We appreciate your interest in our event. The Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) takes the protection of your personal data and its confidential treatment extremely seriously. The processing of your personal data takes place exclusively within the framework of the applicable statutory provisions of data protection laws, in particular the General Data Protection Regulation (GDPR). By means of this data protection notice, we wish to inform you how your personal data is processed and about your data protection rights in connection with both face-to-face events and virtual events.
The data processing controller in accordance with data protection laws is:
Should you have any queries or concerns in relation to data processing, please feel free to get in touch with us.
Joint controllership:
In connection with certain (virtual) events where the DFG cooperates with other partner organisations in Germany and abroad, the DFG is jointly responsible with other organisations for the processing of your personal data. The DFG has concluded a joint controller agreement with these organisations. You will find a list of the relevant cooperations with information concerning the joint controller organisations (including their contact details), as well as information on the essential content of the joint controller agreements here:
You can contact our data protection officer as follows:
Below, you will find an overview of the purposes and legal basis of data processing in connection with our (virtual) events. The description of the purposes and legal basis is broken down as follows: information that applies to both types of events and information that applies only to face-to-face events or only to virtual events.
2.1 General
2.1.1 Preparation and hosting the (virtual) event for contract fulfilment
We process personal data relating to you and your accompanying person(s) (where applicable) if this is necessary to prepare and carry out your participation in our (virtual) event. The purposes include the following in particular:
When registering for the (virtual) event, the following mandatory information will be requested, which is identified by a “*” symbol: Title, first name, surname, company/institution, e-mail address, first name and surname of accompanying person(s) (where applicable). It is not possible to register without providing the mandatory information.
During the registration process, you may also have the option of voluntarily providing additional information: [additional name information, company contact details]. Please note that this information is not required for the registration and it is your decision alone as to whether to provide us with this data or not.
The data processing takes place in accordance with point (b) of Article 6 Paragraph 1 GDPR.
2.1.2 Safeguarding legitimate interests
We also process your personal data in order to safeguard our legitimate interests or those of third parties. During this process, we pursue the following interests, which are also the respective purposes:
The data processing takes place in accordance with point (f) of Article 6 Paragraph 1 GDPR.
2.1.3 Consent
Should you have given your consent for specific purposes, the purposes are stated in the content of the consent which has been given.
In cases where you provide your data for this purpose, the data is processed in accordance with point (a) of Article 6 Paragraph 1 GDPR. You can withdraw your consent at any time, without the lawfulness of the processing which took place with your consent prior to the withdrawal being affected. In the situations described below, the processing of your personal data depends on your consent, providing any contractual relationship with you does not serve as a legal basis under point (b) of Article 6 Paragraph 1 GDPR (see Section 2.1.1) (in particular if you are not acting as a presenter, moderator or similar):
2.2 Face-to-face events
2.2.1 Preparation and implementation of a face-to-face event
When preparing and implementing a face-to-face event, we may also process your personal data in order to create name badges.
Data processing takes place in accordance with point (b) of Article 6 Paragraph 1 GDPR.
2.2.2 Safeguarding legitimate interests
We also process your personal data in order to safeguard our legitimate interests. During this process, we pursue the following interests, which are also the respective purposes:
The data processing takes place in accordance with point (f) of Article 6 Paragraph 1 GDPR.
2.2.3 Consent
For pictures of individual persons or small groups of persons in which you are featured and which may be published in reports concerning our face-to-face-event on the website of the DFG and in print publications, the consent of you and your accompanying person(s) is generally necessary (see Number 2.1.3). This may be obtained expressly at our event by asking you or your accompanying persons(s) or may take place implicitly by means of the willing participation of you and your accompanying person(s). Should you or your accompanying person(s) not wish such pictures to be taken, you should make the photographers aware of this. More precise information concerning this will be made available at the relevant events.
2.3 Virtual events
2.3.1 Consent
Some virtually organised events may be recorded (see Numbers 2.1.2 and 2.1.3). Here you will be asked to provide your consent before the virtual event. You can also give your consent by implication in that you take part in the event in the knowledge that it will be recorded, without contradiction. If you do not wish your speech to be recorded, you can inform the event organiser immediately prior to speaking so that the event organiser can interrupt the recording.
2.4 Erasure
We erase the data under Numbers 2.1 to 2.3 when it is no longer necessary for the purposes pursued by us of preparing and carrying out your participation in our (virtual) event and where no other legal basis is applicable. Should the latter situation apply, we erase the data once the other legal basis is no longer applicable.
Internal recipients: Within the DFG, access is only available to those persons who require it for the purposes named under Number 2. These are the employees in the Central Events Management Department, as well as those employees with professional responsibility or co-responsibility for the event.
External recipients: We only pass your personal data on to external recipients outside of the DFG if this is necessary in order to prepare and carry out your participation in our event, if another legal authorisation exists or if we have received your consent for this.
Possible external recipients include:
a) Bodies who are joint controllers with us
When organising (virtual) events in cooperation with other partner organisations, joint controllership may apply to data processing by us and other organisations. The necessary data will then be exchanged with these organisations. Further information will be made available in each individual instance as part of the invitation to any (virtual) event to which these requirements apply.
b) Processors
External service providers whom we engage for the provision of services, for example the technical infrastructure and maintenance for the offer of the registration platform service. These processors are carefully selected by us and are regularly audited in order to ensure that your privacy remains protected. The service providers may only use the data for the purposes stated by us. We use the following service providers in particular when realising virtual events:
c) Public bodies
Authorities and state institutions, for example public prosecutor's offices, courts or financial authorities to whom we must provide personal data for legally compelling reasons.
d) Private bodies
Agents, cooperation partners or aids to whom data is transferred in order to carry out our event on the basis of consent or a legal basis, for example participant management systems. Live streaming, video recordings and photographs are regularly posted on the following social media channels:
Should data be transferred to bodies whose place of business or data processing location is not in a Member State of the European Union or another Member State of the European Economic Area, we ensure prior to the handover that, except in exceptional cases permitted by law, either an adequate level of data protection is present on the part of the recipient (for example by means of an adequacy decision of the European Commission, by means of suitable guarantees such as the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or your sufficient consent has been obtained.
We do not only process personal data which we obtain from you directly. We receive some personal data from third parties in advance.
Below, you will find an overview of the sources and the categories of data where this is collected by third parties:
We also process data available from public sources such as websites or publication databases.
No automated decision-making in an individual case, including profiling as defined in Article 22 of the GDPR, takes place.
Please see the relevant section concerning data processing in order to find out for how long personal data is stored.
In addition, the following generally applies: We only store your personal data for as long as is necessary for the fulfilment of the purposes or, in the case of consent, for as long as you have not withdrawn your consent. If you withdraw your consent, we will erase your personal data, unless the continued processing is permitted in accordance with the applicable statutory provisions.
We will also erase your personal data if we are obliged to do so for legal reasons.
As a data subject, you have various rights. These include:
Right of access: You have the right to be informed what data relating to your person is stored by us.
Right to rectification and erasure: You can request that we rectify any incorrect data and, should the statutory requirements be fulfilled, you can request that we erase your data.
Restriction of processing: Should the statutory requirements be fulfilled, you can request that we restrict the processing of your data.
Data portability: Should you have provided data under a contract or with your consent, then provided that the statutory requirements are met, you can request to receive the data which you have provided in a structured, commonly used and machine-readable format or request that we transfer this data to another controller.
Objection to data processing in case of the “legitimate interest” legal basis:
Withdrawal of consent: Should you have given us your consent to the processing of your data, you can withdraw this at any time with effect for the future. The lawfulness of the processing of your data prior to the withdrawal remains unaffected by this.
Right to complain to the supervisory authority: You can also lodge a complaint with the responsible supervisory authority, should you consider that the processing of your data breaches applicable laws. For this purpose, you can contact the data protection authority which is responsible for your place of residence or country or the data protection authority which has jurisdiction over us.
Getting in touch with us and exercising your rights: Should you have any queries concerning the processing of your personal data, your rights as a data subject and any consent which you have given, you can get in touch with us free of charge. In order to exercise any of the rights listed above, please send an email to postmaster@dfg.d or send a letter to the address provided under Number 1. Please ensure that we are able to clearly identify you. To withdraw your consent, you can also use the contact channel which you selected when giving consent.