Data privacy

Data Protection Rules and Consents

Goethe-Institut e.V., Oskar-von-Miller-Ring, 18, 80333 Munich ("Goethe Institute" or "we"), as the operator of the website www.goethe.de (the "Website"), is the controller of the personally identifiable data of the users ("You") of the Website within the meaning of the EU General Data Protection Regulation (GDPR) and the German data protection laws, in particular the Federal Data Protection Act (BDSG).

Contents

  1. Use of the website for information purposes
  2. Data collection and use for the execution of the contract
  3. Registration and Goethe.de-account
    a) Data about your person and contents created by you
    b) Personalised marketing
    c) Data publication
    d) Data exchange between our language course management system and your  Goethe.de-account
    e) Deletion
  4. Google reCAPTCHA and Google Maps
    a) Google reCAPTCHA
    b) Google Maps
  5. Data collection and use for direct marketing purposes
    a) Postal advertising
    b) Email newsletter
  6. Cookies
  7. Web Analysis
    a) Webtrekk
    b) Google(Universal) Analytics
    c) Use of the Yandex-Metrica analysis software
    d) Google Tag Manager
  8. Social Networks
    a) Use of social plugins und widgets of Facebook, Twitter, Google+, Instagram and VKontakte using the Shariff solution
    b) Use of Spotify and Soundcloud widgets
    c) Embedding and display of social media content
    d) YouTube and Vimeo video plugins
    e) Our online presence on social media
  9. Data transfer to third parties
    a) Transfer of data to Goethe-Instituts
    b) Data transfer to the central examination archive
  10. Data security
  11. Your rights and how to contact us
  12. Right of objection
The Goethe-Institut takes the protection of your data very seriously. With this privacy notice, we would like to inform you in a transparent manner which personally identifiable data ("your data") we collect, process and use about you when you visit our online presence and/or use the Goethe Institute's Website.  

1. USE OF THE WEBSITE FOR INFORMATION PURPOSES

You can visit our Website and use some of our Internet offerings without providing any personal information. Whenever you access a website, the web server merely automatically stores access data in server log files, which are automatically communicated by your browser, such as the name of the requested file, the last website visited, the date and time of the access, the browser used, the amount of data transferred, the IP address, the requesting provider, etc. Within the scope of processing on our behalf, a third party provider renders the services for hosting and displaying the Website for us. This service provider is located within a Member State of the European Union or the European Economic Area.

For the purpose of shortening the loading time of our online presence, we also use a Content Delivery Network ("CDN"), in which the website is delivered via the web server of a CDN provider who works for us in the context of order processing. Access data is also collected accordingly on the provider's web servers.

All access data is stored for a period of 7 days. This data is evaluated exclusively to ensure the trouble-free operation of the website, error analysis and to improve our offerings. The use of a CDN provider, as well as the procedure described here, serves to safeguard our overriding legitimate interests in the correct presentation of our offering in accordance with Art. 6 (1) sentence 1 (f) GDPR.
 

 2. DATA COLLECTION AND USE FOR THE EXECUTION OF THE CONTRACT

We collect personally identifiable data if you provide us with this information when contacting us (e.g. via contact form or email), when registering for a user account ("Goethe.de account") or in the course of your booking, for example when booking a course or examination. Which data is collected in detail and which information is mandatory and which is voluntary can be seen from the respective input forms.

In these cases, we collect and process the data provided by you in order to execute the respective contract, for example to carry out a placement test with regard to your language courses or a language course including a subsequent examination, and to process your enquiries in accordance with Art. 6 (1) sentence 1 (b) GDPR. Insofar as you have expressly consented to the processing of special categories of data in accordance with Art. 9 (2) (a) GDPR, we will collect your health data (e.g. allergies) exclusively for the purpose communicated to you upon consent.

your data will be blocked for further use and deleted after the expiry of the mandatory retention periods under tax and commercial law. Should tax or commercial law retention obligations not apply to individual data, this will be deleted immediately after the respective contract has been executed. The only exception to this is if you have expressly consented to further use of your data or if we reserve the right to use your data for any other purpose that is permitted by law and about which we inform you below.

Your account data in connection with our learning platform will also be automatically deleted after three years of non-use.

Data transfer for contract execution

Within the framework of course and examination bookings, your personally identifiable data will be processed in our central language course management system, to which other Goethe Institutes generally have access, unless access is not permitted under local law. This is done in order to process the contract in accordance with Art. 6 (1) sentence 1 (b) GDPR, as well as to safeguard our predominantly legitimate interests in valid information and correct data records when booking a course in accordance with Art. 6 (1) sentence 1 (f) GDPR. Insofar as personally identifiable data is processed in countries outside the European Union or the European Economic Area in this respect, we have agreed the EU standard data protection clauses with the Goethe Institutes concerned as a suitable guarantee within the meaning of Art. 46 (2) (c) GDPR for the protection of data.

In order to fulfil the contract, we will pass on your data to the company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods or the provision of ordered services. Depending on which payment service provider you select in the order process, we will pass on the payment data collected for this purpose to the bank commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the selected payment service for the processing of payments. In some cases, the selected payment service providers also collect this data themselves if you open an account there. In this case, you must log on to the payment service provider with your access data during the ordering process. In this respect, the data protection declaration of the respective payment service provider applies. When making a booking in our online shop, the payment data you enter goes directly to the payment service provider commissioned. We have no access to this data at any time.

Insofar as the payment service provider processes your personally identifiable data for the purpose of payment processing, e.g. for the processing of credit card payments, as a controller in the sense of Art. 4 (7) GDPR, we will provide you with information which the payment service provider must provide in accordance with Art. 13, 14 GDPR.
This informationen can be found here.

As part of the execution of our contracts with you, for example, for the provision of language courses, we sometimes pass on your data to service providers who process them on our behalf and within the framework of a contract existing between the Goethe Institute and the respective service provider for order processing. Such a service provider may, for example, be the provider of software that the Goethe Institute uses to execute the contract. 

3. REGISTRATION AND GOETHE.DE ACCOUNT

If you wish to leave comments or make posts, exchange information with other users, take part in online courses, use learning platforms, purchase products from the online shop, borrow digital media and book courses or examinations or use our online services for reference libraries (researching or reserving books, renewing, etc.), registration and creation of a "Goethe.de account" is required. To register, we process your login data (email address and password), which gives you access to personalised Goethe Institute offers, the consents you have given, as well as your country and preferred language.

  a) Data about your person and contents created by you
In the course of creating the Goethe.de account, only the data that we require for the execution of our offers or any contractual relationship with you is mandatory.

We collect and process the data provided by you within the scope of the contract execution of this user contract according to Art. 6 (1) sentence 1 (b) GDPR
  • to check your application for a Goethe.de account
  • to provide the free services in which you participate (blogs, forums, comment function, self-presentation, communities, chats, etc.)
  • to fulfil our obligations arising from contracts that exist with you (provision of the online courses, the learning platform and the digital media as part of the loan, delivery of products from the web shop as well as conducting courses and examinations, library loan contracts).
You can voluntarily provide further information about your person as well as enter content (so-called user generated content), such as a photo of you, texts in the form of blog or forum posts, discussion posts, etc. Which data is collected in detail and which information is mandatory and which is voluntary can be seen from the respective input forms. We process the voluntarily provided data in order to protect the predominant common interests in a diverse exchange within the framework of our platform in accordance with Art. 6 (1) sentence 1 (f) GDPR.

  b) Personalised marketing
For marketing purposes, we also use the data you provide in your user account for a personalised design of our website and Internet offerings, e.g. a personal homepage and a profile area in which we present offers suited to you. This serves to safeguard our overriding legitimate interests in the optimal marketing of our offers in accordance with Art. 6 (1) sentence 1 (f) GDPR.

  c) Data publication
Some of the data you store using the Goethe.de account is visible to other users. This includes, for example, your name or username, your posts including creation date and time, your group memberships, your friends, your learning lists, your files, your online status, your ratings, the duration of your membership, your gender and your guestbook entries. The publication of the data is required in accordance with Art. 6 (1) sentence 1 (b) GDPR in order to be able to provide you with the contractually agreed functions of our platform.
 

 
x Username
x Date and time of the entry
x Your comments and posts

x = Visibility cannot be edited.
 
x Name
x User picture
x** Gender
x** Date of birth
x** Online status
x Country
x Email address
x** Location
x Date and time of the entry
x Your comments and posts
x Kurse, an denen Sie teilnehmen
x Files you have uploaded
g Further data*

* = e.g. I am learning German / I teach German, my interest in the German language, I am looking for learning partners, I have already completed a course at the Goethe-Institut.

** = Only visible for tutors, not for other participants

x = Visibility cannot be edited

g = If provided by you

 
 
 
 
x Title
(x) Name
x Username
x User picture
x Gender
(x) Date of birth
(x) Online status
(x) Country
(x) Location
x Duration of your membership
x Date and time of the entry
x Your comments and posts
x Membership/ moderator role in groups
x Activities in your groups
(x) Your interests
(x) Language / Language level
g Further data*

* = e.g. I am learning German / I teach German, my interest in the German language, I am looking for learning partners, I have already completed a course at the Goethe-Institut.

x = Visibility cannot be edited
(x) = Visibility can be edited.
g = If provided by you
x Username
x User picture
x Online status
x Country

x = Visibility cannot be edited.

 
 
 
 
x Name
(x) User picture
(x) Country
(x) Location
x Date and time of the entry
x Your comments and posts
x Membership/ moderator role in groups
x Activities in your groups
(x) Your interests
(x) Placement country
(x) Start date of the placement
(x) End date of the placement
(x) University
(x) Subjects
(x) Type of school studied at
(x) Previous engagements
x Your accumulated score

x = Visibility cannot be edited
(x) = Visibility can be edited.

 
x Username
x Date and time of the entry
x Your comments and posts

x = Visibility cannot be edited.
 
x Name
x User picture
x** Gender
x** Date of birth
x** Online status
x Country
x Email address
x** Location
x Date and time of the entry
x Your comments and posts
x Kurse, an denen Sie teilnehmen
x Files you have uploaded
g Further data*

* = e.g. I am learning German / I teach German, my interest in the German language, I am looking for learning partners, I have already completed a course at the Goethe-Institut.

** = Only visible for tutors, not for other participants

x = Visibility cannot be edited

g = If provided by you

 
 
 
 
x Title
(x) Name
x Username
x User picture
x Gender
(x) Date of birth
(x) Online status
(x) Country
(x) Location
x Duration of your membership
x Date and time of the entry
x Your comments and posts
x Membership/ moderator role in groups
x Activities in your groups
(x) Your interests
(x) Language / Language level
g Further data*

* = e.g. I am learning German / I teach German, my interest in the German language, I am looking for learning partners, I have already completed a course at the Goethe-Institut.

x = Visibility cannot be edited
(x) = Visibility can be edited.
g = If provided by you
x Username
x User picture
x Online status
x Country

x = Visibility cannot be edited.

 
 
 
 
x Name
(x) User picture
(x) Country
(x) Location
x Date and time of the entry
x Your comments and posts
x Membership/ moderator role in groups
x Activities in your groups
(x) Your interests
(x) Placement country
(x) Start date of the placement
(x) End date of the placement
(x) University
(x) Subjects
(x) Type of school studied at
(x) Previous engagements
x Your accumulated score

x = Visibility cannot be edited
(x) = Visibility can be edited.


  d) Data exchange between our language course management system and your Goethe.de account
To enable our course and examination management to view the information and results contained in your Goethe.de account, a data exchange (pairing) takes place between our course and examination management software and your Goethe.de account. In accordance with Art. 6 (1) sentence 1 (f) GDPR, this serves to safeguard our legitimate interest – in the context of a balancing of interests – in linking the data records in order to enable you to have uniform master data management and an overview of the courses and examinations you have booked, also on our website.

  e) Deletion
If you do not confirm your registration within 7 days, your Goethe.de account will be deleted along with the data you provided during registration. If you confirm the registration, a user account will be created according to the present explanations. This does not apply to Goethe.de accounts that were created as part of a booking in the web shop. These will remain permanently unless you request their deletion. You can delete your Goethe.de account and the data you have left there at any time and can be done either by sending a message to the contact option described below or by using a function in the user account provided for this purpose.
 


4. Google Recaptcha und Google Maps

  a) Google reCAPTCHA
For the purpose of protection against misuse of our web forms as well as against spam, we use the Google reCAPTCHA service in some forms on this website. By verifying a manual entry, this service prevents automated software (bots) from carrying out abusive activities on the website. In accordance with Art. 6 (1) sentence 1 (f) GDPR, this serves to protect our legitimate interests in the protection of our website from misuse and in the trouble-free presentation of our online presence.
Google reCAPTCHA is an offer from Google Ireland Limited, a company incorporated and regulated under Irish law, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield. Google reCAPTCHA uses a code embedded in the website, known as JavaScript, as part of the verification methods that allow an analysis of the use of the website by you, such as cookies. The automatically collected information about your use of this website, including your IP address, is usually transferred to a Google server in the USA and stored there. In addition, other cookies stored in your browser by Google services are evaluated by Google reCAPTCHA.

Personally identifiable data is not read out or saved from the input fields of the respective form. Further information on Google's privacy policy can be found at www.google.com/policies/privacy/.

You can prevent Google from collecting the data generated by the JavaScript or cookie and relating to your use of the website (including your IP address) and from processing this data by Google by preventing JavaScript or the setting of cookies in your browser settings. Please note that this may limit the functionality of our website for your use.

  b) Google Maps
On our website we use the integration of Google Maps to visually display geographical information. In accordance with Art. 6 (1) sentence 1 lit. f GDPR, this serves to safeguard our overriding legitimate interests in an optimised presentation of our offering at individual locations when weighing up the interests involved.

Google Maps is an offer from Google Ireland Limited, a company incorporated and regulated under Irish law, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).

Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield. When you access a website on which Google Maps is integrated, Google's web server also automatically collects access data in server log files, which are automatically communicated by your browser, such as the name of the requested file, the last website visited, the date and time of the access, the browser used, the amount of data transferred, the IP address, the requesting provider, etc. When using Google Maps, Google also processes data on the use of the Maps functions by visitors to the website.

Further information about Google's privacy policy and settings options can be found at https://policies.google.com/privacy.

 

5. DATA COLLECTION AND USE FOR DIRECT MARKETING PURPOSES

  a) Postal advertising
We reserve the right to use your first and last name and your postal address for our own advertising purposes, e.g. to send you interesting offers and information on our products by post. This serves to safeguard our overriding legitimate interests in addressing our clients in advertising in accordance with Art. 6 (1) (f) GDPR. You can object to the storage and use of your data for these purposes at any time by sending a message to datenschutz@goethe.de.

  b) Email newsletter
If you subscribe to one of our newsletters, we use the data required for this purpose or data provided separately by you to send you the subscribed email newsletter on a regular basis. The sending of email newsletters takes place on the basis of your separate express consent in accordance with Art. 6 (1) sentence 1 (a) GDPR. For security reasons, we use the double opt-in procedure: We will only send you a newsletter by email if you have previously confirmed your newsletter registration. For this purpose, we will send you an email confirming your subscription via the link contained therein. This is to ensure that only you, as the owner of the email address provided, can subscribe to the newsletter.

The newsletter may be sent via an external service provider to whom we pass on your email address for this purpose. In such cases, the processing is carried out on our behalf. You can object to this use of your email address at any time by sending a message to the contact option described below or via a link provided for this purpose in the advertising email, without incurring any costs other than the transmission costs according to the basic rates.

If the service provider is based in the USA, we always ensure that it is certified in accordance with the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.  

6. COOKIES

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages. This serves to safeguard our overriding legitimate interests in an optimised presentation of our offering in accordance with Art. 6 (1) sentence 1 (f) GDPR. These are small text files that are stored on your end device.

Some of the cookies used by us are deleted again after the end of the browser session, i.e. after closing your browser (session cookies). Other cookies remain on your end device and enable us to recognise your browser on your next visit and, if necessary, to enable you to log in automatically (persistent cookies). If, for example, you activate the option "Remain logged in" by placing a check mark when logging in to goethe.de, a cookie will be set that enables us to recognise you when you visit the goethe.de site within a certain period of time.

You can view the duration of the persistent cookies via your browser. You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser is different in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

If cookies are not accepted, the functionality of our website may be limited.
 

7. WEB ANALYSIS

  a) Webtrekk
We use the services of Webtrekk (www.webtrekk.com), to collect statistical data on the use of our website, to improve it, to enable an analysis of the use of our website and to compile reports on website activities. This serves to safeguard our overriding legitimate interests in an optimised presentation of our offering in accordance with Art. 6 (1) sentence 1 (f) GDPR. Cookies can be used for this purpose. Within the framework of this tracking, pseudonymised user profiles are created. These will not be merged with personally identifiable data about the bearer of the pseudonym without explicit consent to be granted separately.  After discontinuation of the purpose and end of the use of Webtrekk by us, the data collected in this context will be deleted.
You can object to this data collection and storage at any time with effect for the future by clicking this button.



In order to be able to consider a declared objection during your next visit to the site, this will be stored in a cookie in your browser. After your objection, an opt-out cookie is placed on your end device. If you delete your cookies, you will have to click the link again.

  b) Google(Universal) Analytics
For website analysis, this website uses Google (Universal) Analytics, a web analysis service of Google Ireland Limited (www.google.de). This serves to safeguard our overriding legitimate interests in an optimised presentation of our offering in accordance with Art. 6 (1) sentence 1 (f) GDPR. Google (Universal) Analytics uses methods that enable an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is usually transferred to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address is shortened before transmission within the member states of the European Union or in other Member States that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. The anonymised IP address provided by your browser in the context of Google Analytics will in principle not be merged with other Google data. After discontinuation of the purpose and end of the use of Google Analytics by us, the data collected in this context will be deleted.
 
Google Ireland Limited is a company incorporated and regulated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).
Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.

You may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Alternatively to the browser plugin, you can click on this link to prevent the collection by Google Analytics on this website in future. An opt-out cookie is then placed on your end device. If you delete your cookies, you will have to click the link again.

  c) Use of the Yandex-Metrica analysis software
We use Yandex.Metrica, a web analysis and click tracking and website optimisation service of the company Yandex Oy, Moreenikatu 6, 04600 Mantsala, Finland.

Yandex.Metrica allows us to analyse the movements of users on our website and their interactions with individual elements of the website, to understand how our website is used and which functions and content are of particular interest to users. This enables us to evaluate and optimise the functions and content of our website. Since the results of these tests are more accurate if the interaction of users can be tracked over a period of time (e.g. if the same users use certain functions or content repeatedly), cookies are stored on the users' computers. The IP address of the user is also recorded, but shortened by the last two digits, i.e. pseudonymised. Furthermore, data is collected on the devices, systems and browsers used by users, as well as on the times of use and the online sources from which users access our websites or destinations to which they leave our websites.

The information collected with the help of Yandex.Metrica is processed solely on our behalf and according to our instructions. For this purpose, we and Yandex Oy have concluded a contract processing agreement pursuant to Art. 28 GDPR
(https://yandex.com/legal/metrica_agreement/)

Insofar as the data is processed in third countries (i.e. outside the European Union or the European Economic Area), this will only be done if compliance with a level of data protection in conformity with the GDPR is guaranteed. In addition, a contract based on standard data protection clauses in accordance with the EU Commission's requirements was agreed in particular between Yandex Oy and YANDEX LLC, 16 Lva Tolstogo st., Moscow, 11 902 1, Russia, which is responsible for processing the data.

The personally identifiable data of users is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) sentence 1 (f)) GDPR.

Further information about Yandex.Metrica, can be found in the privacy policy of the provider: https://yandex.com/legal/privacy/.

If you wish to object to the processing of your data by Yandex.Metrica (opt-out) on all websites where Yandex.Metrica is used, you can install the browser plugin for this purpose:

https://yandex.com/support/metrica/general/opt-out.html

  d) Google Tag Manager
We use the Google Tag Manager to manage usage-based advertising services. This serves to safeguard our overriding legitimate interests in optimised marketing of our website in accordance with Art. 6 (1) sentence 1 (f) GDPR. The Tag Manager tool itself is a cookie-free domain and does not collect any personally identifiable data. Instead, the tool triggers other tags, which in turn may collect data.

Google Tag Manager is an offer from Google Ireland Limited, a company incorporated and regulated under Irish law, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).  Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.

If you have disabled it at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.
 

8. SOCIAL NETWORKS

  a) Use of social plugins and widgets from Facebook, Twitter, Google+, Instagram and VKontakte using the Shariff solution
Social buttons and widgets from social networks are used on our website.

In order to increase the protection of your data when visiting our website, these buttons and widgets are not fully integrated into the page, but only by using an HTML link. This integration ensures that when a page of our website containing such buttons is accessed, no connection is yet established with the servers of the provider of the respective social network.

If you click on one of the buttons, a new window of your browser opens and accesses the page of the respective service provider, where you can press the Like or Share button, for example (if necessary after entering your login data).

The purpose and scope of data collection and the further processing and use of data by the providers on their sites, as well as a contact option and your rights and settings options for the protection of your privacy, can be found in the privacy policy of the providers:

https://www.facebook.com/policy.php
https://twitter.com/privacy
https://www.google.com/intl/de/+/policy/+1button.html
https://help.instagram.com/155833707900388
https://vk.com/privacy/eu
   
b) Use of Spotify and Soundcloud widgets
On our website, we use widgets from the Spotify and Soundcloud networks for the purpose of making our content interactive. This serves to protect our overriding legitimate interest in a multimedia presentation of our offering and our activities in accordance with Art. 6 (1) sentence 1 (f) GDPR.

When you visit a page on our site that contains such a widget, your browser will connect directly to the Spotify or Soundcloud servers. The content of the widget is transmitted by the respective provider directly to your browser and integrated into the page. By integrating the widgets, the providers receive the information that your browser has called up the corresponding page of our website, even if you do not have a profile or are not logged in at the moment. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider and stored there.

If you are logged in to one of the services, the providers can directly assign the visit to our website to your profile in the respective social network. When you interact with the widgets, for example when you play content, the corresponding information is also transmitted directly to a server of the providers and stored there.

The information can also be published in the social network and displayed to your contacts.

The purpose and scope of data collection and the further processing and use of data by the providers, as well as a contact option and your rights and settings options for the protection of your privacy, can be found in the privacy policy of the providers.

Spotify AB: https://www.spotify.com/de/legal/privacy-policy/
SoundCloud Limited: https://soundcloud.com/pages/privacy

If you do not want the social networks to associate the data collected via our website directly with your profile in the respective service, you can also completely prevent the widgets from loading with add-ons for your browser, e.g. with the script blocker "NoScript" (https://noscript.net/)."   

c) Embedding and display of social media content
Twitter, Instagram und Facebook
On our website, especially in the context of articles by the Goethe Institute, content (posts, comments and/or channels) from Twitter, Instagram and Facebook can be displayed using social plugins.

The integration is based on Embetty (Heise Medien GmbH & Co. KG, Article about Embetty). This ensures that there is no direct communication between the client and the respective social media service. Only when you interact with content (e.g. commenting, liking), you immediately log in to the social media service and a data transfer takes place. This may include the following data:
  • Visited website
  • Browser informationen
  • Informationen about he operating system
  • IP address

Disable Plugin

Twitter

Revoke consent for Twitter Consent successfully revoked

Instagram

Revoke consent for Instagram Consent successfully revoked


Content from other social networks
In addition, content from other social networks (e.g. Spotify and Soundcloud) can be displayed using social plugins. Via the social plugins, a direct connection can be established to the servers of the respective network, whereupon data is transmitted to the provider. This may include the following data:
  • Visited Website
  • Browser informationen
  • Information about the operating system
  • IP address
This serves to protect our overriding legitimate interest in a multimedia presentation of our offering and our activities in accordance with Art. 6 (1) sentence 1 (f) GDPR.

  d) YouTube and Vimeo video plugins
On this website, content from third parties is integrated via YouTube and Vimeo for the purpose of interactive design of our content.

YouTube is operated by Google Ireland Limited, a company incorporated and regulated under Irish law, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. ("Google").

Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA.

To increase the protection of your data when visiting our website, the plugins are integrated into the page in such a way that they can only be activated by an additional click. This integration ensures that when a page of our website containing such plugins accessed, no connection is yet established with the servers of the respective social network. Only when you activate the plugins does your browser establish a direct connection to the servers of the respective social network.

The content of the respective plugin is then transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has called up the corresponding page of our website, even if you do not have a profile with the corresponding provider or are not logged in at the moment. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider (possibly in the USA) and stored there.

When you interact with the plugins, for example by clicking the "Like" button, the corresponding information is also transmitted directly to a server of the providers and stored there.

When you activate a plugin, a cookie is set in your browser. You can undo the activation by clicking the button or slider provided for this purpose. This will delete the cookie.

Disable Plugin

Youtube

Revoke consent for Youtube Consent successfully revoked

Vimeo

Revoke consent for Vimeo Consent successfully revoked

For videos from YouTube that are embedded on our site, the advanced privacy setting is enabled. This means that no information is collected and stored from website visitors to YouTube unless they are playing the video.

Videos from Vimeo that are embedded on our site have the tracking tool Google Analytics automatically integrated. We have no influence on the results of the analysis and cannot view them. In addition, by embedding Vimeo videos, web beacons are set for website visitors when they activate them. To prevent the Google Analytics tracking cookies from being set, you can take the usual precautions to deactivate Google Analytics. For more information, see the section on web analysis.

This serves to protect our overriding legitimate interest in a multimedia presentation of our offering and our activities in accordance with Art. 6 (1) sentence 1 (f) GDPR. The purpose and scope of data collection and the further processing and use of data by the providers and your rights and settings options for the protection of your privacy, can be found in the privacy policy of the providers:

YouTube / Google: https://www.google.de/intl/de/policies/privacy/ 
Vimeo: https://vimeo.com/privacy

  e) Our online presence on social media
Our presence in social networks and platforms serves the purposes of better, active communication with our customers and interested parties. We provide information there about our products.

When you visit our online presence on social media, your data may be automatically collected and stored for market research and advertising purposes. From this data, usage profiles are created using pseudonyms. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests. For this purpose, cookies are usually used on your end device. These cookies store the visitor behaviour and interests of the users. In accordance with Art. 6 (1) sentence 1 lit. f GDPR, this serves to safeguard our overriding legitimate interests in an optimised presentation of our offering and effective communication with customers and interested parties when weighing up the interests involved. If you are asked by the respective social media platform operators for consent (permission) to data processing, e.g. by means of a checkbox, the legal basis for data processing is Art. 6 (1) sentence 1 (a) GDPR.

Insofar as the aforementioned social media platforms have their headquarters in the USA, the following applies: The European Commission has issued an adequacy decision for the US. This goes back to the EU-US Privacy Shield. A current certificate for the respective company can be viewed here.
For detailed information on the processing and use of data by the providers on their websites, as well as a contact option and your rights and settings options for the protection of your privacy, in particular opt-out options, please refer to the providers' privacy policies linked below. If you still need help in this regard, you can contact us.

Facebook: https://www.facebook.com/about/privacy/     
Possibility of appeal (opt-out):
Facebook: https://www.facebook.com/settings?tab=ads  
 

9. DATA TRANSFER TO THIRD PARTIES

  a) Transfer of data to Goethe-Instituts
Once your Goethe.de account has been set up, administrators of the responsible Goethe Institute abroad will be given access to the data stored in your account. The data processing that takes place in this context serves on the one hand the purposes of the administrative processing of user data, e.g. rectification/blocking/deletion or assignment of roles and authorisations within the system. The legal basis for the contract fulfilment is Article 6 (1) sentence 1 (f) GDPR. Furthermore, in accordance with Art. 6 (1) sentence 1 (f) GDPR, this serves to safeguard our overriding legitimate interests in valid information and correct data records in our system. On the other hand, user data (in anonymous form) can be used to improve our website. In accordance with Art. 6 (1) sentence 1 (f) GDPR, this serves to safeguard our overriding legitimate interests in optimising our offering.

Insofar as personally identifiable data is transferred to a Goethe Institute in a third country and there no adequacy decision has been issued by the European Commission in accordance with Art. 45 (1) GDPR, the data transfer is carried out on the basis of standard data protection clauses issued by the European Commission as appropriate guarantees in accordance with Art. 46 (2) (c) GDPR. Copies of the EU standard privacy clauses can be found on the European Commission's website at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de erhalten.

If you are excluded from a Goethe-Institut examination for a reason specified in the examination regulations and the Goethe-Institut then blocks you from taking examinations as part of the Goethe Institute examination portfolio worldwide, your data will be passed on to the examination centres of the Goethe Institute (see Section 2 of the examination regulations) worldwide and to examination centres of the Austrian Language Diploma (ÖSD) for the purpose of enforcing this measure (control of compliance with an imposed examination block) and processed there for this purpose. This is done on the basis of the execution of the joint contract on the provision of an examination in accordance with Art. 6 (1) (b) GDPR. Insofar as personally identifiable data is processed in countries outside the European Union or the European Economic Area, this is also based on the necessity of the transfer for the execution of this contract.
 
  b) Data transfer to the central examination archive
For the purpose of checking authenticity and issuing replacement certificates, data concerning the examinations you have taken will be stored and used in the central examination archive (for a maximum of 10 years). This is done on the basis of the fulfilment of the contract according to Art. 6 (1) (b) GDPR.
 

10. DATA SECURITY

We secure our website and other systems through technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons, such as when creating the Goethe.de account or a subsequent login through SSL encryption.
 

11.YOUR RIGHTS AND HOW TO CONTACT US

As a data subject, you have the following rights:
  • in accordance with Art. 15 GDPR, the right to request information about your personally identifiable data processed by us to the extent described therein;
  • in accordance with Art. 16 GDPR, the right to demand the immediate correction of incorrect or incomplete personally identifiable data stored by us;
  • in accordance with Art. 17 GDPR, the right to demand the deletion of your personally identifiable data stored with us, unless further processing is necessary
    • to ensure the exercising of the right to freedom of expression and information;
    • to fulfil a legal obligation;
    • for reasons of public interest, or
    • to assert, exercise or defend legal claims
 
  • in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personally identifiable data, provided that
    • the correctness of the data is disputed by you;
    • the processing is unlawful, but you refuse to delete it;
    • we no longer need the data, but you need it to assert, exercise or defend legal claims, or
    • you have lodged an objection to the processing pursuant to Art. 21 GDPR;
 
  • in accordance with Article 20 GDPR, the right to receive your personally identifiable data provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • in accordance with Article 77 GDPR, the right to file a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company’s registered office.

If you have any questions about the collection, processing or use of your personally identifiable data, about information, correction, restriction of processing or deletion of data as well as revocation of any consents granted or objection to a specific use of data as well as the right to data transferability, please contact our company data protection officer:

The Data Protection Officer
Goethe-Institut e.V.
Oskar-von-Miller-Ring 18
80333 München
datenschutz@goethe.de
 

12. Right of objection

Insofar as we process personally identifiable data as explained above in order to safeguard our overriding legitimate interests, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you may exercise this right at any time as described above. If the processing is for other purposes, you have the right to object only if there are reasons arising from your particular situation.

After exercising your right of objection, we will not process your personally identifiable data further for these purposes, unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

This does not apply if the processing is for direct marketing purposes. Then we will not process your personally identifiable data further for this purpose.