procedure on our behalf, a third-party provider provides the services for hosting and displaying the website. This service provider is located within a country in the European Union or the European Economic Area.

For the purpose of a shorter loading time of our online presence, we also use a so-called Content Delivery Network ("CDN"), in which the website is delivered via the web server of a CDN provider working for us within the scope of order processing. Accordingly, access data is also collected on the web servers of the provider.

All access data is stored for a period of 7 days. This data is evaluated solely to ensure interference-free operation of the website, error analysis, and to improve our service. The use of a CDN provider, as well as the procedure described here, serves to safeguard our legitimate interests, which are predominant in the context of a weighing up of interests in accordance with Art. 6 (1) lit. f GDPR regarding the correct representation of our offer.

 

2. Data collection and use for the contract execution

We collect personal data if you provide this to us when contacting us (for example, via a contact form or email), when registering for a user account ("Goethe.de account"), or when you make a booking, for example within the scope of a course or test booking. The specific data collected in detail and that information which is mandatory and that which is voluntary, can be found in the respective input forms.

In these cases, we collect and process the data you have provided for the purpose of carrying out the respective contract, for example, to conduct a placement test for your language courses, or complete a language course including a subsequent examination, as well as to process your inquiries in accordance with Art. 6 (1) lit. b GDPR. Insofar as you have expressly consented to the processing of special data categories in accordance with Art. 9 (a) lit. GDPR, we collect your health data (e.g. allergies) only for the purpose of which you are informed when granting consent.

After complete processing of the respective contract or deletion of your user account, your data will be blocked from further use and deleted after expiry of the statutory fiscal and commercial retention periods. If any statutory fiscal or commercial data retention requirements for individual data do not apply, these will be deleted immediately after the respective contract has been processed. Any other state of affairs is only valid if you have expressly consented to the further use of your data or if we reserve the right to use the data beyond that in a manner permitted by law and about which we will inform you below.

Your account information associated with our learning platform will also be automatically deleted after three years of non-use.


Data transfer for contract execution

As part of the course and exam bookings, your personal data is processed in our central language course management system to which other Goethe-Instituts have access worldwide. This is done to fulfil the contract in accordance with Art. 6 (1) Clause 1 lit. b GDPR and to safeguard our legitimate interests in valid information and correct data records when booking a course in accordance with Art. 6 (1) Clause 1 lit. f GDPR. Insofar as the processing of personal data takes place in countries outside the European Union or the European Economic Area, we, alongside the relevant Goethe-Instituts, have agreed upon the EU standard data protection clauses as a suitable guarantee for data protection within the meaning of Art. 46 (2) lit. c GDPR.

For fulfilment of the contract, we will pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the order process, we will forward payment data collected to the credit institution commissioned with the payment and any payment service providers commissioned by us to process the payments or to the selected payment service. In part, the selected payment service providers will also collect this data themselves, provided that you create an account there. In this case, you must log in to the payment service provider with your access data during the ordering process. In this respect, the privacy policy held by the respective payment service provider applies.

As part of the execution of our contracts with you, for example, through the provision of language courses, we pass your data in part to service providers who process them on our behalf and within the framework of a contract between the Goethe-Institut and the respective service provider for order processing. Such a service provider may, for example, be the provider of a software that the Goethe-Institut uses for contract execution.

 

3. Registration und Goethe.de account

For you to leave comments or contributions, engage with other users, participate in online courses, use learning platforms, purchase products from the online store, borrow digital media, book courses or exams, or use our online services for reference libraries (to research, reserve, or extend loans on book etc.), a registration and creation of a "Goethe.de account" is required. For registration we process your registration data (email address and password), with which you have access to personalized offers of the Goethe-Institut, your granted consents, as well as your country and your preferred language.

 
a) Personal information and content created by you

Compulsory information only pertains to that data which is provided in the context of the creation of the Goethe.de account and which we absolutely need for the implementation of our offers or the execution of any contractual relationship existing with you.

We collect and process the data you have provided in the context of the execution of this contract as per Art. 6 (1) lit. b GDPR

  • to check your application to create a Goethe.de account
  • to provide the free services you participate in (blogs, forums, comments, self-presentation, communities, chats, etc.)
  • to fulfil our obligations under contracts already in existence with you (provision of online courses, the learning platform and the digital media in the context of lending, delivery of products from the webshop as well as conducting courses and exams, library lending contracts).

You may voluntarily provide further personal information and content (so-called user-generated content), such as a photo of you, texts in the form of blog or forum contributions, contributions to discussions, etc. The specific data collected in detail and that information which is mandatory and that which is voluntary, can be found in the respective input forms We process the data voluntarily provided in order to safeguard the predominant common interests in a diverse exchange within the framework of our platform in accordance with Art. 6 (1) lit. f GDPR.

 
b) Personalised marketing

For marketing purposes, we use the data you provide in the user account for a personalised design of our website and internet offers, such as a personal home page and a profile area in which we can present you with suitable offers. This serves to safeguard our predominant legitimate interests in the optimal marketing of our offers in accordance with Art. 6 (1) Clause 1 lit. f GDPR.

 
c) Data publication

If, in accordance with Art. 6 (1) Clause 1 lit. a GDPR, you consent to the processing of your data in order to create a user account, other users may see the data you have left using the Goethe.de account, such as your name or username, your contributions, including creation date and time, your memberships in groups, your friends, your learning lists, your files, your online status, your ratings, the duration of your membership, your gender, and your guestbook entries.

Data / Services Comments Learning platform Deutsch für dich (German for you) Stadt der Wörter (City of Words)
Address     x  
Name     (x)  
Username x   x x
User picture   x x x
Gender     x  
Date of birth     (x)  
Online status     (x) x
Country   x (x) x
Email address   x    
Town/City     (x)  
Duration of your membership     x  
Date and time of the entry x   x  
Your comments and contributions x x x  
Courses in which you participate   x    
Membership/group moderator     x  
Activities in your groups     x  
Your friends        
Your hobbies     (x)  
Personal learning lists        
Files uploaded by you   x    
Language/language level     (x)  
Further data*   if provided by you if provided by you  

*e.g. URL, ICQ, Skype, Phone, AIM, Yahoo!, MSN, ID number, institution, department, phone, mobile phone, address, I am learning German/I teach German, I am interested in the German language, I am looking for a learning partner, I have already completed a course at the Goethe-Institut.

x = visibility cannot be edited
(x) = visibility can be edited.

 
d) Data fusion

Insofar as you have already provided personal data to another service of the Goethe-Institut in the past and provided that you have provided personal data in accordance with Art. 6 (1) Clause 1 lit. a GDPR, we will merge this previously provided data with your data in the internet offers described here which are subject to registration. The same applies in the inverse: Insofar as you wish to use other services of the Goethe-Institut website in the future, we would like to internally provide these services to you via our central customer database so that you can also use these services conveniently without re-entering your data.

 
e) Deletion

If you do not confirm your registration within 7 days, your Goethe.de account will be deleted along with the data provided during registration. If you confirm the registration, a user account will be created in accordance with the present explanation. The deletion of your Goethe.de account and your data stored there is possible at any time and can be done either via a message sent to the contact details provided below or via a designated function in the user account.

 

4. Google Recaptcha and Google Maps

 
a) Google reCAPTCHA

For the purpose of protection against misuse of our web forms as well as against spam we use the Google reCAPTCHA service as part of some forms on this website. By checking a manual entry, this service prevents automated software (so-called bots) from performing abusive activity on the site. In accordance with Art. 6 (1) Clause 1 lit. f the preservation of our justified legitimate interests in the protection of our website against misuse as well as an interference-free representation of our online presence.

Google reCAPTCHA is an offer from Google LLC (www.google.com).

Google LLC is headquartered in the United States. This country has an adequacy ruling from the European Commission. This goes back to the EU US Privacy Shield, under which Google LLC is certified. A current certificate can be viewed here: https://www.privacyshield.gov/list

Google reCAPTCHA uses a code embedded in the website, a so-called JavaScript, as part of the review methods that allow an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website, including your IP address, is usually transmitted to a Google server in the USA and stored there. In addition, other cookies stored by Google services in your browser are evaluated by Google reCAPTCHA.

There is no readout or storage of personal data from the input fields of the respective form. For more information about Google's privacy policy, visit www.google.com/policies/privacy/.

You can prevent Google's collection of the data generated by the JavaScript or the cookie related to your use of the website (including your IP address), as well as the processing of this data by Google, by preventing the running of JavaScripts or setting of cookies in your browser settings. Please note that this may limit the functionality of our web site for your use.

 
b) Google Maps

On our website we use the integration of Google Maps to visualise geographic information. In accordance with Art. 6 (1) Clause 1 lit. f, this serves to safeguard our legitimate interests, which are predominant in the context of a weighing up of interests, in an optimised representation of our offer at individual locations.

Google Maps is an offer from Google LLC (www.google.com).

Google LLC is headquartered in the United States. This country has an adequacy ruling from the European Commission. This goes back to the EU US Privacy Shield, under which Google LLC is certified. A current certificate can be viewed here: https://www.privacyshield.gov/list

When accessing a website that incorporates Google Maps, the Google web server automatically collects access data in so-called server log files, which are automatically communicated by your browser, such as the name of the requested file, the website visited last, date and time retrieval, browser used, amount of data transferred, the IP address, the requesting provider, etc. When using Google Maps, Google also processes data on the use of the Maps functions by visitors to the websites.

For more information about Google's privacy policy and setting options, visit www.google.com/policies/privacy/.

 

5. Data collection and use for the purposes of direct advertising

 
a) Postal advertising

We reserve the right to use your first and last name, your postal address for our own advertising purposes, e.g. to send interesting offers and information about our products by post. This serves to safeguard our legitimate interests, which are predominantly justified in the interests of weighing up our interests, in a promotional approach to our customers in accordance with Art. 6 (1) lit. f GDPR. You can object to the storage and use of your data for these purposes at any time by sending a message to recht@goethe.de widersprechen.

 
b) Email newsletters

If you subscribe to one of our newsletters, we will use the information required or separately provided by you to periodically send you the subscribed email newsletter. The sending of email newsletters takes place on the basis of your separate explicit consent according to Art. 6 (1) lit. a GDPR. For security reasons, we use the so-called double opt-in procedure: We will only send you a newsletter by email if you have previously confirmed your newsletter subscription. For this purpose, we will send you an email confirming the subscription via the link contained therein. We want to make sure that only you as the owner of the specified email address can subscribe to the newsletter.

The newsletter is sent as part of a processing order on our behalf by a service provider, to which we pass on your email address.

You may object to this use of your email address at any time by sending a message to the contact details provided below or through a dedicated link in the email message, without incurring any costs other than the transmission costs according to the basic tariffs.

 

6. Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in an optimised presentation of our offer pursuant to Art. 6 (1) lit. f GDPR. These are small text files that are stored on your device.

Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us to recognise your browser the next time you visit it and possibly enable you to log in automatically (persistent cookies). For example, if you activate the option "Remember me" by ticking a checkmark at goethe.de, a cookie will be set which we will use to recognise you within a certain period of time when calling up goethe.de.

You can view the duration of the persistent cookies via your browser. You can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browser under the following links:

Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Safari™: https://support.apple.com/kb/ph21411?locale=en_US

Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&;hlrm=en&answer=95647

Firefox™: https://support.mozilla.org/en/kb/cookies-allow-and-recognize

Failure to accept cookies may limit the functionality of our website.

 

7. Web analytics

 
a) Webtrekk

We use the services of Webtrekk GmbH (www.webtrekk.com) o collect statistical information about the use of our website, to improve it, to analyse the use of our website and to compile reports on website activities. This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in an optimised representation of our offer pursuant to Art. 6 (1) lit. f GDPR. Cookies can be used. As part of this tracking, pseudonymised usage profiles are created. These will not be combined with personal data about the bearer of the pseudonym without specific, express consent. After purpose and end of the use of Webtrekk by us, the data collected in this context will be deleted.

You can object to this data collection and storage at any time with effect for the future by clicking this button.

So that any objection You may have registered will be taken into account at the time of your next visit to the site, the objection is stored in a cookie on your browser.

In order to be able to consider a declared contradiction on your next page visit, it will be saved in a cookie in your browser. After your opposition, an opt-out cookie will be stored on your device. If you delete your cookies, you must click the link again.

 
b) Google(Universal) Analytics

For website analysis, this website uses Google (Universal) Analytics, a web analytics service provided by Google LLC (www.google.com). This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in order to optimise the representation of our offer in accordance with Art. 6 (1) Clause 1 lit. f GDPR. Google (Universal) Analytics uses methods that allow you to analyze the use of the website, such as cookies. The automatically collected information about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address will be shortened prior to transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The anonymised IP address provided by Google Analytics within the framework of Google Analytics will generally not be merged with other data provided by Google. After purpose and end of the use of Google Analytics by us, the data collected in this context will be deleted.

Google LLC is headquartered in the US and is certified under the EU-US Privacy Shield. A current certificate can be found here. Under the agreement between the US and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.

You can prevent the collection of the data (including your IP address) generated by the cookie and related to your use of the website from Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

Alternatively to the browser plugin you can click this link to prevent Google Analytics tracking on this site in the future. An opt-out cookie is stored on your device. If you delete your cookies, you must click the link again.

 

8. Remarketing

 
a) Google AdWords Remarketing

Google Adwords promotes this site on Google's search results and on third-party websites. For this purpose, when visiting our website, the so-called Remarketing Cookie is set by Google, which automatically allows using a pseudonymous CookieID and, based on the pages you visit, interest-based advertising. This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in the optimal marketing of our website according to Art. 6 (1) lit. f GDPR.

Additional processing will only take place if you have agreed with Google that your web and app browsing history will be linked to your Google Account by Google and information from your Google Account will be used to personalise the ads you see on the web. In this case, when you log in to Google during the page visit to our website, Google uses your data with Google Analytics data to create and define audience lists for cross-device remarketing. To do this, Google will temporarily associate your personal information with Google Analytics data to create target groups. After the expiration and end of the use of Google AdWords Remarketing by us, the data collected in this context will be deleted.

Google AdWords Remarketing is an offer from Google LLC (www.google.com). Google LLC is headquartered in the United States. This country has an adequacy ruling from the European Commission. This goes back to the EU US Privacy Shield, under which Google LLC is certified. A current certificate can be viewed here: https://www.privacyshield.gov/list

You can deactivate the remarketing cookie over this link. You can also inform yourself about the setting of cookies and adjust settings in relation to them via the Digital Advertising Alliance

 
b) DoubleClick

As part of the use of Google Analytics (see above), this website also uses the so-called DoubleClick Cookie, which allows you to recognise your browser when visiting other websites. The information automatically generated by the cookie about visiting this website is transmitted to a Google server in the USA and stored there. The IP address will be shortened by activating the IP anonymisation on this website prior to transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The anonymised IP address provided by Google Analytics within the scope of Google Analytics will not be merged with other data provided by Google. After the expiration and end of the use of Google DoubleClick by us, the data collected in this context will be deleted.

Google will use this information to compile reports on website activity and to provide other website-related services. This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in the optimal marketing of our website according to Art. 6 (1) lit. f GDPR. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google.

Google Double Click is an offer from Google LLC (www.google.com).

Google LLC is headquartered in the United States. This country has an adequacy decision by the European Commission. This goes back to the EU US Privacy Shield, under which Google LLC is certified. A current certificate can be viewed here: https://www.privacyshield.gov/list

You can deactivate the DoubleClick cookie via this link. You can also inform yourself about the setting of cookies and adjust settings in relation to them via the Digital Advertising Alliance.

 
c) Google Tag Manager

We also use Google Tag Manager to manage the usage-based advertising services. This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in the optimal marketing of our website according to Art. 6 (1) lit. f GDPR. The Tag Manager tool itself is a cookie-free domain and does not collect personally identifiable information. Rather, the tool is responsible for triggering other tags that may collect data (see above).

Google Tag Manager is an offer from Google LLC (www.google.com). Google LLC is headquartered in the United States. This country has an adequacy ruling from the European Commission. This goes back to the EU US Privacy Shield, under which Google LLC is certified. A current certificate can be viewed here: https://www.privacyshield.gov/list

If you've opted out at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

 
d) Facebook Retargeting

Via Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA), we advertise this site on the Facebook platform. For this purpose, when visiting our website, a cookie is set by Facebook, which enables interest-based advertising by means of a pseudonymous CookieID and based on the pages you visit. This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in the optimal marketing of our website according to Art. 6 (1) lit. f GDPR.

As a Facebook member, you can deactivate the Retargeting Cookie via the following link.

https://www.facebook.com/ads/website_custom_audiences/

Alternatively, you can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. Failure to accept cookies may limit the functionality of our website.

 

9. Social Networks

 
a) Use of social plugins and widgets from Facebook, Twitter, Google+, Instagram and VKontakte using the Shariff solution

Our website uses social buttons and widgets from social networks.

In order to increase the protection of your data when visiting our website, these buttons and widgets are not unrestricted, but merely integrated into the site using an HTML link. This integration ensures that when you visit a page of our website that contains such buttons, no connection with the servers of the provider of the respective social network is established.

Clicking on one of the buttons opens a new window in your browser and calls up the page of the respective service provider on which you can (after entering your login data, if required), for example, hit the Like or Share button.

For more information on the purpose and scope of the data collection and the further processing and use of the data by the providers on their pages, as well as for contact details and your related rights and settings options to protect your privacy, please refer to the provider's privacy policy:

Data protection notes from Facebook
Data protection notes from Twitter
Data protection notes from Google
Data protection notes from Instagram
Data protection notes from VKontakte
 
b) Using widgets from Spotify and Soundcloud

On our website so-called widgets are used by the networks Spotify and Soundcloud for the purpose of an interactive design of our content. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6 (1) Clause 1 lit. f GDPR.

When you visit a page on our website that contains such a widget, your browser connects directly to the Spotify or Soundcloud servers. The content of the widget is transmitted by the respective provider directly to your browser and integrated into the page. By integrating the widgets, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider and stored there.

If you are logged in to one of the services, the providers can directly assign the visit to our website to your profile in the respective social network. If you interact with the widgets, for example, to play content, the corresponding information is also transmitted directly to a server of the provider and stored there.

The information can also be published on the social network and displayed there to your contacts.

For more information on the purpose and scope of the data collection and the further processing and use of the data by the provider, as well as contact details and your related rights and settings options to protect your privacy, please refer to the privacy policy of the provider.

Spotify AB: https://www.spotify.com/de/legal/privacy-policy/

SoundCloud Limited: https://soundcloud.com/pages/privacy

If you do not want the social networks to map the data collected via our website directly to your profile in the respective service, you can also completely prevent the loading of the widgets with add-ons for your browser, for example, with the script blocker "NoScript" (http://noscript.net/).

 
c) Youtube and Vimeo video plugins

For the purpose of an interactive design of our content on Youtube and Vimeo, third-party content is integrated into this website. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6 (1) Clause 1 lit. f GDPR.

Youtube is operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").

Vimeo is operated by Vimeo LLC, 555 West 18th Street, NY, New York 10011, USA.

In order to increase the protection of your data when visiting our website, the plugins are integrated into the site so that they can only be activated by an additional click. This integration ensures that when you visit a page of our website that contains such plugins, no connection is established with the servers of the respective social network. Only when you activate the plugins does your browser establish a direct connection to the servers of the respective social network. 

The content of the respective plugin is then transmitted directly to your browser by the associated provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the corresponding provider or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider (possibly in the USA) and stored there.

If you interact with the plugins, for example, by clicking the "Like" button, the corresponding information is also transmitted directly to a server of the provider and stored there.

For videos from Vimeo which are integrated on our site, the tracking tool Google Analytics is automatically integrated. We have no influence on the analysis results obtained from this and nor can we view them. In addition, the embedding of Vimeo videos allows web beacons to be set on the website visitors upon activation of said videos. To prevent the setting of Google Analytics tracking cookies, you can take the usual precautions to disable Google Analytics. For more information, see the web analytics section.

For more information on the purpose and extent of the data collection and the further processing and use of the data by the provider, as well as your related rights and setting options to protect your privacy, please refer to the privacy policy of the provider:

Youtube / Google: https://www.google.com/intl/en/policies/privacy/
Vimeo: https://vimeo.com/privacy

 

10. Data Distribution to third parties

 
a) Data transfer to Goethe-Instituts

Insofar as a Goethe-Institut is responsible for you at home or abroad, or if you have registered for a relevant service, your data will be transmitted to this Goethe-Institut, insofar as you have consented to this pursuant to Art. 6 (1) Clause 1 lit. a GDPR.

n the event that you are excluded from an examination by the Goethe-Institut due to one of the reasons stated in the examination regulations, the Goethe-Institut will impose a one-year block exemption on the exam portfolio of the Goethe-Institut worldwide; for the purpose of enforcing this measure (checking compliance with an imposed test ban), your data will be passed on to the Goethe-Institut examination centres (see § 2 of the Examination Regulations) worldwide and processed in them. This is done on the basis of the execution of the joint contract to provide an examination pursuant to Art. 6 (1) lit. b GDPR. To the extent that personal data processing takes place in countries outside the European Union or the European Economic Area, this is also based on the necessity of data transfer for the execution of this contract.

 
b) Data transfer to the central examination archive

If you have consented to it in accordance with Art. 6 (1) Clause 1 lit. a GDPR, for the purpose of checking the authenticity and issuing replacement certificates, data relating to the examinations you have taken will be stored and used in the central examination archive (for a maximum of 10 years).

 
c) Data transfer to German foreign embassies

For certain visa procedures (for example, spousal reunification, study), German foreign embassies require proof from the applicant of his/her German language skills.

If the Federal Republic of Germany demands it of the state from which the test participant comes, it is necessary that the test participant consent to the transmission of the following personal data, as well as data regarding the completed examination for checking during the visa procedure, to the relevant foreign embassy:

  • Personal data (name, date of birth)
  • Passport copies/scans
  • Photo of the exam participant
  • Information about the exam taken: Certificate number, examination result, documents for examination registration, examination documents.

 

11. Data protection

We protect our website and other systems through technical and organisational measures against the loss, destruction, access, modification or dissemination of your data by unauthorised persons, such as during the creation of the Goethe.de account or a later login through an SSL encryption.

 

12. Your rights and data protection contact information

As a data subject, you have the following rights:

  • according to Art. 15 GDPR, you have the right to demand information on the personal data processed by us in the scope specified therein;
  • in accordance with Art. 16 GDPR, you have the right to demand without delay the correction of incorrect personal data or completion of personal data stored with us;
  • according to Art. 17 GDPR, you have the right to demand the deletion of your personal data stored by us, unless further processing is required
    • to exercise the right to freedom of expression and information;
    • to fulfil a legal obligation;
    • for reasons of public interest or
    • to assert, exercise or defend legal claims
  • according to Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data, insofar as
    • the accuracy of the data is disputed by you;
    • the processing is illegal, but you reject its deletion;
    • we no longer need the data, but you need it for asserting, exercising or defending legal claims, or
    • you have filed an objection against the processing in accordance with Art. 21 GDPR;
  • according to Art. 20 GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, common and machine-readable format, or to request the transfer to another responsible party;
  • according to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

If you have any questions regarding the collection, processing or use of your personal data, information, correction, restriction of, processing or deletion of data, and revocation of any consent granted or objection to a particular use of data and the right to data portability, please contact our company data protection officer:

Die Datenschutzbeauftragte
Goethe-Institut e.V.
Dachauer Str. 122
80637 München
datenschutz@goethe.de

 

13. Right of objection

To the extent that we process personal data as explained above in order to safeguard our legitimate interests, which are predominant in the context of a weighing up of interests, you can object to this processing with effect for the future. If the processing is for the purpose of direct marketing, you can exercise this right at any time as described above. Insofar as the processing takes place for other purposes, you are only entitled to a right of objection if there are reasons that arise from your particular situation.

After exercising your right to object, we will not further process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.

This does not apply if the processing is for direct marketing purposes. In that case we will not process your personal data for this purpose.