Privacy

Privacy notice

We would like to inform you about how we process your data.

1. Name and contact details

• Controller
  British Council Deutschland
  Alexanderplatz 1
  10178 Berlin 
  Phone: +49 (0)30 31 10 99 0 
  www.britishcouncil.de
• Name and contact details of the data protection officer
  Lawyer Markus Selent
  Schwanebecker Chaussee 5, 13125 Berlin
  Phone.: +49 (0)30- 609 33 555
  Fax: +49 (0)30- 609 33 558
  E-Mail: selent@point-of-law.de

2. Processing of your personal data

Which of your data do we use and where does your data come from?

We process data that we receive from you when you visit our website.

i. Processing in server logs

This is data that is generated and stored there as part of the communication between your device and our web servers.

In particular, these are the connection data of the requesting computer we temporarily store:

• the page from which the file was requested,
• the name of the file,
• the date and time of the query,
• the amount of data transferred,
• the access status (file transmitted, file not found),
• the description of the type of web browser used,
• the IP address of the requesting computer

ii. Use of contact forms

If you use contact forms on our website, we collect the data that you send us via this contact form. These can be, for example: Name and surname, telephone number, email address, IP address.

iii. Use of newsletters

On our website you have the opportunity to subscribe to our free newsletter. The newsletter informs about current offers or other news from the British Council. To register, it is necessary that you provide us with your email address. You can provide us with other data, such as your name, but you do not have to.

We use the so-called double opt-in procedure. This means that you will receive a confirmation email after submitting the registration form. Only when you have clicked on the link in the confirmation email, your registration is effective. You can unsubscribe from the newsletter at any time by using the unsubscribe link at the bottom of each newsletter.

iv. Cookies

We use cookies on our website, which are used for different purposes.

According to § 25 p. 1.1 in the German Telecommunications-Telemedia Data Protection Act (TTDSG), the storage of and access to information on the user's terminal equipment generally requires their consent.

We have therefore integrated a so-called Consent Management Platform on our website. When you visit our website for the first time, you will be asked about your preferences regarding the setting of cookies on your device. You can change your settings at any time under the cookie image displayed at the bottom left of the screen and revoke your consent. Furthermore, you will find the "Cookies" tab in the footer (link bar at the end of each page accessed) next to the imprint and privacy tabs.

Exceptions to this consent requirement exist, inter alia, where the storage of information in the end-user's terminal equipment or access to information already stored in the end-user's terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user.

v. Google Tag Manager

We use the Google Tag Manager service. "Google" is a group of companies and consists of the companies Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google LLC.

We have concluded an order processing agreement with Google. The Google Tag Manager is an auxiliary service and processes even personal data only for technically necessary purposes. The Google Tag Manager ensures that other components are loaded, which in turn may collect data. The Google Tag Manager does not access this data. 

For more information about Google Tag Manager, please refer to Google's privacy policy.

vi. Google Analytics

When you visit this website, personal data is being processed. Categories of data processed: technical connection data for server access (IP address, date, time, page requested, browser information), data about the use of the website and the logging of clicks on individual elements.

3. For what purposes and on what legal basis do we process your data?

We process your personal data in accordance with data protection laws such as the GDPR, the German Data Protection Act (BDSG) or special legal regulations.

i. Processing in server logs

When you visit our website, we process your data in accordance with Art. 6 (1) (f) GDPR. The log data is collected and stored to defend against disruptions to our websites, to detect and defend against attacks on our infrastructures at an early stage and to maintain availability.

We take your legitimate interests into account by anonymizing the collected log data as early as possible, but no later than after 7 days. We only carry out a personal evaluation of the log data if there is a reasonable suspicion of an attack or an intentional or unintentional disruption of our systems.

ii. Use of contact forms

If you use contact forms to contact us, the basis results from the purpose for which you have provided us with your contact details.  The legal basis then results from Art. 6 para. 1 lit a), b) or f) GDPR.

iii. Use of newsletters

The processing of your data for the purpose of sending the newsletter is based on your consent in accordance with Art. 6 para. 1 lit a) GDPR.

iv. Cookies

Depending on the type of cookie used, different legal bases can be considered.

Required, consent-free cookies
The legal basis for their use is Article 6 (1) (f) GDPR.  One of our legitimate interests is the interest in the appropriate use of our website by users. Since these cookies are not evaluated on a personal basis and the user's interest in the functionality of the website also exists, no reasons outweighing our legitimate interest are recognizable.

Performance cookies
The legal basis for their use is Article 6 (1) (a) GDPR

Functional cookies
The legal basis for their use is Article 6 (1) (a) GDPR

Targeting/marketing cookies
The legal basis for their use is Article 6 (1) (a) GDPR

v. Google Tag Manager

The purpose of the processing is the central control of website tags in order to be able to appropriately integrate tracking dependent on your consent. The legal basis for this is Art. 6 Para. 1 lit f. GDPR.

As part of the necessity and proportionality test, we took into account that the European Commission made an adequacy decision for the EU-U.S. on July 10, 2023. Data Privacy Framework adopted. The adequacy decision is now considered a sufficient data protection guarantee for data transfers to certified organizations in the USA. Google is certified accordingly.

vi. Google Analytics

Purpose of processing: Anonymization and creation of statistics, investigation of usage behavior and optimization of content.

The legal basis for processing is your consent in accordance with Art. 6 Para. 1 lit a GDPR. A transfer of data to Google LLC, Amphitheater Parkway, Mountain View, CA 94043, United States of America. The legal basis for the data transfer to Google LLC is also your consent in accordance with Art. 6 Para. 1 a GDPR.

Before you gave your consent, you were already informed on the banner that the data would be transferred to the USA.

4. How long will your data be stored?

i. Processing in server logs

We process and store your data on the server logs for a maximum of 7 days. At this point at the latest, we anonymize this data.

ii. Use of contact forms

We process and store your data from the contact forms for as long as it is necessary for the original purpose.

In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods for storage and documentation specified there are two to ten years. Certain data must be deleted after the purpose has been fulfilled (e.g. simple inquiries without a contractual background). Finally, the storage period is also assessed according to the statutory limitation periods, which can be up to thirty years, for example according to §§ 195 ff of the German Civil Code (BGB), whereby the regular limitation period is three years. As soon as the storage of the data is no longer necessary and there are no legal retention periods, your data will be deleted immediately.  

iii. Use of newsletters

We process and store your data from the lawful newsletter registration until you revoke the newsletter receipt. However, we store your consent until the expiry of the limitation period in order to be able to prove afterwards that we have lawfully sent you newsletters so far. 

If you do not fully register to receive the newsletter because you have not used the link in the confirmation email, we will keep your data for a period of one week from the time of registration without sending you a newsletter. This is done so that you have enough time to subscribe to the newsletter. After expiry of this period, we will delete your data immediately. 

iv. Cookies

Depending on the type of cookie used, different retention periods apply.  Details can be found on our cookie page. 

5. Disclosure of your data

• Who receives your personal data?

Within the company, your data will only be received by those departments that are necessary to fulfil the above-mentioned purposes. Processors and other service providers used by us may also receive data for these purposes. These are companies in the categories of IT services, telecommunications and advertising partners.

We only pass on information if required by law, if you have given your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be, for example, public bodies and institutions (e.g. offices, tax authorities) in the event of a legal or official obligation. Other data recipients may be those bodies for which you have given us your consent to the transfer of data.

• Will your data be transferred to a third country or to an international organization?

Data is transferred to countries outside the European Economic Area (third countries) through the use of some services.
The servers of some of the service providers we use are located in the United States and other countries outside the European Union.
Companies in these countries may be subject to a data protection law that generally does not protect personal data to the same extent as it does in the member states of the European Union.

If your data is processed in a country that does not have a recognized high level of data protection such as the European Union, we ensure that your personal data is adequately protected by means of contractual regulations or other recognized instruments.

On July 10, 2023, the European Commission issued an adequacy decision for the EU-U.S. Data Privacy Framework adopted. The adequacy decision is now considered a sufficient data protection guarantee for data transfers to certified organizations in the USA. Google is certified accordingly.

6. Your rights

You have a right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR) and objection to processing (Art. 21 GDPR). Please contact us if you wish to exercise these rights.

If you believe that the processing of your personal data violates existing data protection regulations, you can complain to a supervisory authority, without prejudice to any other legal remedies. In particular, you can address the complaint to a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement. 

Last updated: 20 September 2023