Data Protection

Data Protection Rules and Consents

Goethe-Institut e.V., Oskar-von-Miller-Ring, 18, 80333 Munich ("Goethe-Institut" or "we"), as the operator of the website www.goethe.de (the "Website"), is the controller of the personally identifiable data of the users ("You") of the Website within the meaning of the EU General Data Protection Regulation (GDPR) and the German data protection laws, in particular the Federal Data Protection Act (BDSG).

Contents

  1. Use of the website for information purposes
  2. Data collection and use for the execution of the contract
  3. Registration and Goethe.de-account
    a) Data about your person and contents created by you
    b) Personalised marketing
    c) Data publication
    d) Data exchange between our language course management system and your  Goethe.de-account
    e) Deletion
  4. Google reCAPTCHA and Google Maps
    a) Google reCAPTCHA
    b) Google Maps
  5. Data collection and use for direct marketing purposes
    a) Postal advertising
    b) Email newsletter
  6. Cookies
  7. Web Analysis
    a) Mapp
    b) Google(Universal) Analytics
    c) Google AdWords and Google conversion tracking   
    d) Google Analytics Remarketing
    e) Facebook pixel
    f) Bing Ads  
    g) LINKEDIN INSIGHTS
  8. Social Networks
    a) Use of social plugins und widgets of Facebook, Twitter, Google+, Instagram and VKontakte using the Shariff solution
    b) Use of Spotify and Soundcloud widgets
    c) Embedding and display of social media content
    d) YouTube and Vimeo video plugins
    e) Our online presence on social media
    f) Social Media monitoring
  9. Data transfer to third parties
    a) Transfer of data to Goethe-Instituts
    b) Data transfer to the central examination archive
  10. Data security
  11. Your rights and how to contact us
  12. Right of objection
The Goethe-Institut takes the protection of your data very seriously. With this privacy notice, we would like to inform you in a transparent manner which personally identifiable data ("your data") we collect, process and use about you when you visit our online presence and/or use the Goethe Institute's Website.  

1. USE OF THE WEBSITE FOR INFORMATION PURPOSES

You can visit our Website and use some of our Internet offerings without providing any personal information. Whenever you access a website, the web server merely automatically stores access data in server log files, which are automatically communicated by your browser, such as the name of the requested file, the last website visited, the date and time of the access, the browser used, the amount of data transferred, the IP address, the requesting provider, etc. Within the scope of processing on our behalf, a third party provider renders the services for hosting and displaying the Website for us. This service provider is located within a Member State of the European Union or the European Economic Area.

For the purpose of shortening the loading time of our online presence, we also use a Content Delivery Network ("CDN"), in which the website is delivered via the web server of a CDN provider who works for us in the context of order processing. Access data is also collected accordingly on the provider's web servers.

All access details shall be stored for a period of 7 days. This data shall be analysed exclusively in order to ensure a fault-free operation of the website and for a fault analysis. The use of a CDN provider, as well as the procedure described here, serves to safeguard our overriding legitimate interests in the correct presentation of our offering in accordance with Art. 6 (1) sentence 1 (f) GDPR.  

 2. DATA COLLECTION AND USE FOR THE EXECUTION OF THE CONTRACT

We collect personally identifiable data if you provide us with this information when contacting us (e.g. via contact form or email), when registering for a user account ("Goethe.de account") or in the course of your booking, for example when booking a course or examination. Which data is collected in detail and which information is mandatory and which is voluntary can be seen from the respective input forms.

In these cases, we collect and process the data provided by you in order to execute the respective contract, for example to carry out a placement test with regard to your language courses or a language course including a subsequent examination, and to process your enquiries in accordance with Art. 6 (1) sentence 1 (b) GDPR. Insofar as you have expressly consented to the processing of special categories of data in accordance with Art. 9 (2) (a) GDPR, we will collect your health data (e.g. allergies) exclusively for the purpose communicated to you upon consent.

your data will be blocked for further use and deleted after the expiry of the mandatory retention periods under tax and commercial law. Should tax or commercial law retention obligations not apply to individual data, this will be deleted immediately after the respective contract has been executed. The only exception to this is if you have expressly consented to further use of your data or if we reserve the right to use your data for any other purpose that is permitted by law and about which we inform you below.

Your account data in connection with our learning platform will also be automatically deleted after three years of non-use.

Data transfer for contract execution

Within the framework of course and examination bookings, your personally identifiable data will be processed in our central language course management system, to which other Goethe Institutes generally have access, unless access is not permitted under local law. This is done in order to process the contract in accordance with Art. 6 (1) sentence 1 (b) GDPR, as well as to safeguard our predominantly legitimate interests in valid information and correct data records when booking a course in accordance with Art. 6 (1) sentence 1 (f) GDPR. Insofar as personally identifiable data is processed in countries outside the European Union or the European Economic Area in this respect, we have agreed the EU standard data protection clauses with the Goethe Institutes concerned as a suitable guarantee within the meaning of Art. 46 (2) (c) GDPR for the protection of data.

In order to fulfil the contract, we will pass on your data to the company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods or the provision of ordered services. Depending on which payment service provider you select in the order process, we will pass on the payment data collected for this purpose to the bank commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the selected payment service for the processing of payments. In some cases, the selected payment service providers also collect this data themselves if you open an account there. In this case, you must log on to the payment service provider with your access data during the ordering process. In this respect, the data protection declaration of the respective payment service provider applies. When making a booking in our online shop, the payment data you enter goes directly to the payment service provider commissioned. We have no access to this data at any time.

Insofar as the payment service provider processes your personally identifiable data for the purpose of payment processing, e.g. for the processing of credit card payments, as a controller in the sense of Art. 4 (7) GDPR, we will provide you with information which the payment service provider must provide in accordance with Art. 13, 14 GDPR.
This informationen can be found here and here.

As part of the execution of our contracts with you, for example, for the provision of language courses, we sometimes pass on your data to service providers who process them on our behalf and within the framework of a contract existing between the Goethe Institute and the respective service provider for order processing. Such a service provider may, for example, be the provider of software that the Goethe Institute uses to execute the contract.    

3. REGISTRATION AND GOETHE.DE ACCOUNT

If you wish to leave comments or make posts, exchange information with other users, take part in online courses, use learning platforms, purchase products from the online shop, borrow digital media and book courses or examinations or use our online services for reference libraries (researching or reserving books, renewing, etc.), registration and creation of a "Goethe.de account" is required. To register, we process your login data (email address and password), which gives you access to personalised Goethe Institute offers, the consents you have given, as well as your country and preferred language.    

a) Data about your person and contents created by you
In the course of creating the Goethe.de account, only the data that we require for the execution of our offers or any contractual relationship with you is mandatory.

We collect and process the data provided by you within the scope of the contract execution of this user contract according to Art. 6 (1) sentence 1 (b) GDPR
  • to check your application for a Goethe.de account
  • to provide the free services in which you participate (blogs, forums, comment function, self-presentation, communities, chats, etc.)
  • to fulfil our obligations arising from contracts that exist with you (provision of the online courses, the learning platform and the digital media as part of the loan, delivery of products from the web shop as well as conducting courses and examinations, library loan contracts).
You can voluntarily provide further information about your person as well as enter content (so-called user generated content), such as a photo of you, texts in the form of blog or forum posts, discussion posts, etc. Which data is collected in detail and which information is mandatory and which is voluntary can be seen from the respective input forms. We process the voluntarily provided data in order to protect the predominant common interests in a diverse exchange within the framework of our platform in accordance with Art. 6 (1) sentence 1 (f) GDPR.   

b) Personalised marketing
For marketing purposes, we also use the data you provide in your user account for a personalised design of our website and Internet offerings, e.g. a personal homepage and a profile area in which we present offers suited to you. This serves to safeguard our overriding legitimate interests in the optimal marketing of our offers in accordance with Art. 6 (1) sentence 1 (f) GDPR. Provided that the corresponding consent has been requested (e.g. consent to the storage of cookies), the data is processed exclusively on the basis of Art. 6 (1) a) GDPR; the consent can be revoked at any time.  

c) Data publication
Some of the data you store using the Goethe.de account is visible to other users. This includes, for example, your name or username, your posts including creation date and time, your group memberships, your friends, your learning lists, your files, your online status, your ratings, the duration of your membership, your gender and your guestbook entries. The publication of the data is required in accordance with Art. 6 (1) sentence 1 (b) GDPR in order to be able to provide you with the contractually agreed functions of our platform.
 

​​​​​​​  
d) Data exchange between our language course management system and your Goethe.de account
To enable our course and examination management to view the information and results contained in your Goethe.de account, a data exchange (pairing) takes place between our course and examination management software and your Goethe.de account. In accordance with Art. 6 (1) sentence 1 (f) GDPR, this serves to safeguard our legitimate interest – in the context of a balancing of interests – in linking the data records in order to enable you to have uniform master data management and an overview of the courses and examinations you have booked, also on our website.   

e) Deletion
If you do not confirm your registration within 7 days, your Goethe.de account will be deleted along with the data you provided during registration. If you confirm the registration, a user account will be created according to the present explanations. This does not apply to Goethe.de accounts that were created as part of a booking in the web shop. These will remain permanently unless you request their deletion. You can delete your Goethe.de account and the data you have left there at any time and can be done either by sending a message to the contact option described below or by using a function in the user account provided for this purpose.   


4. Google Recaptcha und Google Maps

 
a) Google reCAPTCHA
For the purpose of protection against misuse of our web forms as well as against spam, we use the Google reCAPTCHA service in some forms on this website. By verifying a manual entry, this service prevents automated software (bots) from carrying out abusive activities on the website. In accordance with Art. 6 (1) sentence 1 (f) GDPR, this serves to protect our legitimate interests in the protection of our website from misuse and in the trouble-free presentation of our online presence.

Google reCAPTCHA is an offer from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“). Insofar as information is transferred to Google servers in the USA and stored there, we have agreed with Google LLC on standard data protection clauses issued by the European Commission for this purpose. You can obtain a copy of this agreement from us upon request. To do so, please contact us using the contact details below.

Google reCAPTCHA uses a code embedded in the website, known as JavaScript, as part of the verification methods that allow an analysis of the use of the website by you, such as cookies. The automatically collected information about your use of this website, including your IP address, is usually transferred to a Google server in the USA and stored there. In addition, other cookies stored in your browser by Google services are evaluated by Google reCAPTCHA.

Personally identifiable data is not read out or saved from the input fields of the respective form. Further information on Google's privacy policy can be found at www.google.com/policies/privacy/.

You can prevent Google from collecting the data generated by the JavaScript or cookie and relating to your use of the website (including your IP address) and from processing this data by Google by preventing JavaScript or the setting of cookies in your browser settings. Please note that this may limit the functionality of our website for your use.    

b) Google Maps
On our website we use the integration of Google Maps to visually display geographical information. The storage of Google Maps cookies and the use of this analysis tool are subject to the corresponding consent and the data is processed exclusively on the basis of Art. 6 (1) a) GDPR; the consent can be revoked at any time.
You can prevent the storage of cookies by making a corresponding setting in your browser software. However, we would like to point out that you may not be able to make full use of all the functions of this website in this case.

According to the Google Terms of Use (Version of 31.03.2020), the Google Maps service is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) if you have your habitual residence in the European Economic Area or Switzerland. If you have your habitual residence in another country, the Google Maps service will be provided to you by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

When using Google Maps, your personal data may be transferred to Google companies in countries outside the European Economic Area where an adequate level of data protection is not ensured and your rights under European data protection law may not be enforceable.

In order to ensure an adequate level of data protection when transferring users' data from the United Kingdom to the United States, we have agreed with Google LLC on standard data protection clauses issued by the European Commission for this purpose. You can obtain a copy of this agreement from us upon request. To do so, please contact us using the contact details below.

When you access a website on which Google Maps is integrated, Google's web server also automatically collects access data in server log files, which are automatically communicated by your browser, such as the name of the requested file, the last website visited, the date and time of the access, the browser used, the amount of data transferred, the IP address, the requesting provider, etc. When using Google Maps, Google also processes data on the use of the Maps functions by visitors to the website.

Further information about Google's privacy policy and settings options can be found at https://policies.google.com/privacy.    

5. DATA COLLECTION AND USE FOR DIRECT MARKETING PURPOSES

 
a) Postal advertising

We reserve the right to use your first and last name and your postal address for our own advertising purposes, e.g. to send you interesting offers and information on our products by post. This serves to safeguard our overriding legitimate interests in addressing our clients in advertising in accordance with Art. 6 (1) (f) GDPR. You can object to the storage and use of your data for these purposes at any time by sending a message to datenschutz@goethe.de.    

b) Email newsletter
If you subscribe to one of our newsletters, we use the data required for this purpose or data provided separately by you to send you the subscribed email newsletter on a regular basis. The sending of email newsletters takes place on the basis of your separate express consent in accordance with Art. 6 (1) sentence 1 (a) GDPR. For security reasons, we use the double opt-in procedure: We will only send you a newsletter by email if you have previously confirmed your newsletter registration. For this purpose, we will send you an email confirming your subscription via the link contained therein. This is to ensure that only you, as the owner of the email address provided, can subscribe to the newsletter.

The newsletter may be sent via an external service provider to whom we pass on your email address for this purpose. In such cases, the processing is carried out on our behalf. You can object to this use of your email address at any time by sending a message to the contact option described below or via a link provided for this purpose in the advertising email, without incurring any costs other than the transmission costs according to the basic rates.

If the service provider is based in the USA, we have, in order to ensure an adequate level of data protection when transferring your data to a third country, agreed with the service provider on standard data protection clauses issued by the European Commission for this purpose. You can obtain a copy of this agreement from us upon request. To do so, please contact us using the contact details below.  

The following also applies to the mailing of e-mail newsletters using the e-mail marketing service provider “Mailchimp”:
the newsletters are mailed by the e-mail marketing service provider
“MailChimp”, a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the e-mail marketing service provider here: https://mailchimp.com/legal/privacy/. The e-mail marketing service provider is used on the basis of our legitimate interests pursuant to Art. 6 (1) f) GDPR and a data processing contract pursuant to Art. 28 (3) Sentence 1 GDPR.
The e-mail marketing service provider can use the recipients’ data in a pseudonymised form, i.e. without assignment to a user, to optimise or improve its own services, e.g. to technically optimise the mailing and the presentation of the newsletters, or for statistical purposes. However, the e-mail marketing service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved by our server or, if we are using an e-mail marketing service provider, by the latter’s server when the newsletter is opened. In the context of this retrieval, technical information is collected first, such as information about your browser and your system, as well as your IP address and the time of the retrieval.
This information is used for the technical improvement of the services on the basis of the technical data or the optimisation of the target groups and their reader behaviour on the basis of the retrieval locations (which can be determined with the aid of the IP address) or the access times. The statistics gathered also includes information on whether the newsletters are opened, when they are opened and which links are clicked.
This information can be assigned to the individual recipients of the newsletters for technical reasons. However, neither we nor, insofar as one is used, the e-mail marketing service provider aim to monitor individual users. Instead, the analyses enable us to identify the reading habits of our users in general, i.e. anonymously, and to adapt our contents to them or to send out different contents according to the interests of our users. A separate cancellation of the measurement of success is unfortunately not possible. In this case, the entire newsletter subscription must be cancelled.
The newsletter is mailed and success measured on the basis of the consent of the recipients pursuant to Art. 6 (1) a), Art. 7 GDPR in conjunction with Section 7 (2) No. 3 German Act Against Unfair Competition (UWG) or, if consent is not necessary, o the basis of our legitimate interests in direct marketing pursuant to Art. 6 (1) f) GDPR in conjunction with Section 7 (3) UWG. In the event of business relationships in which the newsletter is part of the contractual service, the legal basis is Art. 6 (1) b) GDPR.
The registration procedure is logged on the basis of our legitimate interests pursuant to Art. 6 (1) f) GDPR. Our interest is in the use of a user-friendly and secure newsletter system that both serves our business interests and meets the user’s expectations and also allows us to provide evidence of consent.  

6. COOKIES

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages. Cookies serve to make our service more user-friendly, more effective and more secure. These are small text files that are stored on your end device.

Some of the cookies used by us are deleted again after the end of the browser session, i.e. after closing your browser (session cookies). Other cookies remain on your end device and enable us to recognise your browser on your next visit and, if necessary, to enable you to log in automatically (persistent cookies). If, for example, you activate the option "Remain logged in" by placing a check mark when logging in to goethe.de, a cookie will be set that enables us to recognise you when you visit the goethe.de site within a certain period of time.

You can view the duration of the persistent cookies via your browser. You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser is different in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

If cookies are not accepted, the functionality of our website may be limited.

Cookies that are necessary for the execution of the electronic communication process or for the provision of certain functions that are desired by you (e.g. the shopping basket function) are stored on the basis of our legitimate interests in the technically flawless and optimised provision of our services in accordance with Art. 6 (1) f GDPR. Provided that the corresponding consent has been requested (e.g. consent to the storage of cookies), the data is processed exclusively on the basis of Art. 6 (1) a) GDPR; the consent can be revoked at any time. You can prevent the data stored on the basis of cookies and relating to your use of the website (incl. your IP address) from being recorded by opting out of the relevant categories and services in the privacy settings.

If your consent to the storage of cookies is requested in order for cookies to be set, we use the Usercentrics Consent Management Platform to document your consent to the storage of specific cookies on your device or to the use of specific technologies in compliance with data protection laws. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 München, website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).

When you enter our website, the following personal data shall be transferred to Usercentrics: your consent(s) or the revocation of your consent(s), your IP address, information about your browser, information about your device, the time of your visit to the website

Usercentrics is used to obtain the legally required consents to the use of specific technologies. The legal basis for this is Art. 6 (1) Sentence 1 c) GDPR. You can change the cookie settings at any time by clicking on “Cookie Settings” at the bottom of our webpages.    

7. WEB ANALYSIS

 
a) Mapp

We use the services of Mapp Digital c/o GmbH, to collect statistical data on the use of our website, to improve it, to enable an analysis of the use of our website and to compile reports on website activities. Cookies can be used for this purpose. Within the framework of this tracking, pseudonymised user profiles are created. These will not be merged with personally identifiable data about the bearer of the pseudonym without explicit consent to be granted separately.  After discontinuation of the purpose and end of the use of Mappby us, the data collected in this context will be deleted.

The storage of Mappcookies and the use of this analysis tool are subject to the corresponding consent and the data is processed exclusively on the basis of Art. 6 (1) a) GDPR; the consent can be revoked at any time.

Mapp Digital c/o GmbH is a subsidiary of Mapp Digital US, LLC (3655 Nobel Drive, Suite 500, San Diego, CA 92122, USA, "Mapp"). To the extent that information is transferred to servers of Mapp in the USA and stored there, we have agreed with Mapp on standard data protection clauses issued by the European Commission for this purpose in order to ensure an adequate level of data protection when transferring your data to a third country. You may obtain a copy of this agreement from us upon request. To do so, please contact us using the contact details below.   

b) Google(Universal) Analytics

This website uses Google (Universal) Analytics, a web analysis service of Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland; “Google”) to analyse the website.

Processing the user’s personal data with the help of Google Analytics allows us to analyse the surfing behaviour of our users. An analysis of the obtained data enables us to put together information about the level of use and the functionality of the website. This helps us to constantly improve our own website, its contents and its user friendliness.

The storage of Google Analytics cookies and the use of this analysis tool are subject to the corresponding consent and the data is processed exclusively on the basis of Art. 6 (1) a) GDPR; the consent can be revoked at any time.

Google (Universal) Analytics uses methods that enable an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is usually transferred to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address is shortened before transmission within the member states of the European Union or in other Member States that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. The anonymised IP address provided by your browser in the context of Google Analytics will in principle not be merged with other Google data. After discontinuation of the purpose and end of the use of Google Analytics by us, the data collected in this context will be deleted.
 
We use the Google Tag Manager service on our website in connection with the use of Google (Universal) Analytics.
 
With the Google Tag Manager service we manage so-called "tags" that we have embedded on our website. Tags are small code elements that can be used to measure traffic and visitor behavior, track the impact of online advertising and social channels, use remarketing and targeting and test and optimize websites. When using tags, no data is stored on your terminal device.
 
We use these tags exclusively in the context of website analysis with Google (Universal) Analytics, i.e. to be able to analyze and optimize your use of our website even more precisely.

Insofar as information is transferred to Google servers in the USA and stored there, we have agreed with Google LLC on standard data protection clauses issued by the European Commission in order to ensure an adequate level of data protection when transferring your data to a third country. You can obtain a copy of this agreement from us upon request. To do so, please contact us using the contact details below.   

c) Google AdWords and Google conversion tracking
This website uses Google AdWords. AdWords is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Within the framework of Google AdWords, we use so-called conversion tracking. Whenever you click on an advertisement placed by Google, a cookie is set for the conversion tracking. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can see that the user has clicked on the advertisement and has been redirected to this page.

Every Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers. The information obtained with the help of the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The customers find out the total number of users who have clicked on their advertisement and have been redirected to a page that is furnished with a conversion tracking tag. However, they receive no information that allows users to be personally identified. If you do not want to participate in the tracking, you can opt-out of this use by simply deactivating the Google conversion tracking cookie via your web browser’s user settings. You will then not be included in the Google tracking statistics.

The “conversion cookies” are stored and this tracking tool used on the basis of Art. 6 (1) a) GDPR, provided that the corresponding consent is granted; the consent may be revoked at any time.   

d) Google Analytics Remarketing
This website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

This function makes it possible to link the advertising target groups that are created with Google Analytics Remarketing to the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest related, personalised advertising messages that have been adapted to you depending on your earlier usage and surfing behaviour on one device (e.g. a mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have granted the corresponding consent, Google links your web and app browser history to your Google account for this purpose. In this way, the same personalised advertising messages can be placed on each device on which you log into your Google account. To support this function, Google Analytics records users’ Google-authenticated IDs, which are temporarily linked to our Google Analytics data in order to define and create target groups for the cross-device advertising.

The data recorded in your Google account is aggregated on the basis of your consent, which you can give to Google or revoke (Art 6 (1) a) GDPR). In the case of data recording processes that are not consolidated in your Google account (e.g. because you do not have a Google account or you have opted out of the consolidation), the recording and processing of the data depends on your consent to the storage of cookies on our website (Art. 6 (1) a) GDPR); the consent can be revoked at any time.     

e) Facebook pixel

For conversion tracking, this website uses the visitor action pixel of Facebook, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland (“Facebook”).
This makes it possible to track the behaviour of the visitors to the website after they are redirected to the provider’s website as a result of clicking on a Facebook advertisement. This allows the effectiveness of the Facebook advertisements to be analysed for statistical and market research purposes and future advertising measures to be optimised.
The collected data is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and so that Facebook can use the data for its own advertising purposes, in accordance with the Facebook data use policy. As a result, Facebook can enable advertisements to be placed on Facebook pages and outside Facebook. This use of the data cannot be influenced by us as the website operator.
Legal basis for the data processing
The Facebook pixel is used on the basis of Art. 6 (1) a) GDPR, provided that the corresponding consent is granted; the consent may be revoked at any time.    

f) Bing Ads
On the website, we use Bing Ads (bingads.microsoft.com) that are provided and operated by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft sets a cookie on your device if you have accessed our website via a Microsoft Bing advertisement. This enables us and Microsoft to see that someone has clicked on an advertisement, has been redirected to our website and has accessed a predefined target page (“conversion site”). We only find out the total number of users that have click on a Bing advertisement and then been redirected to the conversion site. Microsoft uses the cookie to collect, process and use information from which pseudonymised usage profiles are created. These usage profiles serve to analyse the visitor behaviour and are used for the placement of advertisements. No personal information about the identity of the user is processed.
 
BingAds is used on the basis of Art. 6 (1) a) GDPR, provided that the corresponding consent is granted; the consent may be revoked at any time.  

7g) LINKEDIN INSIGHTS 
We use the LinkedIn Insight tag for our webpages. With the help of this technology, we can create reports about the performance of our advertisements as well as information about website interaction. We process your data to evaluate campaigns and to collect information about visitors to our website who may have reached us via our campaigns on LinkedIn.

LINKEDIN INSIGHTS is used on the basis of Art. 6 (1) a) GDPR, provided that the corresponding consent is granted; the consent may be revoked at any time.    

8. SOCIAL NETWORKS

  a) Use of social plugins and widgets from Facebook, Twitter, Google+, Instagram and VKontakte using the Shariff solution
Social buttons and widgets from social networks are used on our website.

In order to increase the protection of your data when visiting our website, these buttons and widgets are not fully integrated into the page, but only by using an HTML link. This integration ensures that when a page of our website containing such buttons is accessed, no connection is yet established with the servers of the provider of the respective social network.

If you click on one of the buttons, a new window of your browser opens and accesses the page of the respective service provider, where you can press the Like or Share button, for example (if necessary after entering your login data).

The purpose and scope of data collection and the further processing and use of data by the providers on their sites, as well as a contact option and your rights and settings options for the protection of your privacy, can be found in the privacy policy of the providers:

https://www.facebook.com/policy.php
https://twitter.com/privacy
https://www.google.com/intl/de/+/policy/+1button.html
https://help.instagram.com/155833707900388
https://vk.com/privacy/eu
   
b) Use of Spotify and Soundcloud widgets
On our website, we use widgets from the Spotify and Soundcloud networks for the purpose of making our content interactive.

When you visit a page on our site that contains such a widget, your browser will connect directly to the Spotify or Soundcloud servers. The content of the widget is transmitted by the respective provider directly to your browser and integrated into the page. By integrating the widgets, the providers receive the information that your browser has called up the corresponding page of our website, even if you do not have a profile or are not logged in at the moment. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider and stored there.

If you are logged in to one of the services, the providers can directly assign the visit to our website to your profile in the respective social network. When you interact with the widgets, for example when you play content, the corresponding information is also transmitted directly to a server of the providers and stored there.

The information can also be published in the social network and displayed to your contacts.

The use of Spotify and Soundcloud is subject to the corresponding consent and takes place exclusively on the basis of Art. 6 (1) a) GDPR; the consent can be revoked at any time.

The purpose and scope of data collection and the further processing and use of data by the providers, as well as a contact option and your rights and settings options for the protection of your privacy, can be found in the privacy policy of the providers.

Spotify AB: https://www.spotify.com/de/legal/privacy-policy/
SoundCloud Limited: https://soundcloud.com/pages/privacy     

c) Embedding and display of social media content such as Twitter, Instagram, Facebook and others
On our website, especially in the context of articles by the Goethe-Institut, content (posts, comments and/or channels) from Twitter, Instagram and Facebook can be displayed using social plugins.

In addition, content from other social networks (e.g. Spotify and Soundcloud) can be displayed using social plugins. Via the social plugins, a direct connection can be established to the servers of the respective network, whereupon data is transmitted to the provider. This can in particular include the following data:
  • Visited Website
  • Browser informationen
  • Information about the operating system
  • IP address
The use of the contents is subject to the corresponding consent and takes place exclusively on the basis of Art. 6 (1) a) GDPR; the consent can be revoked at any time.    

d) YouTube and Vimeo video plugins
On this website, content from third parties is integrated via YouTube and Vimeo for the purpose of interactive design of our content.

YouTube is operated by Google Ireland Limited, a company incorporated and regulated under Irish law, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. ("Google").

Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA.

To increase the protection of your data when visiting our website, the plugins are integrated into the page in such a way that they can only be activated by consent. This integration ensures that when a page of our website containing such plugins accessed, no connection is yet established with the servers of the respective social network. Only when you activate the plugins does your browser establish a direct connection to the servers of the respective social network.

The content of the respective plugin is then transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has called up the corresponding page of our website, even if you do not have a profile with the corresponding provider or are not logged in at the moment. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider (possibly in the USA) and stored there.

When you interact with the plugins, for example by clicking the "Like" button, the corresponding information is also transmitted directly to a server of the providers and stored there.

For videos from YouTube that are embedded on our site, the advanced privacy setting is enabled. This means that no information is collected and stored from website visitors to YouTube unless they are playing the video.

Videos from Vimeo that are embedded on our site have the tracking tool Google Analytics automatically integrated. We have no influence on the results of the analysis and cannot view them. In addition, by embedding Vimeo videos, web beacons are set for website visitors when they activate them.

The use is subject to the corresponding consent and takes place exclusively on the basis of Art. 6 (1) a) GDPR; the consent can be revoked at any time. The purpose and scope of data collection and the further processing and use of data by the providers and your rights and settings options for the protection of your privacy, can be found in the privacy policy of the providers:

YouTube / Google: https://www.google.de/intl/de/policies/privacy/ 
Vimeo: https://vimeo.com/privacy    

e) Our online presence on social media
Our presence in social networks and platforms serves the purposes of better, active communication with our customers and interested parties. We provide information there about our products.

When you visit our online presence on social media, your data may be automatically collected and stored for market research and advertising purposes. From this data, usage profiles are created using pseudonyms. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests. For this purpose, cookies are usually used on your end device. These cookies store the visitor behaviour and interests of the users. The use is subject to the corresponding consent and takes place exclusively on the basis of Art. 6 (1) a) GDPR; the consent can be revoked at any time.

Insofar as the aforementioned social media platforms have their headquarters in the USA, the following applies: Data processing is carried out on the basis of the standard contractual clauses.

For detailed information on the processing and use of data by the providers on their websites, as well as a contact option and your rights and settings options for the protection of your privacy, in particular opt-out options, please refer to the providers' privacy policies linked below. If you still need help in this regard, you can contact us.

Facebook: https://www.facebook.com/about/privacy/     
Possibility of appeal (opt-out):
Facebook: https://www.facebook.com/settings?tab=ads     

f) Social Media Monitoring
The Goethe-Institut shall execute an analysis of the posts published in the social media services outside goethe.de or of the social media performance data for the purpose of improving the quality and enhancing the content, optimising the marketing activities and identifying possible risks (e.g. political crises or communications crises affecting the Goethe-Institut or the consequences of natural phenomena). The social media listening and analytics tool Talkwalker S.à r.l., 16, Avenue Monterey L-2163 Luxemburg, shall be used for this.

The actions executed by you in the social media services and information provided via your corresponding profiles, including forums, blogs and online news sites, shall be recorded and analysed. Only publicly accessible information shall be processed, which can also include individual quotations or personal data such as your username. The analysis shall serve to protect, in the context of a balancing of interests, our overriding legitimate interests, in accordance with Art. 6 (1) Sentence 1 f) GDPR, in the optimisation of our offerings and in information about and early indications of possible political or natural risks.
The personal data shall primarily be processed in an aggregated form and to pursue the aforementioned purposes. Personal data of individual data subjects shall not be processed intentionally, it shall largely be anonymised in the course of the data processing, and the data shall, of course, not be used for the creation of individual user profiles. It is, however, possible that individual quotations will be recorded and used internally to describe a specific marketing activity of the Goethe-Institut.   

9. DATA TRANSFER TO THIRD PARTIES

 
a) Transfer of data to Goethe-Instituts

Once your Goethe.de account has been set up, administrators of the responsible Goethe Institute abroad will be given access to the data stored in your account. The data processing that takes place in this context serves on the one hand the purposes of the administrative processing of user data, e.g. rectification/blocking/deletion or assignment of roles and authorisations within the system. The legal basis for the contract fulfilment is Article 6 (1) sentence 1 (f) GDPR. Furthermore, in accordance with Art. 6 (1) sentence 1 (f) GDPR, this serves to safeguard our overriding legitimate interests in valid information and correct data records in our system. On the other hand, user data (in anonymous form) can be used to improve our website. In accordance with Art. 6 (1) sentence 1 (f) GDPR, this serves to safeguard our overriding legitimate interests in optimising our offering.

Insofar as personally identifiable data is transferred to a Goethe Institute in a third country and there no adequacy decision has been issued by the European Commission in accordance with Art. 45 (1) GDPR, the data transfer is carried out on the basis of standard data protection clauses issued by the European Commission as appropriate guarantees in accordance with Art. 46 (2) (c) GDPR. Copies of the EU standard privacy clauses can be found on the European Commission's website at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de erhalten.

If you are excluded from a Goethe-Institut examination for a reason specified in the examination regulations and the Goethe-Institut then blocks you from taking examinations as part of the Goethe Institute examination portfolio worldwide, your data will be passed on to the examination centres of the Goethe Institute (see Section 2 of the examination regulations) worldwide and to examination centres of the Austrian Language Diploma (ÖSD) for the purpose of enforcing this measure (control of compliance with an imposed examination block) and processed there for this purpose. This is done on the basis of the execution of the joint contract on the provision of an examination in accordance with Art. 6 (1) (b) GDPR. Insofar as personally identifiable data is processed in countries outside the European Union or the European Economic Area, this is also based on the necessity of the transfer for the execution of this contract.    

b) Data transfer to the central examination archive
For the purpose of checking authenticity and issuing replacement certificates, data concerning the examinations you have taken will be stored and used in the central examination archive (for a maximum of 10 years). This is done on the basis of the fulfilment of the contract according to Art. 6 (1) (b) GDPR.   

10. DATA SECURITY

We secure our website and other systems through technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons, such as when creating the Goethe.de account or a subsequent login through SSL encryption.
 

11.YOUR RIGHTS AND HOW TO CONTACT US

As a data subject, you have the following rights:
  • in accordance with Art. 15 GDPR, the right to request information about your personally identifiable data processed by us to the extent described therein;
  • in accordance with Art. 16 GDPR, the right to demand the immediate correction of incorrect or incomplete personally identifiable data stored by us;
  • in accordance with Art. 17 GDPR, the right to demand the deletion of your personally identifiable data stored with us, unless further processing is necessary
    • to ensure the exercising of the right to freedom of expression and information;
    • to fulfil a legal obligation;
    • for reasons of public interest, or
    • to assert, exercise or defend legal claims
 
  • in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personally identifiable data, provided that
    • the correctness of the data is disputed by you;
    • the processing is unlawful, but you refuse to delete it;
    • we no longer need the data, but you need it to assert, exercise or defend legal claims, or
    • you have lodged an objection to the processing pursuant to Art. 21 GDPR;
 
  • in accordance with Article 20 GDPR, the right to receive your personally identifiable data provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • in accordance with Article 77 GDPR, the right to file a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company’s registered office.

If you have any questions about the collection, processing or use of your personally identifiable data, about information, correction, restriction of processing or deletion of data as well as revocation of any consents granted or objection to a specific use of data as well as the right to data transferability, please contact our company data protection officer:

The Data Protection Officer
Goethe-Institut e.V.
Oskar-von-Miller-Ring 18
80333 München
datenschutz@goethe.de
 

12. Right of objection

Insofar as we process personally identifiable data as explained above in order to safeguard our overriding legitimate interests, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you may exercise this right at any time as described above. If the processing is for other purposes, you have the right to object only if there are reasons arising from your particular situation.

After exercising your right of objection, we will not process your personally identifiable data further for these purposes, unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

This does not apply if the processing is for direct marketing purposes. Then we will not process your personally identifiable data further for this purpose.