The
controller within the meaning of Article 4(7) of the GDPR and Section 4(9) of the KDG, as well as other data protection regulations, is
Katholischer Akademischer Austauschdienst e.V.
Königstr. 86
53115 Bonn
Tel.: +49 228 917 58 0
Fax: +49 228 917 58 58
Email: zentrale@kaad.de

Data Protection Officer
Markus Leimbach
Königstr. 86
53115 Bonn
Tel. +49 228 917 58 33
Email: datenschutz@kaad.de

Right toFile a Complaintwith the Competent Church Data Protection Authority
Pursuant to § 48 KDG, every data subject has the right—without prejudice to any other legal remedy—to file a complaint with the church data protection authority if they believe that the processing of their personal data violates the provisions of the KDG or other data protection regulations. The competent church data protection authority is the
 

Catholic Data Protection Center,
a public-law corporation,
Brackeler Hellweg 144, 44309 Dortmund
Tel.: +49 231 13 89 85 0
Fax: +49 231 13 89 85 22
Email:
info@kdsz.dewww.katholisches-datenschutzzentrum.de

Preamble to the Privacy Policy
This Privacy Policy informs you, in accordance with Art. 13 of the GDPR, about the manner and reasons for the processing of your personal data via this website and about the rights to which you are entitled.
Personal data refers to any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. This includes not only your name, email address, or contact information, but also, for example, the IP address you may use to visit our website for informational purposes. 

Your Data Subject Rights Under the GDPR and
the KDG (§§ 17 ff. KDG), you have the following rights regarding your personal data
:- Right of
access, - Right to rectification,
- Right to erasure,
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability.
You also have the right to lodge a complaint with a data protection supervisory authority or the data protection supervisory body (§§ 42 ff. KDG) regarding the processing of your personal data.

Links to Other Websites
The website may contain links to other websites, as well as privacy statements and privacy policies on those websites. We assume neither liability nor responsibility for these statements and policies that are not related to our website.

Informational visits to our website
During informational visits to our website, we automatically collect the following data and information from the computer system of the accessing device:
• IP
address• Date and time of the
request• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP
status code• Amount of
data transferred• Website from which the request originates•

Browser• Operating system and its interface•
Language and version of the browser software
The data is also stored in our system’s log files. This data is not stored together with other personal data of the user.
This data processing by our system serves the purpose and our interest of enabling the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. Storage in log files is carried out for the purpose and in our interest of ensuring the functionality of the website, optimizing the website, and ensuring the security of our information technology systems. This data is not evaluated for marketing purposes. The legal basis for data processing is Art. 6(1)(f) of the GDPR or § 6(1)(g) of the KDG. The data is deleted from our system once the respective session has ended. The data stored in the log files is deleted or anonymized after no later than seven days, so that it is no longer possible to identify the client that accessed the site. The collection of data for the provision of the website and the storage of data in log files is strictly necessary for the operation of the website. Otherwise, we collect personal data from you only if you voluntarily provide it to us on the website, e.g., when you create a user account, subscribe to a newsletter, place an order, or contact us.
You can also visit the website in general without disclosing any personal data. In this case, however, you may not be able to use certain areas of the website, or we may not be able to respond to a request from you.

Cookies
A cookie is a small data file that is stored on your device and contains data such as personal page settings and login information. This data file is generated by the web server to which you have established a connection via your web browser and is sent to you. The most common types of
cookies are explained
below for your understanding•  Session cookies: While you are active on a website, a session cookie is temporarily stored in your computer’s memory, containing a session ID to prevent you from having to log in again each time you change pages, for example. Session cookies are deleted when you log out or expire automatically once your session has ended.

• Persistent or session cookies: A persistent or session cookie stores a file on your computer for a period longer than its expiration date. These cookies allow websites to remember your information and settings when you visit them again. This results in faster and more convenient access, as you do not have to, for example, set your language preference again. Once the expiration date has passed, the cookie is automatically deleted when you visit the website that created it.
• Third-party cookies: Third-party cookies come from providers other than the website operator. They can be used, for example, to collect information for advertising, customized content, and web statistics.

Technically necessary cookies
Some elements of our website require that the browser accessing the site can be identified even after a page change. The following data is stored and transmitted in the cookies set on your device:
• Language settings
• Items in a shopping cart
• Login information
• Temporary storage of user input
The cookies are deleted when the browser is closed. The legal basis for the processing of personal data using these technically necessary cookies is Art. 6(1)(f) GDPR or § 6(1)(g) KDG. The cookies serve our legitimate interest in enabling the use and provision of our website. These cookies are technically necessary for the use of the website.

Contact inquiries:
When you submit inquiries via our contact forms or through the email addresses we provide, we process the personal data you voluntarily provide solely for the purpose of processing your inquiry, responding to it, or contacting you. Data collected from general inquiries is deleted after a final response has been provided, unless there are legal or other retention obligations. Data from scholarship inquiries is stored for up to two years.
The legal basis for this processing of your personal data is Art. 6(1)(b) GDPR or § 6(1)(c) KDG.

Third-Party Content and Services (e.g., Google, YouTube)
We also embed third-party content on our website. This may include, among other things:
•    Maps from the Google Maps online service
• Fonts from the Google Fonts online service
• Videos from the YouTube video
portal In this process, your browser establishes a connection to the third-party provider’s servers, automatically transmitting your IP address as well as information about your browser, operating system, date/time, and the address of our website to them.
  1. Legal basis for data processing
The legal basis for the processing of personal data when integrating third-party content and services is Article 6(1)(f) of the GDPR.
  If the third-party providers’ servers are located outside the European Union, the providers are certified under the Privacy Shield Agreement (www.privacyshield.gov), which guarantees that the European Union’s data protection standards are adhered to during the transfer and processing of personal data.
  2. Purpose of Data Processing
We use third-party content to expand and improve our offerings, for example, by displaying directions and locations, showing context-related videos, and integrating fonts to enhance the readability of the text.
These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6(1)(f) GDPR.
3. Duration of storage
Information regarding this can be found in the privacy policies of the respective providers.

Use of Social Plugins
1. Description and Scope of Data Processing
We may provide users of this site with the opportunity to recommend and discuss content. For this purpose, corresponding social media buttons are integrated:
• facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, represented in Europe by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland (“Facebook”). The plugins are marked with a Facebook logo or the label
“Facebook Social Plugin.” • Twitter.com, which is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, represented in Europe by Twitter International Company, Attn: Privacy Policy Inquiry, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND. The plugins are marked with a Twitter logo or the label "Twitter Social Plugin."
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Tel: +1 650 253 0000, Fax: +1 650 253 0001, Email: support-de@google.com), represented in Germany by Google Germany GmbH, Unter den Linden 14, 10117 Berlin, Germany (Tel: 0049 30 303986300). The plugins are marked with a Google logo or the label
"Google Social Plugin." The content on our pages can be shared on social networks such as Facebook, Twitter, or Google+ in compliance with data protection regulations, without the network operators creating complete browsing profiles.
By integrating the plugins, the aforementioned operators (Facebook, Twitter, Google+) do not automatically receive information that you have accessed the corresponding page of our website. However, if you are logged in to the aforementioned service providers (Facebook, Twitter, Google+), they can associate the visit with your user account. If you interact with the plugins—for example, by clicking the “Like” button or posting a comment—the corresponding information is transmitted directly from your browser to Facebook and stored there.
For the Recommend (Facebook), Tweet (Twitter), and +1 buttons (Google)—which you’ll find on many pages—we’ve implemented a two-step solution: To be able to click “Recommend,” “Tweet,” or “+1” on a page, you must first click the button to activate it; only then is a connection established with the Facebook, Twitter, or Google servers, and you can share the post with your friends with a second click. Our pages also use Shariff, a privacy-compliant extension. With Shariff, too, users are only directly connected to Facebook, Google, or Twitter when they take action and click the link to share content.
2. Legal basis for data processing
If the content of this page is shared by the user via social networks, this is in the interest of the controller under the General Data Protection Regulation. The 2-click and Shariff solutions meet the requirements for a “clear affirmative action” by the user within the meaning of Art. 4(11) GDPR.
Please note the current privacy policies of the respective social media platforms.
3. Purpose of data processing
We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Facebook, Twitter, and Google. Further information regarding the purpose and scope of data collection, as well as the further processing and use of the data by the aforementioned operators, can be found in their respective privacy policies. Please also refer to the privacy policies of the following platforms for your rights in this regard
and settings options to protect your privacy: • Facebook - http://de-de.facebook.com/policy.php
• Twitter - https://twitter.com/de/privacy
• Google - https://www.google.com/intl/de_ALL/+/policy/index.html