Data Protection - Your Application


This information notice describes how the GERMAN-AMERICAN FULBRIGHT-COMMISSION ("Controller") will process your personal data in the context of your current application for scholarship with the Controller.

  • 1. Purposes of processing
    The Controller will process your personal data to consider, review and possibly award you a scholarship.

  • 2. Personal data processed
    We collect and process personal data ("Personal Data") about you when you apply scholarship from the Controller.
    This includes all the information you voluntarily provide throughout the application process, which may include
    • Historical information
      o Information about your personal history (events, travel history, etc.)
    • Internal Information
      o Knowledge and belief (religious belief, philosophical beliefs, etc.)
      o Preferences (opinions, intentions, interests, likes, dislikes, etc.)
    • External and sensitive information
      o Identifying information (name, age, date of birth, user-name, government issued identification (passport/ID), picture, address, email address, phone number, etc.)
      o Immigration status (work permit, resident permit, etc.)
      o Ethnicity (race, national or ethnic origin, languages spoken, dialects, etc.)
      o Sexual (gender, etc.)
      o Demographic (age, etc.)
      o Medical and health (disabilities, health history, allergies, etc.)
    • Financial information
      o Account (bank account number, etc.)
      o Ownership (income, loan records, etc.)
    • Social information
      o Professional information (academic history, job titles, salary, work history, school attended, employee files, employment history, evaluations, professional references, interviews, certifications, etc.)
      o Criminal information (convictions, charges, etc.)
      o Public life (social status, marital status, religion, political affiliations, etc.)
      o Family (family structure, siblings, details of dependents, marriages, divorces, relationships, etc.)
      o Photos and Videos

  • 3. Legal basis for processing
    We process this personal data for the following purposes
    • 1. For purposes which are required by law:
      o To fulfill immigration obligations (e.g., visa application, health insurance coverage through Seven Corners, etc.)
      o In response to requests by government or law enforcement authorities conducting an investigation (e.g., to apply for visa)

    • 2. Where you give us consent

    • 3. To fulfil a contract, or take steps linked to a contract. This includes services rendered/offered by
      o Fulbright Germany, when awarding a scholarship
      o Insurances

    • 4. As required by Controller to conduct our business and pursue our legitimate interests, in particular
      o Networking activities
      o Exchanging contact details with donors
      o Investigating any complaints received from you or from others about our services
      o We will use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation)

  • 4. Withdrawing consent or otherwise objecting to direct marketing
    Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above.

  • 5. Consequences of not providing the above sensitive personal data or withdrawing consent
    You do not have to provide your consent. However, not giving or withdrawal of your consent may compromise the completeness of data needed to grant a scholarship.

  • 6. Recipients or categories of recipients
    Your Personal Data may be shared with
    • third party service providers, who will process personal data on behalf of Controller for the purposes identified above. Such third parties include IIE, ECA, university partnerships as listed in the data register (updated annually by December), review panel as listed in the data register (updated annually by December) and selection committees (updated annually by December)
    • attorneys or legal counsel representing the Controller
    • courts, tribunals, (arbitration) commissions, government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws

  • 7. Details of data transfers outside the EU
    Your Personal Data may be transferred outside the EU to the United States of America.

    Where information is transferred outside the EU, and where this is to a third party, stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request to the Controller.

  • 8. Security
    The Controller will implement, and undertakes that its data processors implement, appropriate technical and organizational measures to ensure an appropriate level of security of your Personal Data.

  • 9. What rights do you have?
    Pursuant to the data protection legislation, including the EU General Data Protection Regulation 2016/679 ("GDPR"), as well as any legislation and/or regulation implementing or created pursuant to the GDPR, or which amends, replaces, re-enacts or consolidates any of them, and all other national applicable laws relating to processing of personal data and privacy that may exist under applicable law, several rights are recognized, which you can in principle exercise free of charge, subject to statutory exceptions. In particular, you have the following rights
    • right to access, review, and rectify your Personal Data. You may be entitled to ask us for a copy of your information, to review or correct it
    • right to erasure: you have the right to erasure of all the Personal Data processed by us in case we no longer need it for the purposes for which the Personal Data were initially collected or processed
    • right to object or restriction of processing: under certain circumstances described in the data protection legislation, you may ask for a restriction of processing or object to the processing of your Personal Data
    • right to data portability: you have the right to receive the Personal Data processed in a format which is structured, commonly used and machine-readable and to transmit this data to another service provider

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.

To exercise any of these rights, you can get in touch with us, using the contact details set out below.

If you have unresolved concerns, you have the right to lodge a complaint with an EU data protection authority where you live, work or where you believe a breach may have occurred. This is likely to be the Berliner Beauftragte für Datenschutz und Informationsfreiheit:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219, 10969 Berlin
Tel: +49 (0) 30 138 890 Fax: +49 (0) 30 215 505-0 E-mail: mailbox@datenschutz-berlin.de

  • 10. How do you get in touch with us — Contact details
    We hope that we can satisfy queries you may have about the way we process your data. If you have any queries or concerns about the way we process your personal data, you can get in touch at by email or by writing. Please use any of the following contact details.

    Identity and contact details of the Controller:

    GERMAN-AMERICAN FULBRIGHT-COMMISSION
    Lützowufer 26, 10787 Berlin
    Data-protection@fulbright.de

  • 11. The retention period for the data
    Where we process personal data with your consent, we do this for as long as you are in the application process and for up to 2 years after this.

    Where we process personal data for (IT) security purposes, we retain it for 1 year.

    Where we process personal data in the context of a lawsuit related to the application, we retain it until all ways of redress have been exhausted and/or have reached their statute of limitations and for 5 years after this.

  • 12. Fulbright Germany’s Data Protection Information on our website
    You can easily access our general data protection information on our website, too. Please follow the link: https://www.fulbright.de/datenschutz.