The following information describes how the Global Young Academy (GYA) c/o Leopoldina – National Academy of Sciences processes your personal data.
1. Name and address of the responsible person
The person responsible for the processing of your personal data according to the data protection regulations is:
Global Young Academy
Represented by Dr Beate Wagner
Deutsche Akademie der Naturforscher Leopoldina e.V. – Nationale Akademie der Wissenschaften –
Represented by the president Prof Dr Gerald Haug
Data Protection Officer
2. General information about data processing
As a global institution, the GYA strives to protect the information and data entrusted to it. Data protection principles such as data minimization, transparency and security are therefore one of our top priorities.
We have several automated systems for managing, storing and processing our members’ data through which we aim at different purposes (such as sending newsletters). Your personal data will be deleted or blocked by us as soon as the purpose of storage and processing ceases, provided that further storage is not demanded by legal obligations or legal claims that can be asserted against us.
2.1 What data do we collect and how?
On the one hand, your data will be collected by us, for example when using our contact form. On the other hand, data is automatically collected when you visit our website. This is above all technical data (for example Internet browser, operating system or time of the page call, IP address). The legal basis for processing your IP address is Art. 6 para. 1 lit. f) GDPR. The collection of this data is automatic as soon as you enter our website. We generally store your IP address anonymously. A complete storage of the IP address only occurs for the traceability of technical errors and hacker attacks as well as for the recording of consent e.g., in the newsletter subscription, attempts to login to your user profile.
In the case of smartphones, tablets and other mobile devices, if applicable, manufacturer / type designation, storage of personal data is not carried out. Neither will we combine this data with other data sources.
There is a possibility that your browsing patterns will be statistically analyzed when your visit this website. Such analyses are performed primarily with what we refer to as analysis programs. For detailed information about these analysis programs please consult our Data Protection Declaration below.
2.2 What do we use your data for?
Part of the data is collected to ensure a flawless delivery of the website. Other data can be used to analyze your user behavior. The legal basis is the existence of a legitimate interest acc. Art. 6 para. 1 lit. f) GDPR.
2.3 No transfer of your personal data
We do not share your personal information with third parties, unless you have consented to the data transfer or we are entitled or obliged to share data due to statutory provisions and / or official or judicial orders. This may, in particular, be the provision of information for the purpose of law enforcement, security or the enforcement of intellectual property rights.
2.4 What rights do you have regarding your data?
You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency. These rights are listed as following:
- Right of access by the data subject acc. Art. 15 EU GDPR
- Right to rectification (right to correction of incorrect data or to complete data) acc. Art. 16 EU GDPR
- Right to erasure (‘right to be forgotten’) acc. Art. 17 EU GDPR
- Right to restriction of processing acc. Art. 18 EU GDPR
- Right to data portability acc. Art. 20 EU GDPR
- Right to objection / revocation of consent acc. Art. 21 EU GDPR
- Right to complain to the supervisory authority acc. 13 para. 2 lit. d) EU GDPR
2.5 Access, transferability
You have the right access the data stored with us about your person at any time. Furthermore, you have the right to access your data as provided to us or have it be transferred to a third party at any time.
Please note that we can only transfer data based on consent or a contract.
2.6 Correction, deletion, restriction
At your request, we will correct, block or delete the data stored about you, unless other legal regulations (for example, obligations under the Commercial Code) do not preclude this. Please write to .
2.7 Revocation of consent / objection
If you have given us your consent to the processing of your personal information, you can withdraw it at any time by a short written notice. Please contact us in writing at .
You may object or revoke your consent to the use of your data for promotional purposes at any time by sending a brief written notice to . without incurring any costs other than the baselist fees.
To unsubscribe from the newsletter, there is a corresponding link at the end of the newsletter.
2.8 Right to complain to the supervisory authority
If you would like to contact the responsible supervisory authority directly, you will find the contact details here:
State Representative for Data Protection Saxony-Anhalt
Herr Dr. Harald von Bose
Office and visitor address:
Leiterstraße 9, 39104 Magdeburg
Postfach 1947, 39009 Magdeburg
Phone: +49 391 81803 0
Fax: +49 391 81803 33
2.9 Right to data portability
Article 20 of the GDPR establishes a new right to data portability, which, although closely linked to the right of access, nevertheless differs from it in many respects. Affected persons are therefore entitled to receive the personal data they have provided to a responsible person in a structured, common and machine-readable format and to transmit this data to another person responsible. The purpose of this new right is to give the data subject the power to do so and give them more control over the personal data concerning them.
2.10 Storage duration
2.11 Information on data transfer to the USA and other non-EU countries
Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.
2.12 SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
2.13 External links and third party websites
3. Recording of Data on this Website
3.1 Request by e-mail, telephone, or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be revoked at any time.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
3.2 Server log files
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
- the type and version of browser used
- the used operating system
- referrer URL
- the hostname of the accessing computer
- the time of the server inquiry
- the IP address
This data is not merged with other data sources.
This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
Through our website you have the possibility to subscribe to a free newsletter, with which we want to inform you about activities of the GYA. See below under “Privacy and Third Party Services” – “Mailchimp – Newsletter” for more information.
3.4 Contact form
The GYA website offers a contact form, which can be used for electronic contact. If a user uses this option, the data entered in the input mask will be transmitted to us and saved. These details your name, your email address and the content of your message. Furthermore, your IP address and the date and time of the submission of the form are logged.
For the processing of the data in the context of the sending process your consent is obtained and you are referred to this privacy statement. Alternatively, contact via the provided email address(es) is possible. In this case, the user’s personal data transmitted by email will be stored. In this context, the data will not be disclosed to third parties. The data is used exclusively for processing the conversation.
3.5 User profiles
The option to register a user account on the GYA website is closed. This means that only GYA members and alumni are entitled to such a profile. Certain data is publically displayed as part of a user’s membership. The data displayed can be edited at any point in time (save and show less data, or complete missing data) by the user. Should you wish for the GYA to change displayed user data for you please contact us in writing at .
Please note that you, as a member or alumna/alumnus may remove displayed data at any time. However, the networking capabilities of the GYA in its role as a platform provider can no longer be provided to a member or alumna / alumnus with an empty profile.
3.6 Data Security
All information you submit to us will be stored on servers within the European Union. Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of the data transmitted to our website via the Internet. However, we secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or dissemination of your data by unauthorized persons. In particular, your personal data will be transmitted encrypted with us. We use the coding system SSL (Secure Socket Layer).
However, we recommend that you leave the cookie features fully turned on to enjoy all the features of our online offering. Our cookies do not store sensitive data such as passwords, credit card information or the like. You do not damage your device and the cookies do not contain viruses.
3.7.1 Consent with Borlabs Cookie
Our website uses the Borlabs consent technology to obtain your consent to the storage of certain cookies in your browser or for the use of certain technologies and for their data privacy protection compliant documentation. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).
Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.
The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
3.7.2 Which cookies are used?
The GYA uses first-party cookies (especially all strictly required cookies) and third-party cookies (especially marketing cookies). Some of these cookies do not contain any personal information and therefore any such information relating to an identifiable or identified person, including name, IP address, address and location data. Other cookies or other website technologies (such as plugins) process personal data. In this case you have to oppose the possibility of processing by single opt-out (see below). In addition, you can block individual cookies through certain settings of the provider (such as Google) (see below).
The following describes the categories of cookies in connection with the website www.globalyoungacademy.net, which are so-called first-party cookies and are therefore only sent and read by the domain of the GYA:
3.7.3 Cookies required for website operations
If you leave a post or comment on the GYA website, your IP address will be saved. This is done on the basis of our legitimate interests acc. to Art. 6 para. 1 lit. f. DSGVO and serves the security of the GYA as a website operator: Should your comment violate applicable law, the GYA can be prosecuted, which is why there is legitimate interest in the identity of the comment or contribution author.
18.104.22.168 Performance cookies
The GYA uses analytical cookies to analyze how the website is used and to monitor the performance of the website. With the aid of these measurement methods, we can determine, for example, which parts of our offer are most frequently used / searched or which contents were called up on a particular day and how often. This makes it possible to offer a first-class experience by tailoring the offer and to quickly identify and resolve any problems that occur. When you visit our website, your usage data is included in the statistical surveys, without any conclusions about your identity and you as a person. These cookies do not identify you.
In the following, we describe the cookies, which are referred to as third-party cookies, and are therefore sent and read by domains of other service providers:
22.214.171.124 Web analysis cookies: Google analytics
You can prevent the installation of cookies by setting your browser software accordingly (so-called “browser add-on”); however, please note that in this case you may not be able to use all features of this website to the fullest extent.
You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your already anonymized IP address) as well as the processing of this data by Google by using the browser browser available at the following link. Download and install the plugin. The current link is: http://tools.google.com/dlpage/gaoptout?hl=de.
Please see http://www.google.com/analytics/terms/en.html for more information about Google’s terms of service and privacy, or visit http://www.google.com/intl/de/analytics/privacyoverview.html.
126.96.36.199 Web analysis cookies: Matomo (Previously Piwik)
The GYA website employs the web analysis service software Matomo (www.matomo.org), a service of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (“Mataomo”) based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes pursuant to Art. 6 para. 1 lit. f DSGVO data is collected and stored. From this data, pseudonymised usage profiles can be created and evaluated for the same purpose. Cookies can be used. The data collected by Matomo Technology (including your pseudonymized IP address) will be processed on our servers. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this web site and is not merged with personal data about the bearer of the pseudonym. If you do not agree with the storage and evaluation of this data from your visit, then you can object to the storage and use of the following at any time by mouse click. In this case, a so-called opt-out cookie is stored in your browser, with the result that Matomo does not collect any session data. Please note that the complete deletion of your cookies will result in the opt-out cookie being deleted as well and possibly re-activated by you.
3.8. Google webfonts
This page uses so-called web fonts to render the font. These are provided by Google (http://www.google.com/webfonts/). To do this, when you visit our page, your browser loads the required web font into your browser cache. This is necessary so that your browser can display a visually improved presentation of our texts. If your browser does not support this feature, a default font will be used by your computer for viewing.
For more information about Google Webfonts, visit https://developers.google.com/fonts/faq?hl=en-US&csw=1
For general information about privacy at Google, visit http://www.google.com/intl/en-US/policies/privacy/
3.9 Google maps
The GYA website uses the Google Maps product of Google Inc. By using this site, you consent to the collection, processing and use of the automated data collected by Google Inc, its agents and third parties.
4. Social Media
If you do not wish Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.
The use of Facebook plug-ins is based on Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in being as visible as possible on social media. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://gdpr.facebook.com/en/controller-to-controller-transfers.html.
The GYA’s website integrates functionality of the Twitter service. Twitter Inc., located at 7 Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. (Twitter for short), offers plugins for website owners which the GYA uses. The plugins are recognizable by the Twitter tweet or follow button. Pages with these plugins create a direct connection to Twitter and transmit different data depending on your login status on Twitter. This may allow for conclusions to be drawn about your Internet usage on the GYA website, which Twitter could use for their own purposes. The contents of the plugin are stored on Twitter servers and are only displayed on the GYA website. The purpose and scope of the data collection by Twitter and the further processing by Twitter are not affected by the GYA, nor does the GYA have access to this data.
The use of Twitter plug-ins is based on Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in being as visible as possible on social media. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
You can change your privacy settings on Twitter in the Account Settings at http://twitter.com/account/settings.
The GYA website uses YouTube.
The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Certified under the EU-US Privacy Shield (visit https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) Google, and thus its subsidiary YouTube, guarantees that the EU’s data protection requirements will be met when processing data in the USA.
We use YouTube in conjunction with the Enhanced Privacy Mode feature to show you videos. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the quality improvement of our website. The Enhanced Privacy Mode feature, according to YouTube, means that the data specified below will only be transmitted to the YouTube server when you actually start a video.
Without this “Enhanced Privacy,” you will be connected to the YouTube server in the United States as soon as you visit one of our websites that embed a YouTube video. This connection is required in order to be able to display the respective video on our website via your Internet browser. In the course of this, YouTube will at least collect and process your IP address, the date and time as well as the website you are visiting. It also connects to Google’s DoubleClick ad network.
If you’re logged in to YouTube at the same time, YouTube will provide the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.
For the purpose of functionality as well as for the analysis of user behavior, YouTube permanently stores cookies via your Internet browser on your device. If you do not agree with this processing, you have the option to prevent the storage of cookies by a setting in your Internet browser. For more information, see “Cookies” above.
Further information about the collection and use of data and their rights and protections Google holds in the under https://policies.google.com/privacy available data protection information.
4.4. Mailchimp newsletter
We offer you the opportunity to register with us via our website for our free newsletter. For the purposes of newsletter distribution, we use MailChimp, a service of The Rocket Science Group, LLC, , 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. hereinafter referred to as “The Rocket Science Group”.
Certified under the EU-US Privacy Shield (visit https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active) the Rocket Science Group guarantees that the EU’s data protection standards will also be complied with when processing data in the USA. The Rocket Science Group also offers further privacy information here http://mailchimp.com/legal/privacy/.
The newsletter, which is subsequently sent via The Rocket Science Group, also contains a so-called “counting pixel”, also known as Web Beacon “. With the help of this pixel we can evaluate if and when you have read our newsletter and if you have followed the links in the newsletter. In addition to other technical data, such as the data of your computer system and your IP address, the processed data are stored so that we can optimize our newsletter offer and respond to the wishes of readers. So the data will increase to increase the quality and attractiveness of our newsletter offer.
The legal basis for sending the newsletter and the analysis is Art. 6 para. 1 lit. a.) GDPR. You can revoke your consent to the newsletter dispatch at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. For this you only have to inform us about your withdrawal or press the unsubscribe link contained in each newsletter.
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
For more details, please consult the Data Privacy Policies of MailChimp at: https://mailchimp.com/legal/terms/.
5. Additional services used by the Global Young Academy
5.1 Online-based Audio and Video Conferences (Conference tools)
5.1.1 Data processing
We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).
Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection. Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while using the service.
Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.
5.2.2. Purpose and legal bases
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art.
6(1)(f) GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.
5.2.3 Duration of storage
Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools.
5.2.4 Conference tools used: Zoom
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://zoom.us/de-de/privacy.html.
5.2.5 Conference tools used: Microsoft Teams
5. Data Protection Guideline
As a member or alumna / alumnus please ensure, that you have filled in and returned the following document as part of your current / previous membership: Data Protection.