Privacy Policy

Please click here for the privacy policy for applicants to a program administered by the German-American Fulbright Commission.

Please click here for the privacy policy for participants in a program of the the German-American Fulbright Commission.

Below, we provide you with information about the collection of personal data when using our website, and when contacting us via a contact form, email, or telephone, during the application process, and in connection with your participation in our events. Personal data refers to all data that can be related to you personally, such as your name, address, email addresses, and user behavior.

1   The responsible entity according to Article 4(7) of the EU General Data Protection Regulation (GDPR) is: German-American Fulbright Commission, Lützowufer 26, 10787 Berlin, Germany, Tel.: +49 (0)30-284443-0, Email: info@fulbright.de

2.   Our data protection officer, Ms. Susanne Klein, attorney-at-law, Beiten Burkhardt Services GmbH, Ganghoferstraße 33, 80339 München, can be reached by phone at: +49 (0)69-756095-585 or email at: Susanne.Klein@bbservices.gmbh

1.   We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and all other relevant laws.

2.   The primary purpose of data processing is to establish and fulfill a contractual relationship with you. When you contact us via email, a contact form, or telephone, the information you provide (your email address, possibly your name, and telephone number) is stored by us to answer your inquiries. The primary legal basis for this is Article 6(1)(b) of the GDPR. In addition, your separate consent under Article 6(1)(a) and (7) of the GDPR may be used as a legal basis for data processing. We also process your data to fulfill our legal obligations, particularly in the area of trade and tax law. This is based on Article 6(1)(c) of the GDPR. Where necessary, we process your data based on Article 6(1)(f) of the GDPR to protect legitimate interests of ours or third parties.

3.   Your personal data will not be transmitted to third parties for purposes other than those listed below. We only share your personal data with third parties if you have given explicit consent under Article 6(1)(a) of the GDPR, if sharing is necessary for the establishment, exercise, or defense of legal claims under Article 6(1)(f) of the GDPR and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data, if there is a legal obligation to share under Article 6(1)(c) of the GDPR, or if it is legally permissible and necessary under Article 6(1)(b) of the GDPR for the execution of contractual relationships with you.

4.   If we use external service providers for specific functions of our offering or if we wish to use your data for promotional purposes, we will inform you in detail about the respective processes below. We will also provide the specified criteria for storage duration.

5.   We delete your personal data as soon as they are no longer necessary for the purposes for which they were collected. After termination of the contractual relationship, your personal data will be stored as long as legally required. This is regularly determined by legal obligations for proof and retention, which are governed, among other things, by the Commercial Code and the Fiscal Code. The retention periods are up to ten years. In addition, personal data may be retained for the period during which claims can be made against us (statutory limitation period of three or up to thirty years).

1. Visit to our website

a)   When you visit our website for informational purposes, i.e., without registering or otherwise transmitting information to us, we only collect the personal data that your browser sends to our server. If you want to view our website, we collect data that is technically necessary for us to display our website to you and ensure its stability and security. The data is also stored in the log files of our system. Storage of this data, along with other personal user data, does not occur. This data includes the IP address of the requesting device, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, data volume transferred in each case, website from which the request originates, browser, operating system and its interface, as well as the language and version of the browser software.

b)   The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.

c)   The temporary storage of the IP address by the system is necessary to deliver the website to your browser. For this purpose, your IP address must be stored for the duration of the session. The storage in log files is carried out to ensure the functionality of the website. Furthermore, the data serves us for the optimization of the website and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in data processing under Article 6(1)(f) of the GDPR. An evaluation of the data for marketing purposes does not take place in this context.

d)   The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collected for the provision of the website, this is the case when the respective esession is ended. Log files are deleted within 10 days after accessing the website.

e)   For hosting this website, we use the external provider Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen. The aforementioned personal data collected on this website is stored on the hoster's servers. The host will process your data only to the extent necessary to fulfill its contractual obligations. To this purpose, we have entered into a data processing agreement with the hoster, so that they process the personal data exclusively on our behalf and according to our instructions.

a)   Cookies are used on our website. These are small text files that are stored on your device when you visit our site, as far as your device's browser settings allow. The cookie contains information that is related to the specific device being used. We differentiate between cookies that are strictly necessary for the technical functions of the online offering and those cookies that are used for statistical analysis to improve the functionality of our website and tailor it to user behavior.

b)   Technically necessary cookies
By technically necessary cookies, we mean cookies that are essential for the technical provision of the online offering. These include, for example, connection control during an online session (so-called session cookies). These cookies are deleted as soon as the browser session is ended. The data processing carried out due to technically necessary cookies is required for the purposes mentioned in order to safeguard our legitimate interests pursuant to Article 6 para. 1 lit. f) GDPR. The legal basis for the use of technically necessary cookies or similar technologies on your device is § 25 para. 2 No. 2 TDDDG.

c)   Functional cookies
We use various cookies only with your consent, which you can select when you first visit our website through the so-called cookie consent tool. The functions are only activated with your consent and serve in particular to analyze and improve visits to our website, to facilitate operation across different browsers or devices, to recognize you on a return visit, or to embed videos on our website. The legal basis for these data processing activities is your consent in accordance with Article 6 para. 1 lit. a) GDPR. The legal basis for the use of functional cookies or similar technologies on your device is your consent in accordance with § 25 para. 1 TDDDG. You can revoke your consent at any time using the cookie consent tool, without affecting the lawfulness of processing until revocation.

d)   If you do not wish to store cookies on your device or if you want to be notified before a new cookie is created, you can configure your browser accordingly. However, complete deactivation of cookies may result in you not being able to use all functions of our website.

e)   Our website uses the cookie consent technology of CCM19 to obtain your consent within the meaning of Art. 6 Para. 1 lit. a) GDPR to store certain cookies in your browser and to document them in accordance with data protection regulations (so-called cookie banners ). The provider of this technology is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany (hereinafter “CCM19”). When you visit our website, a CCM19 cookie is stored in your browser in which the consent you have given or the revocation of this consent is stored. The cookie has a lifespan of one year. The data collected will be stored for the lifespan of the cookie until you request us to delete it or delete the CCM19 cookie yourself. Mandatory statutory retention periods remain unaffected. We have concluded an order processing agreement with CCM19, so that CCM19 processes any personal data collected via our website exclusively on our behalf and in accordance with our instructions. CCM19's cookie consent technology is used on our website to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 Paragraph 1 Letter c) GDPR; The legal basis for setting the cookie is Section 25 Paragraph 2 No. 2 TDDDG.

f)   You can access the CCM19 cookie consent tool again at any time and change your consent by clicking on the symbol displayed on every page of this website at the bottom left of the screen and thereby reopen the cookie banner.

a)   In addition to the purely informational use of our website, we offer various services that you can use if interested. For this purpose, you usually need to provide further personal data, which we use to provide the respective service and for which the principles of data processing mentioned above apply.

b)   In some cases, we rely on external service providers to process your data. These providers have been carefully selected and commissioned by us, they are bound by our instructions, and are regularly monitored.

c)   Furthermore, we may share your personal data with third parties when participation in activities, contests, contract conclusions, or similar services are offered jointly with partners. Further information on this can be obtained when providing your personal data or below in the description of the respective offer.

d)   If our service providers or partners are located in a country outside the European Union (EU) or the European Economic Area (EEA), we will inform you about the implications of this circumstance in the description of the respective offer.

a)   We collect your personal data when you voluntarily provide it to us through our contact forms. In doing so, we gather the information that arises during the course of contact. This notably includes names and contact details provided, as well as the date and reason for the contact. The personal data you provide are used solely for the purpose of delivering the requested products or services and corresponding with you. If you initiate contact with us and express interest in an offer, your personal data will be processed for the purpose of initiating a contract pursuant to Article 6 para. 1 lit. b) GDPR. Otherwise, your inquiry will be processed to fulfill our legitimate interest in appropriately handling and responding to your request, based on Article 6 para. 1 lit. f) GDPR. Your data is transmitted to us via email through our provider. Unfortunately, if you do not provide this information, we will be unable to establish contact with you or address your request.

b)   The data will be deleted as soon as they are no longer necessary to achieve the purpose of their collection. For personal data from the input fields of the contact form, this is the case when the respective conversation with you has concluded. A conversation is considered concluded when it can be inferred from the circumstances that the matter in question has been conclusively resolved. To the extent that the shared data are subject to tax and commercial retention obligations, they will be stored for the duration of the legal retention periods and then deleted, unless you have consented to longer storage or further processing of the data is necessary for asserting, exercising, or defending legal claims.

a)   You can subscribe to our newsletter, through which we inform you about our current interesting offers, by registering for the newsletter on our website and providing your consent for the associated data processing. The advertised goods and services are specified in the consent declaration.

b)   For subscribing to our newsletter, we use the double opt-in procedure. This means that after your registration, we will send an email to the provided email address, in which we ask for confirmation that you are the owner of the specified email address and wish to receive the newsletter. In addition, we store your used IP addresses and the times of registration and confirmation. The purpose of this procedure is to confirm your registration and, if necessary, to clarify any potential misuse of your personal data.

c)   The mandatory information for sending the newsletter is solely your email address. Providing further data is voluntary and is used to address you personally. After your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis is your consent according to Article. 6 para. 1 lit. a) GDPR.

d)   You can revoke your consent to receiving the newsletter and unsubscribe at any time. You can withdraw your consent by clicking on the link provided in each newsletter email, by sending an email to info@fulbright.de, or by sending a message to the contact information provided in the imprint.

e)   For sending the newsletters, we use rapidmail. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. The data you enter for the purpose of receiving the newsletter is stored on the servers of rapidmail in Germany. There is no transmission of data to third countries. The data stored by us as part of the consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter, and after unsubscribing, it will be deleted from both our servers and the servers of rapidmail. Data that has been stored by us for other purposes remains unaffected. Further information can be found in rapidmail's data security notices at: https://www.rapidmail.de/datensicherheit.

a)   Our website may also include content (such as videos) from the YouTube platform. This service is operated by YouTube, a subsidiary of Google. For data processing in the European region, Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is responsible.

b)   We use embedded YouTube videos in extended privacy mode. This means that YouTube does not store cookies for a user who views a website with an embedded YouTube video player but does not click on the video to start playback.

c)   Only when you expressly consent to the use of YouTube, the videos will be loaded and played. In this case, Google sets various cookies and may also receive your IP address along with information about the respective video and your use of playback functions. The lifespan of the cookies is up to 8 months and can be found in detail in the list in the cookie banner. If you are simultaneously logged into your YouTube account, this information can also be directly associated with your personal profile. You can prevent this by logging out of your YouTube account beforehand.

d)   YouTube also statistically evaluates video views and provides us with reports on these evaluations, which only contain general information about views, such as the total number of views. We do not receive detailed information about individual users in this regard. Therefore, we assume that YouTube's analysis of video views does not involve a more detailed analysis of individual users. YouTube automatically and independently performs data analysis without our ability to disable or influence it, or gain detailed insights into the analyzes.
e)   An overview of the cookies used by Google can be found at https://policies.google.com/technologies/cookies?hl=en.

f)   For further information on how YouTube and Google handle user data and process this data, please refer to YouTube's Privacy Policy at: https://www.google.com/intl/en/policies/privacy.

g)   If you consent to the use of cookies and data processing by YouTube, the legal basis for this is § 25 (1) of the TDDDG and Article 6 (1) sentence 1 lit. a) of the GDPR. You can withdraw your consent at any time through the cookie banner, without affecting the lawfulness of the processing until the withdrawal.

h)   In connection with the above-mentioned functions, YouTube may transmit the processed data to servers outside the EU, particularly to Google LLC in the USA, if necessary for the provision of these services. For the USA, there is an adequacy decision by the EU Commission within the EU-U.S. Data Privacy Framework, certifying certified companies with an adequate level of data protection according to the GDPR. Google LLC is certified under the EU-U.S. Data Privacy Framework and is also listed in the Data Privacy Framework List maintained by the U.S. Department of Commerce. When transmitting data to servers of Google LLC in the USA, a consistently high level of data protection is ensured. If such data transfer to the USA occurs, it is based on Article 45 (1) sentence 1 of the GDPR.

a)   We use ReadSpeaker for the proper provision of content on our website. ReadSpeaker is a text-to-speech service for internet content provided by ReadSpeaker GmbH, Am Sommerfeld 7, 86825 Bad Wörishofen, Germany.

b)   When you click the "Listen" link, the text or text passage of the website, along with your IP address and access URL, is transmitted to a ReadSpeaker server. An audio file is generated there and streamed back to your IP address. Technical log data is automatically deleted by ReadSpeaker no later than 30 days. ReadSpeaker does not collect or store any other personal data. ReadSpeaker only logs the number of clicks the read-aloud function generates. Except for general temporary web server logs, no user-specific data is collected, logged, or documented. Data is not shared, and data processing takes place exclusively within the EU.

c)   ReadSpeaker uses two technical cookies to provide the service. A technical session cookie is used to check if the script is loaded when the website loads. The cookie is only set after ReadSpeaker has been activated, i.e., after an interaction with the player has occurred. This cookie is used to inform ReadSpeaker that a user has activated the text-to-speech service on the website. This cookie is deleted again after you close your browser (so-called session cookies). Another cookie is used to store setting changes in the settings menu. The cookie has a default lifespan of 4 days. This cookie is used to store the settings of individual users so that they do not need to reapply their preferred settings on every page they navigate to. If the ReadSpeaker function is not activated, no cookies are stored on your device when you visit the website.

d)   The legal basis for providing the text-to-speech service on our website is our legitimate interest pursuant to Article 6(1)(f) GDPR, where our legitimate interest lies in an enhanced and user-oriented provision of content on our website. The legal basis for setting the necessary cookies by ReadSpeaker when the user interacts with the service is § 25(2) No. 2 TDDDG.

e)   We have entered into a data processing agreement with ReadSpeaker to ensure that ReadSpeaker processes the personal data obtained within the scope of the reading service exclusively on our behalf and according to our instructions.

a)   We offer a protected area on our website for the evaluators who are involved in the selection of applicants for a Fulbright scholarship and who support us in this capacity by assisting in the selection of suitable applicants for our scholarships (referred to as "Login for Selection Committees "). In this protected login area, after logging in, evaluators will find information about the selection process, application documents of scholarship applicants, and relevant evaluation forms.

b)   In order to log into the protected area, evaluators must enter their username and a self-selected password. We provide the initial access credentials, but the password must be individualized directly thereafter. Evaluators are required to keep their access credentials to the protected login area confidential and must not share them with third parties. Furthermore, by clicking the corresponding button before logging in evaluators must commit to maintaining data protection and data confidentiality with regard to applicant data. Without this commitment, login is not possible.

c)   When using the protected login area for selection committees, in addition to the evaluator's access credentials (including confirmation of the commitment to data confidentiality) and general log data due to website usage (see Section III 1), activities within the login area are recorded. Accordingly, we can track which documents evaluators have viewed and/or downloaded in the login area, and associate this with the respective evaluators. In addition, the login and logout times (i.e. leaving the protected area) are also recorded and temporarily stored. These data are not shared with external third parties (except for our hosting service provider, see Section III. 1 e).

d)   Processing of the aforementioned data is necessary to ensure an efficient scholarship selection process. To this purpose, it is necessary to provide evaluators with the necessary documents for applicant selection online, while complying with the required data security measures. The processing of personal data is thus necessary to safeguard our legitimate interests as well as the legitimate interests of applicants in a prompt selection decision. There is no evident overriding of the evluators´ interests in excluding data processing as they voluntarily agree to participate in the selection process and also have an interest in receiving the relevant documents and materials for evaluation in the most time-efficient yet secure manner to submit their assessment. The data processing activities associated with this are therefore based on Article 6(1)(f) of the GDPR.

e)   For the processing of personal data of scholarship applicants, whose application documents are made available for review or download by evaluators in the protected login area, the separate "Data Privacy Notice for Applicants for Participation in a Program of the German-American Fulbright Commission" applies.

a)   We use the interactive mapping services from Mapline on our website, operated by Mapline Inc., PO Box 749, Pleasant Grove, UT 84062, USA (hereinafter referred to as "Mapline"). By providing these maps, we aim to enhance the user experience on our website and make it easier for you to find the locations of our projects and initiatives. If you are interested in one of our scholarship programs, the tool allows you to view the participating (higher) educational institutions and their availability.

b)   When you access our website, no connection to Mapline's servers is initially established. Instead of the embedded map, you will initially see only a preview image. A connection to Mapline is only made after you explicitly consent to the use of Mapline.

c)   Mapline uses map data from OpenStreetMap. OpenStreetMap is a project of the OpenStreetMap Foundation ("OSMF"), 132 Maney Hill Road, Sutton Coldfield, West Midlands B72 1JU, United Kingdom, which collects freely usable geodata and makes it available in a database for free use. When connecting to display the maps, the following data is transmitted to OpenStreetMap servers: IP address, browser and device used, operating system, the website from which you were redirected to the OSMF page (referring web page), as well as the date and time of your visit to the website. If you have a user account with OpenStreetMap and are logged in when visiting our website, additional data transmitted to OpenStreetMap servers includes: User ID, email address associated with your account, and blocked content and associated messages. OSMF may transfer your data to third parties if required by law or if third parties process these data on behalf of OSMF. It is technically possible that recipients could identify at least some users based on the received data. We have no control over the processing of personal data and user profiles by OpenStreetMap for other purposes. For more information on data protection related to OpenStreetMap, please refer to OSMF’s privacy notice at https://wiki.osmfoundation.org/wiki/Privacy_Policy.

d)   Mapline processes the data collected when the map is activated for its own purposes in accordance with its privacy policy. Data may be stored in usage profiles by Mapline and processed for purposes such as product improvement, development of new products, measuring the effectiveness of certain advertisements and market research, as well as personalizing content and advertisements. For this purpose, Mapline also uses third-party cookies. You can find information about the cookies used and their lifespan in the cookie banner listing.

e)   For more information on data processing by Mapline, please refer to Mapline’s privacy notice at https://mapline.com/privacy-notice/.

f)   If you consent to the use of cookies and data processing by Mapline, the legal basis for this is § 25 (1) TDDDG and Article 6 (1) (a) GDPR. You can withdraw your consent at any time using the checkbox above the map, without affecting the legality of processing up to the point of withdrawal.

g)   In connection with the above functions, the processed data may also be transferred to servers outside the EU, particularly to Mapline's servers in the USA. There is no consistently high level of data protection in the USA. Therefore, additional risks may arise from transferring data to servers in the USA, such as difficulties in enforcing your rights regarding this data. If data is transferred to the USA, such transfer is based on your consent under Article 49 (1) (a) GDPR, which you grant by consenting to the integration of Mapline's external content.

a)   This website uses the hCaptcha service provided by Intuition Machines Inc., 350 Alabama St, San Francisco, CA 94110, USA (hereinafter referred to as "hCaptcha"), which protects the website from spam and abuse.

b)   The hCaptcha service aims to prevent abusive activities (e.g. data input in a contact form) carried out by automated software on the website. This is ensured through verification that the input is actually from a natural person. Verification involves collecting and processing data such as the page address where the captcha is used, the user's IP address, user input behavior (e.g. answering the hCaptcha question, input speed into form fields, order of selecting input fields, etc.), browser, browser size and resolution, browser plug-ins, date, language settings, website display instructions (CSS), website scripts (JavaScript), and mouse or touch events within the website.

c)   When hCaptcha is used in "invisible mode," the analyzes run entirely in the background once a website visitor enters a website with hCaptcha enabled; this analysis starts automatically. Website visitors are not separately informed that an analysis is taking place. The data collected during the analysis is transmitted to the hCaptcha provider.

d)   hCaptcha may store cookies in your browser to conduct the analysis. These are text files stored on your computer that allow an analysis of your website usage. The aforementioned data and cookies are usually deleted by hCaptcha after 30 days. You can also prevent the storage of cookies by adjusting your browser software settings; however, we would like to note that in this case you may not be able to fully use our website and might not be able to use certain forms.

e)   The legal basis for using reCAPTCHA is our legitimate interest pursuant to Article 6(1)(f) of the GDPR. We have a legitimate interest in protecting our website from abusive automated reconnaissance and spam. The legal basis for setting cookies by hCaptcha is § 25(2) No. 2 TDDDG.

f)   For more information about hCaptcha, please refer to the privacy policy and terms of use at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.

g)   By default, hCaptcha stores analysis data in the EU. However, in connection with the aforementioned functions, hCaptcha might transfer personal data to the USA. Transferring data to servers in the USA may therefore entail additional risks; for example, enforcing your rights regarding these data might be more challenging. For data transfers to the USA, we have entered into a data processing agreement with hCaptcha according to Article 28 of the GDPR, as well as the EU Commission's standard data protection clauses, which also outline the implementation of appropriate protective measures for the specific case. This commitment by hCaptcha ensures that European data protection standards are maintained even for transfers to third countries like the USA. If data is transferred to the USA or another third country, such a third-country transfer is based on Article 46(2)(c) of the GDPR.

a)   During your website visit, we utilize the widely recognized SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption supported by your browser. Typically, this involves 256-bit encryption. If your browser does not support 256-bit encryption, we revert to using 128-bit v3 technology instead. You can recognize whether an individual page of our website is transmitted securely by the closed depiction of the padlock symbol in your browser's status bar.

b)   Furthermore, we employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continually improved to align with technological advancements.

1. Collection of personal data from network partners and interested parties

a)    We collect your personal data as a network partner or prospect only if you provide them to us voluntarily via email, post, or phone. In such cases, we capture the information that arises during the contact. This includes, in particular, names and provided contact details, date, and reason for the contact. The personal data you provide will only be used for the purpose of providing you with the requested products or services (legal basis: Article 6(1)(b) GDPR), or for other purposes for which you have given your consent (legal basis: Article 6(1)(a) GDPR), as described in this privacy policy. You have the option to revoke your consent for the processing of personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

b)    You are not obligated to provide the aforementioned personal data. However, the data provided may be necessary for the conclusion of a contract. Without the provision of data, communication, contract conclusion, or contract fulfillment may not be possible.

c)    Transmission of data relevant in individual cases occurs based on legal provisions to public authorities in the presence of superior legal regulations, to external service providers, other contractors, and other external entities where you have given your consent, or where transmission is permissible for the fulfillment of a contract or due to overriding interests. There is no intention to transmit your data to recipients in a third country (non-EU/EEA member state) or an international organization.

d)    The data will be deleted as soon as they are no longer necessary for achieving the purpose of their collection. For the provided personal data, this is the case when the respective conversation with you has concluded. A conversation is deemed concluded when it can be inferred from the circumstances that the relevant matter has been conclusively resolved. To the extent that the provided data are subject to legal retention obligations related to taxation and commercial law, they will be stored for the duration of these retention obligations and then deleted, unless you have consented to longer storage or further processing of the data is necessary for asserting, exercising, or defending legal claims. The legal basis for processing personal data for the purpose of fulfilling legal archiving and retention obligations is Article 6(1)(c) GDPR, otherwise Article 6(1)(f) GDPR.

a)    We collect your personal data as an applicant only if you provide them to us voluntarily via email, post, or phone. This applies to both applications for advertised positions and unsolicited applications. In such cases, we capture the information that has been communicated during the application process. This includes, in particular, your name, date of birth, contact details, interests, qualifications, as well as educational and professional backgrounds. The personal data you provide will only be used for the purpose of conducting the application process. The legal basis is Article 6(1)(b) GDPR and Article 88 GDPR in conjunction with Section 26(1) sentence 1 BDSG.

b)    You are not obligated to provide the aforementioned personal data. However, the data provided are necessary for the execution of the application process and may also be required for a future contract conclusion following the completion of the application process. Without the provision of data, communication, execution of the application process, or contract conclusion may not be possible.

c)    Transmission of data relevant in individual cases occurs based on legal provisions or a contractual agreement. Access to your personal data in the application process is limited to the employees of the HR department, management personnel, and the respective department head. Your personal data will not be transmitted to third parties. There is no intention to transmit your data to recipients in a third country (non-EU/EEA member state) or an international organization.

d)    The data will be deleted as soon as they are no longer necessary for achieving the purpose of their collection. Therefore, we retain your data for six months after communicating the rejection decision to you and subsequently delete them, in case of rejection. If you have given consent for longer storage, the retention period is two years. Afterward, we will either delete your data or seek your consent again. You have the option to withdraw your consent for the processing of personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

1.    If you have provided consent for the processing of your data, you can revoke it at any time in accordance with Article 7(3) GDPR. The legality of processing based on consent prior to its withdrawal will not be affected by the revocation.

2.    In cases where we rely on the legal basis of Article 6(1)(e) GDPR (performance of a task carried out in the public interest) or Article 6(1)(f) GDPR (legitimate interests) for the processing of your personal data, you have the right to object to the processing at any time based on reasons arising from your particular situation. If you exercise such an objection, please provide the grounds why we should not process your personal data as we have been doing. Upon receiving a substantiated objection, we will assess the situation and either cease or adjust the data processing or provide compelling legitimate grounds for the continuation of processing (Article 21(1) sentence 1 GDPR).

3.    You can, of course, also object to the processing of your personal data for purposes of direct marketing and related data analysis at any time. You can inform us of your objection to advertising using the following contact details:
German-American Fulbright Commission, Lützowufer 26, 10787 Berlin, Germany, phone: +49 30-284443-0, Email: data-protection@fulbright.de

1.   You have the right, in accordance with Article 15 of the GDPR, to request information about the personal data we process concerning you. In particular, you can obtain information about the purposes of processing, the categories of personal data involved, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of the right to rectification, deletion, restriction of processing, or objection, the existence of a right to lodge a complaint, the source of your data if not collected from us, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about its details.

2.   According to Article 16 of the GDPR, you can promptly request the correction of inaccurate personal data or completion of your personal data stored by us. You have the right, in accordance with Article 17 of the GDPR, to request the deletion of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

3.   Pursuant to Article 18 of the GDPR, you have the right to request the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose their deletion, or we no longer need the data, but you require them for the establishment, exercise, or defense of legal claims, or you have objected to processing under Article 21 of the GDPR.

4.   You have the right, in accordance with Article 20 of the GDPR, to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, or to request their transmission to another controller.

5.   You also have the right, pursuant to Article 77 of the GDPR, to lodge a complaint with a supervisory authority if you believe that the processing of your personal data by us does not comply with legal requirements.

Automated decision-making (including profiling) according to Article 22 of the GDPR does not take place within our organization.

1. Registration for Events

As part of the registration process for our events, personal data is collected. This typically includes your name, address, or email address, and for fee-based events, your banking details as well. The collected personal data is used solely internally for the execution and management of the event. The legal basis for this is Article 6(1)(b) of the GDPR.

During the event, the Fulbright Commission or authorized service providers may take photo and video recordings. These recordings may be used for documentation purposes and for public relations in digital and print formats. This may include the publication of recordings on our website, in our social media channels, in our newsletter, or in promotional materials or invitations for future Fulbright Germany events. We will inform you about the specific purposes of using the recordings and the respective legal basis in the invitation or, if necessary, through clearly visible signs at the event venue. If your consent in accordance with Article 6(1)(a) of the GDPR is required for certain data processing activities, we will obtain it separately.

1.   This privacy policy is as of August 2023 and is currently valid.

2.   Due to the ongoing development of our website and services or changes in legal or regulatory requirements, it may be necessary to make adjustments to this privacy policy. The most current version of the privacy policy can be accessed and printed by you at any time on the website at https://www.fulbright.de/en/privacy-policy.