Thank you for your interest in the SAFE project. The protection of personal data is a top priority for us. Below you will find information about the processing of your personal data and your rights within the SAFE project.
1. Joint Controllers
Thank you for your interest in the SAFE project. The protection of personal data is a top priority for us. Below you will find information about the processing of your personal data and your rights within the SAFE project.
Deutscher Akademischer Austauschdienst e. V. (German Academic Exchange Service)
Kennedy Allee 50
53175 Bonn
Germany
Tel: +49 228 882-0
E-Mail: datenschutz@daad.de
UNIMED – UNIONE DELLE UNIVERSITA DEL MEDITERRANEO (UNIMED),
Corso Vittorio Emanuele II 244
00186, Roma
Italy
Tel: +39 06 68581430
E-Mail: privacy@uni-med.net
Campus France EPIC (Campus France EPIC),
Rue de la Grange aux Belles, 28
75010 Paris
France
E-Mail: dpo@campusfrance.org
Collège de France,
Place Marcelin Berthelot 11
75005 Paris
France
E-Mail: pause@college-de-france.fr
We have concluded an agreement in which we transparently define which responsible party fulfills which obligation under the GDPR. The essence of this agreement is as follows: All parties are responsible for fulfilling the data subjects rights under the GDPR.
2. Data protection Officer(s)
You may contact our data protection officers, where designated, as follows:
DAAD
Dr. Gregor Scheja
Scheja & Partners GmbH & Co. KG
Adenauerallee 136
53113 Bonn
Germany
Phone: 0228/2272260
Contact: https://www.scheja-partner.de/kontakt/kontakt.html
Campus France
Ernst & Young Société d’Avocats
Me Yaël COHEN-HADRIA
1 place des saisons
92400 Courbevoie
France
Contact: dpo@campusfrance.org
Collège de France
Mme. Rahma Ribardière
Place Marcelin Berthelot 11
75005 Paris
France
Tel : +33 01 44 27 14 12
Contact: rahma.ribardiere@college-de-france.fr
3. your rights as a data subject
As a data subject, you have the following rights under the GDPR, provided that the respective legal requirements are met:
- Access (Art. 15 GDPR): You have the right to obtain information about the personal data processed about you.
- Rectification (Art. 16 GDPR): You can request the rectification of inaccurate personal data concerning you. You can also request the completion of incomplete data.
- Erasure (Art. 17 GDPR): In certain cases, you can request the erasure of your personal data.
- Restriction of processing (Art. 18 GDPR): In certain cases, you can request that the processing of your data be restricted.
- Data portability (Art. 20 GDPR): If you have provided data on the basis of a contract or consent and the processing is carried out using automated procedures, you may request that you receive the data you have provided in a structured, commonly used and ma-chine-readable format or that it be transmitted to another controller.
Right to object on a case-by-case basis:
You have the right to object, on grounds relating to your particular situation, at any time to pro-cessing of personal data concerning you which is based on Article 6(1)(1)(e) GDPR (performance of tasks carried out in the public interest or in the exercise of official authority) or Article 6(1)(1)(f) GDPR (balancing of interests); this also applies to profiling based on these provisions.
If you object, we will no longer process your personal data unless we can demonstrate compel-ling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Objection to data processing for the purpose of direct marketing:
Where we process your personal data for direct marketing purposes, you have the right to ob-ject at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your per-sonal data for these purposes.
Withdrawal of consent (Art. 7 (3) GDPR): If you have given your consent to the processing of your data, you can withdraw this at any time with effect for the future. This does not affect the lawfulness of the processing of your data until you withdraw your consent.
You can withdraw your consent to cookies in the Cookie Center.
To exercise all your aforementioned rights, please contact the controllers as listed in Section 1. Please ensure that we are able to clearly identify you.
If you believe that the processing of your personal data violates data protection law, you can also lodge a complaint with a supervisory authority, in particular in the EU member state or federal state of your habitual residence, place of work or the place of the alleged violation you are complaining about.
4. Automated individual decision-making including profiling
Automated decisions in individual cases, including profiling within the meaning of Article 22 of the GDPR, do not take place in connection with the use of our service.
5. Details of the processing
5.1 Website related processing
5.1.1 Provision of the website
| Processed personal data: | Date and time of access, duration of the visit, type of end device, operating system used, functions used, amount of data sent, type of event, IP address, domain name |
| Purpose(s): | Provision of the website |
| Legal basis(s): | Art. 6 (1) (f) GDPR. In doing so, we pursue the legitimate interest of providing our website. |
| Recipient of the personal data: | Hosting provider, internal departments, external service provider for technical support |
| Third country transfer: | No |
| Storage period of personal data: | Deletion immediately after delivery by the web server |
5.1.2 Log files
| Processed personal data: | URL accessed, IP address, time and date of access, amount of data transferred, website from which the user came to the requested page (so-called « referrer »), website accessed by the user’s system via our website, http status, information about the browser type and version used, user’s operating system, user’s Internet service provider |
| Purpose(s): | Statistical analyses, improvement of the web-site, system security (e.g. prevention of mis-use), error diagnosis |
| Legal basis(s): | Art. 6 (1) (f) GDPR. In doing so, we pursue the legitimate interest in improving the website, system security (e.g. prevention of misuse) and error diagnosis. Art. 6 (1) (c) GDPR (fulfilment of a legal obli-gation). This includes disclosures to govern-ment agencies upon request. |
| Recipient of the personal data: | Hosting provider, internal departments, ex-ternal service provider for technical support, government agencies on request |
| Third country transfer: | No |
| Storage period of personal data: | Deletion 7 days after creation |
5.2 Matchmaking and fellowship management
5.2.1 Matchmaking
Processed personal data:
- Researchers’ data:
- Personal data: names, dates of birth, nationalities/ residencies, contact information (email, phone number);
- Academic and professional data, such as CVs, academic qualifications, publications, employment history, areas of research interest and expertise;
- Special categories of personal data (sensitive data) in relation to at-risk status, such as sexual lifestyle, ethnicity or racial origin, political option or affiliations, religious/ philosophical believes, health information;
- Other data related to risk assessment and specific details provided by the researchers that substantiate their risk status (this could overlap with personal and sensitive data and/or to professional activities or affiliations).
- Key administrative or academic staff from (potential) host institutions:
- Contact information (emails, phone numbers);
- Academic and professional data, such as roles within the institution, academic or research interests, specific needs or preferences regarding researcher expertise or background.
| Purpose(s): | Enabling Matchmaking between researchers and host institutions as part of the application process of the SAFE project; conducting evaluations after the Matchmaking Process |
| Legal basis(s): | Art. 6 (1) (b) GDPR; Art. 6 (1) (a), 9 (2) (a) GDPR when processing special categories of personal data |
| Recipient of the personal data: | Host institution from the EU that expressed interest in the matchmaking, researcher, competent employees of DAAD, UNIMED, Campus France, Collège de France if neces-sary, IT developers |
| Third country transfer: | Any third country transfers are based on legal derogations pursuant to Art. 49 (1) GDPR or the Standard Contractual Clauses. For obtain-ing a copy of these Clauses please use contact details in Section 1. |
| Storage period of personal data: | Three months after the closing of the matchmaking service |
The matchmaking will take place on the following criteria: Academic field, Research level (PhD/postdoctoral research), Desired country of placement, Language requirements (if any), and other specific criteria (manual match).
5.2.2 Application, evaluation and selection of researchers
Processed personal data:
Researchers:
- Name, date and location of birth, nationality, current address, marital status, legal status (residence permit/visa, ID), phone number, e-mail address
- Name, date and location of birth, nationality, current address of accompanying family members, if any (through IDs of legally recognised partner and/or children)
- Educational background and academic career, academic publications
- Research project
- Information about personal (risk) situation such as information about political views, religious and philosophical beliefs, ethnic groups, gender, sexual orientation
- Potentially information about previous legal actions against applicant in country of origin
- Potentially information regarding any disabilities
Host institutions:
- Name, position, e-mail address, phone number, possibly other relevant information of key members at the host institution (responsible contact person, head of host institution, academic supervisor/mentor, contact person for ethics)
| Purpose(s): | Application, evaluation and selection of re-searchers on the basis of the host institutions application; sending information on project-related events and updates, conducting eval-uations after the selection process |
| Legal basis(s): | Art. 6 (1) (b) GDPR; Art. 6 (1) (a), 9 (2) (a) GDPR when processing special categories of personal data |
| Recipient of the personal data: | Host institution, competent employees of DAAD, UNIMED, Campus France and Collège de France, external reviewers and selection committee members, external service provi-der in the field of IT systems and support |
| Third country transfer: | USA, transfers are based on the Data Privacy Framework. Any other third country transfers are based on the Standard Contractual Clau-ses. For obtaining a copy of these Clauses please use contact details in Section 1. |
| Storage period of personal data: | For selected researchers: Five years after the final payment For reserve candidates: six months after the selection process is completed For rejected applicants: three months after the selection process is completed |
5.2.3 Fellowship management
Processed personal data:
Fellowship management
- Host institutions: name of key staff and contact persons, email addresses, bank account details
- Researchers: name of researcher, email address, possibly country of origin, pay slip, contract with host institution, copy of ID, copy of degree certificates, possibly social security number
- For events/training/networking sessions: names of participants, institution, position, email ad-dress, copy of ID
Communication, dissemination and exploitation
- Photos of researchers and representatives of host institutions,
- Names of individuals, names of institutions, areas of research, title of PhD/research project, supervisors’ names
| Purpose(s): | Fellowship management; Communication, dissemination and exploitation |
| Legal basis(s): | Art. 6 (1) (b) GDPR; Art. 6 (1) (a), 9 (2) (a) GDPR when processing special categories of personal data |
| Recipient of the personal data: | Host institution, competent employees of DAAD, UNIMED, Campus France, Collège de France if necessary, external service provider in the field of IT systems and support |
| Third country transfer: | USA, transfers are based on the Data Privacy Framework. Any other third country transfers are based on the Standard Contractual Clau-ses. For obtaining a copy of these Clauses please use contact details in Section 1. |
| Storage period of personal data: | Five years after the final payment |
5.3 Cookies and similar technologies
Information on cookies and similar technologies can be found at: