Data Protection Declaration

We are the Goethe-Institute and operate the website www.goethe.de as well as other websites in which we are named in the legal notice and which link to this Privacy Policy. We refer to these websites collectively as our websites..

Our address is:

Goethe-Institut e.V.
Oskar-von-Miller-Ring 18
80333 Munich

We address our readers and the people about whom we may have information as you. The information we may have about you is referred to as data. The General Data Protection Regulation is the most important law on data protection in the EU. We abbreviate it to GDPR.

Regardless of which country you are in, it is important to us that you are informed about data protection. For this reason, you will find additional data protection information for certain countries in section 14

Contents

Use of our website
Data processing for contracts, courses and examinations
a) Examination data and examination documents
b) Replacement certificates
c) Verification of certificates
d) Investigations by state authorities
e) Examination block
f) Goethe-Institutes worldwide
g) Data transfer
h) Deletion of your data
i) Legal basis
Mein Goethe.de, learning platform and other online services
a) Overview of Goethe online accounts
b) Mein Goethe.de account
c) Goethe learning platform
d) Deutsch für dich account
e) Deletion
f) Legal basis
Cookies and other web technologies
Advertising and newsletters
a) Advertising by post, email or text message
b) Newsletter
c) Legal basis
Our presence on Facebook, Instagram and TikTok
a) Data processing under own responsibility
b) Data processing in joint responsibility with Meta and TikTok
c) Deletion of your personal data
d) Contact for data protection questions
Social plugins, widgets and embedding of videos
a) Spotify and Soundcloud widgets
b) Content from social networks such as X, Instagram and Facebook
c) YouTube and Vimeo video plugins
WhatsApp Business
Global processing of data
Data security
Your rights
Right to object
Data protection contact
Data protection information for specific countries

1. Use of our website

You do not need to provide any personal data on our websites. This is only required for certain offers. For example, if you wish to book a course, subscribe to a newsletter or set up an online account, we will ask you to provide the necessary data. You can find more information on this in section 2 of this privacy policy.

Even if you do not provide any data on our websites, we will collect some data about your visit. Your browser, i.e. the program you use to surf the Internet, automatically sends data to our network. We refer to this data as access data. Access data includes, for example, the website you last visited, your IP address and your Internet service provider.

The IP address is a number assigned by your Internet service provider that uniquely identifies your Internet connection, like a telephone number. Your Internet service provider can use this number to determine your name for up to 7 days. Therefore, an IP address is considered personal data and is protected by the GDPR. Important: We cannot derive your name from this. We do not have access to the information held by your Internet service provider.

We use your access data to identify and rectify website malfunctions as quickly as possible. How do you delete it after 7 days?

We are supported in the provision of our websites by companies that specialise in this field. We refer to these and other companies that provide services for us as service providers. It is possible that the employees of these service providers may see or otherwise process your data. In this case, we also want to protect your data from misuse as best as possible. That is why we conclude data protection agreements with our service providers. We refer to these agreements as data processing agreements or DPA for short.

The GDPR allows us in Art. 6 para. 1 sentence 1 b) and the German Telecommunications Digital Services Data Protection Act in § 25 to use your data for the purposes we have specified in this section 1. If we conclude a DPA, Art. 28 GDPR applies. The processing of this data is technically necessary in order to display our website to you.

Information on the use of cookies can be found in section 4.

2. Data processing for contracts, courses and examinations

You can book courses and exams at our institutes and with our cooperation partners, create online accounts on our websites and register for other offers. We refer to these various services collectively as offers.

You can find all information on data protection for your online accounts in section 3.

We use the data you provide when using our offers to provide the desired offers. We mark any information that is voluntary. In addition to the information you provide, further data is often generated, for example from placement tests, exercises, exams or messages that we exchange with you.
If we ask you for health data or other particularly sensitive data, such as allergies for an offer that includes meals, we will ask for your consent.

a) Examination data and examination documents
We refer to the data relating to your examinations that you take with us or our examination partners as examination data. In addition to your name, this includes your date and place of birth, examination results, examination date, certificate number and your examination documents. These are the documents that you received and worked on during the examination and documents relating to how we assessed your examination.

If you have taken your exam with one of our exam partners, we will receive your exam data from them and use it as described in this section 2. If you have any questions, please contact datenschutz@goethe.de.
For information on data processing by one of our examination partners, please contact them directly.

b) Replacement certificates
We will store your examination data even after the examination has ended so that we can issue you a replacement certificate upon request. You can find more information on replacement certificates in the examination regulations.

c) Verification of certificates
We also make your exam data available to third parties who wish to verify the authenticity of a Goethe certificate. We refer to these third parties as recognition bodies.
They can view your exam data at verify.goethe.de/verify . We actively forward your examination data to some German missions abroad if this is necessary for visa procedures within their area of responsibility. Alternatively, the recognition body may ask us via pruefungen@goethe.de whether a certificate is genuine or not. We only provide information beyond a yes/no answer if the recognition body can provide a legal basis for the request.

d) Investigations by state authorities
If the recognising body is a government authority, the following applies: If the authority informs us that it has concrete evidence of a forged Goethe Certificate and can provide us with a legal basis for the information, we will forward the following data in addition to the examination data: a copy of your ID and documents relating to your examination, which may also include a writing sample.
Good to know: Even in cases other than those described here, we will pass on data to authorised authorities if we are required or permitted to do so by law, e.g. to report a crime or if we are called as a witness.

e) Examination block
If the examination regulations allow us to do so, we will block certain examination participants from taking examinations at any of our locations worldwide. We will note this in our central database so that the block is effective in all examination centres. To do this, we will enter the name, date of birth and place of birth of the respective examination participant as well as the period of the block.

f) Goethe-Institutes worldwide
We store your course and examination data in our central database in the European Union. Other Goethe Institutes can also access this database, unless prohibited by local law.
For Goethe-Institutes outside the European Union or the European Economic Area, we have taken measures to ensure an adequate level of data protection. We provide our employees at all Goethe-Institutes worldwide with the same guidelines on data protection.

g) Data transfer
When we provide our services, for example a language course, we pass on some of your data to our service providers. This could be the provider of software that we use for the language course, for example. When we do this, we first conclude the necessary data protection agreement with the service provider.

If you book our services online and pay online, we will pass on the part of your order data that is necessary for payment, such as your name and the amount to be paid, to the relevant service provider. In some cases, the service provider will ask you for further data on its website, for example your credit card details or if you wish to create an account there. In this case, the data protection policy of the relevant service provider applies. You can find this during the booking process or here:

Paymentwall
PayPal
Nuvei
Worldline

h) Deletion of your data
We will delete your data when your contract with us ends and all retention periods that we are required to comply with have expired. This does not apply if you have consented to us using your data for longer.
If you have taken an exam with us or one of our exam partners, we will delete your exam data after 10 years at the latest. We delete or destroy exam documents 2 years after the exam date. If you have taken one of our online German exams, we will delete your exam documents 1 year after the exam date. You can find more information about data protection for our online German exams in the relevantn Privacy Policy.

i) Legal basis

The GDPR allows us in Art. 6 para. 1 sentence 1 b) GDPR to use your data for most of the purposes we have mentioned in this section, as these are necessary to provide the service you have requested.

If we transfer your data to German authorities and foreign missions so that they can check whether a language certificate is genuine, the legal basis is § 23 para. 1 sentence 2 of the German Federal Data Protection Act. In addition, there are laws worldwide that oblige us to disclose data to state authorities. In Germany, this is, for example, §161a of the German Code of Criminal Procedure.

If you have given us your consent to use particularly sensitive data, e.g. your health data, the legal basis is Art. 9 para. 2 a) GDPR.

3. Mein Goethe.de, learning platform and other online services

a) Overview of Goethe online accounts
If you wish to make full use of the services offered on our websites, you will generally need one or more online accounts, for example a Mein Goethe.de account. A Mein Goethe.de account is, for example, the basis for setting up an account for the Goethe learning platform or Deutsch für dich.

You can set up your online account for these websites independently of a Mein Goethe.de account:

junioruni.goethe.de
kinderuni.goethe.de
profiuni.goethe.de

b) Mein Goethe.de account
With a Mein Goethe.de account, you can

use free community features. These include comments and posts in blogs and forums, and chats with other users;
book and manage free and paid offers, such as
- online and classroom courses or exams
- certain learning platforms,
- borrow media digitally or reserve items for our reference libraries.

To register for the first time, we need your email address, password and country. Together, we call this your login details. This gives you access to

your profile, where you can add further personal details,
your account settings, including a delete button,
your newsletter subscriptions and consents,
the community features and
booking options for additional Mein Goethe.de features.

If you use the community features via your Mein Goethe.de account, you can voluntarily provide additional personal information in your profile and post content such as a profile picture, texts in the form of blog or forum posts, discussion contributions and much more. These contributions are visible to other users with your username and, if applicable, your profile picture. Therefore, please choose a username and profile picture that you would like to use publicly on the Internet.

When you are logged into your Mein Goethe.de account, we will show you your personal home page. There you will see offers and content that may be relevant to your user profile. We use the data we have stored in your user account for this purpose.
In other areas of our website, we will only show you offers tailored to you personally if you have given us permission to do so via the cookie window. You can withdraw your permission at any time in the privacy settings.

c) Goethe learning platform
With an account for our learning platform at https://onlinekurse.goethe.de you can participate in our online language courses and online training courses.

We use your registration data, such as your name, email address and password, to create your account so that we can address you personally and so that you can log in and out of your personal area.

When you use the learning platform, additional data is generated, such as when you opened a course, completed exercises, what grades you received, or how you are progressing in the course. We refer to this information as usage data.

In addition to usage data, we process the data that you enter yourself during the course, in particular your text and voice input. We refer to this data as content data.

aa) Contract fulfilment
We use your usage and content data to offer you the courses and training programmes you have booked and, in particular, to provide the following services:

Dynamic adaptation of the offer to your abilities and learning habits, for example by visualising your learning progress.
sending notifications and reminders, e.g. notifications that a course is coming to an end,
Provision of automatic corrections and evaluations of text and speaking tasks, including with the help of language models based on artificial intelligence. We abbreviate these functions as AI.
Provision of interactive conversation options, such as in the form of an interactive AI learning chatbot.

If you participate in synchronous online training with one of our teachers, you will be redirected to the conference tool we use via a link. We do not store the data generated during the online meetings. We have concluded a data protection agreement with the provider of the conference tool to protect your data.

bb) Service improvement and analysis data
We also process your usage and content data to continuously improve the learning platform, in particular to identify weaknesses and optimise our text and language analysis functions.

We use your data in anonymised form for this purpose. This applies in particular when we use it to train AI models and for other research and statistical purposes. We refer to this anonymous data as analysis data. To create the analysis data, we replace your name or age with another randomly selected value, for example. This means that you as the person behind the data can no longer be identified, or only with additional information that is subject to special protection and is only accessible to individual members of our staff.

We also pass on analysis data to researchers and statisticians, helping them to better understand the language learning process and develop effective correction and feedback mechanisms and applications that provide the best possible support for people learning German.

d) Deutsch für dich account
You can do some exercises on Deutsch für dich without creating an account. To use the community feature of Deutsch für dich, exchange ideas with other learners and complete further exercises from the range on offer, you need an account. To do this, you must provide your email address, choose a username and specify your country or region.

For some exercises, we also process your data to provide interactive conversation options, for example with an AI learning chatbot. For more information on how we handle your data when you use our AI chatbot, please refer to section 3 c) bb).

e) Deletion
If you do not confirm your registration within 7 days, your Mein Goethe.de account and all data will be deleted. This does not apply to Mein Goethe.de accounts that you created when booking in the web shop. These will remain stored until you request their deletion. To do this, please use the delete function in your Mein Goethe.de account. If you have not yet confirmed your Mein Goethe.de account, please write to datenschutz@goethe.de. We will automatically delete your Mein Goethe.de account if you do not use it for 6 years.

The same applies to your Deutsch für dich account. You can also delete your Deutsch für dich account independently of your Mein Goethe.de account. To do so, please use the "Cancel membership" function in your Deutsch für dich account. All data will then be deleted from Deutsch für dich. The data in your Mein Goethe.de account will remain until we delete it after the above-mentioned periods.

We will automatically delete your account for the learning platform if you do not use it for 3 years or as soon as you request its deletion. At this point at the latest, we will also delete all data that has been collected during a course, training or exercise.

After one year of non-use, we will automatically delete your online account for the following websites:

https://junioruni.goethe.de
https://kinderuni.goethe.de
https://profiuni.goethe.de

f) Legal basis

When you create a Mein Goethe.de, learning platform or other online account with us, you enter into a user agreement with us. We use the necessary data to fulfil this agreement. The GDPR allows us to do so in Art. 6 para 1 sentence 1 b).
When we display a personalised home page for you, we use data about the offers you have booked and your possible interests. The GDPR allows us to do this as marketing of our offers in Art. 6 para. 1 sentence 1 f) GDPR. This applies as long as you do not object. To do so, please contact datenschutz@goethe.de.
The GDPR allows us to use your data to create analysis data in Art. 6 para. 4 GDPR. The anonymous further processing of your data is compatible with the original purpose of providing the service.
Information on the use of your data if you have permitted the use of cookies can be found in section 4.

4. Cookies and other web technologies

We use cookies and other web technologies on our websites. Together, we refer to these as cookies. Cookies enable us to ensure that

you can use our website with standard functions such as a shopping basket,
we and authorised cooperation partners can measure the use of our websites, and
we can display offers on our websites or the websites of our cooperation partners to certain users that match their previous usage behaviour.

All information about the different types of cookies, the legal basis for data processing and your settings options can be found at Privacy settings

By the way: On our websites
junioruni.goethe.de
kinderuni.goethe.de
profiuni.goethe.de
we do not display any offers that match your previous usage behaviour, as these pages are aimed at children and young adults.

5. Advertising and newsletters

a) Advertising by post, email or text message
If we receive your name and postal address from you, for example because you have booked an offer from us, we may use this data to send you postal advertising.
If we receive your telephone number or email address from you, we may send you messages by email or text message (e.g. via Messenger or SMS) with advertising for our own similar offers, customer satisfaction surveys or other surveys.
You can object to the use of your postal address, telephone number and email address for these purposes at any time, in whole or in part, in writing or electronically, for example by email to info@goethe.de free of charge and with effect for the future.

b) Newsletter
If you have subscribed to one of our newsletters, we process your name and email address in order to send you the newsletter you have requested to the email address you have provided and to address you by name and provide you with information about your use of the newsletter, to understand what information you are interested in or not interested in at , and thus to continuously improve and personalise the content of our newsletter.

In order to obtain information about your use of our newsletter, some of our newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is loaded from the server used for this purpose when you open the newsletter. This enables us to collect technical information such as your browser and operating system, your IP address, the time at which you receive and open the newsletter, and which links contained in the newsletter you have clicked on.

c) Legal basis
How we process your data based on our legitimate interest in direct marketing. The GDPR permits this in Art. 6 para. 1 sentence f). § 7 para. 3 of the German Unfair Commercial Practices Act also applies to the use of your contact details for advertising by email or text message. The legal basis for newsletters you have subscribed to is Art. 6 para. 1 b) GDPR.
We use your contact details, in particular your telephone number, for forms of advertising other than those mentioned above, for example for advertising calls, if you have given us your separate consent to do so. In this case, Art. 6 para. 1 sentence 1 a) GDPR is the legal basis for data processing.

6. Our presence on Facebook, Instagram and TikTok

If you use our social media accounts on TikTok, Facebook or Instagram, we are responsible for handling your data in various ways. In some cases, we are solely responsible, and in others, we are jointly responsible with the following providers:

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
(Your provider within the European Economic Area – this includes the EU countries plus Iceland, Liechtenstein and Norway)
TikTok Information Technologies UK Limited, 4 Lindsey Street, Barbican, London, EC1A 9HP, United Kingdom.
(Your provider if you use TikTok in the United Kingdom)
Bytedance Ltd. at P.O. Box 31119 Grand Pavilion, Hibiscus Way, 802 West Bay Road, Grand Cayman, KY1 - 1205 Cayman Islands.
(Your provider if you use TikTok in other countries)

Meta Platforms Ireland Ltd., 2/4 Grand Canal Quay, D02 R890 Dublin, Ireland
(Your provider if you use Facebook and Instagram within the EU)
Meta Platforms Technologies, LLC 1 Hacker Way, Menlo Park, CA 94025, USA
Your provider if you use Facebook and Instagram in other countries).

a) Data processing under own responsibility
aa) Exchange on our social media sites

If you use the community features on our social media sites (e.g. Messenger, comment function, "Like" button, "Follow" button, etc.), we use your data to respond to you. Depending on your personal settings, this may include: username, profile picture, date of interaction, age, gender, language, other data visible to us or content from comments or messages, as well as content that you publish on your own profile.
If you contact us with questions about specific offers, for example about our courses or events, we will respond to you in the same way: via your private message or on your public posts or comments. In addition, we also use your data if necessary to ask for your permission to communicate with you outside of our social media presence, for example by email or SMS (Art. 6 para. 1 sentence 1 c) GDPR).
The GDPR allows us to do so in Art. 6 para. 1 sentence 1 b) GDPR.

If you provide us with feedback (e.g. by commenting on or marking our posts or via private message), we process your data to improve our social media presence, our business processes, marketing measures and our support.
The GDPR allows us to do this in Art. 6 para. 1 sentence 1 f) GDPR as long as you do not object.

bb) Competitions
From time to time, we offer competitions on our social media sites. If you participate in a competition, we will inform you about how we process your data within the context of the competition.

cc) Social media monitoring
We evaluate the posts that users publish on our social media sites in order to improve the quality and further develop our content, improve our marketing and identify potential risks (e.g. political crises or the effects of natural events). For this purpose, we use the social media listening and analytics tool Talkwalker S.à r.l., 16, Avenue Monterey L-2163 Luxembourg.

We only evaluate your publicly accessible actions and contributions to forums, blogs and online news sites. This may also include individual quotes or other data, such as your username.
We carry out this evaluation because it is important to us to improve our offers, information and advice on possible political or environmental risks. The GDPR allows us to do this in Art. 6 para. 1 sentence 1 f) GDPR, as long as you do not object.

b) Data processing in joint responsibility with Meta and TikTok
If you follow our social media sites or click on the "Like" button, Meta or TikTok will add your profile to the list of all "followers" or "friends" and provide us with this information. We can only see the public information on your profile. You can decide which data this is in your profile settings.
When you visit or interact with our social media sites, we receive statistics about our "followers" or "friends" from Meta or TikTok.
This may include, for example: age, gender, country, city, usage data and technical data such as visit time, interaction type, interaction duration, interaction frequency, page entry or playback duration.
Otherwise, we use the statistics in accordance with Art. 6 para. 1sentence 1 f) GDPR to protect our legitimate interests or the interests of third parties, as we want to improve our offering and tailor it to your needs, further develop our services and offerings, and manage and improve our business processes. We also use the statistics for success analyses and targeted advertising. You have the option to object to targeted advertising in your settings.
If you are not registered with Facebook, Instagram or TikTok, we do not receive any information from Meta or TikTok about your visit or your use of our respective social media presence.

c) Deletion of your personal data
If you have given us your consent to store your contact details and information about your interactions on Facebook, Instagram or TikTok in our customer management system, we will delete your personal data as soon as you withdraw your consent.
We process the public information on your profile for as long as it is visible on our social media sites.

d) Contact for data protection questions
If you have any questions about data protection in relation to our social media sites, you can contact datenschutz@goethe.de or use the contact details provided in the privacy policy of Meta or TikTok.
You can find TikTok's privacy policy at https://www.tiktok.com/legal/page/eea/privacy-policy/de
Meta's privacy policy can be found at
https://www.facebook.com/privacy/center/

7. Social plugins, widgets and embedding of videos

We embed third-party social plugins, widgets and videos on our websites, provided that you have agreed to this in your privacy settings. All legal information and your settings options can be found in your privacy settings.

In addition to the detailed information in the privacy settings, here are some examples of these technologies:

a) Spotify and Soundcloud widgets
Our websites use widgets from the Spotify and Soundcloud networks for the purpose of making our content interactive.

b) Content from social networks such as X, Instagram and FacebookContent (posts, comments and/or channels) from X, Instagram and other social networks, such as Spotify and Soundcloud, may be displayed on our websites, in particular in our articles, via social plugins. The social media plugins can establish a direct connection to the servers of the respective network, which results in data being transferred to the provider. This may include the following data in particular:

Website visited
Browser information
Information about the operating system
IP address

c) YouTube and Vimeo video plugins
Third-party content from YouTube and Vimeo is integrated into our websites for the purpose of interactive design of our content.

8. WhatsApp Business

On some of our websites, you will find a link that allows you to contact us directly via WhatsApp. To respond to you, we use WhatsApp Business, a service provided to us by WhatsApp Ireland Limited (WhatsApp).
We process the data you provide to us or that is stored in your profile, such as your phone number, name and profile picture.

WhatsApp uses other companies to provide this service, some of which are based in countries outside the European Economic Area, including WhatsApp LLC and Meta Operations Inc. in the USA.

We use WhatsApp Business because it is important to us that you can reach us quickly and easily. The GDPR allows us to do so in Art. 6 para. 1 sentence 1 f) GDPR. The data collected via WhatsApp Business will be deleted by us within four months of responding to your enquiry.

9. Global processing of data

We or our service providers may also process your data outside the country in which you are located.

We only process data in countries outside the European Union if the level of data protection there is sufficiently high. We use various means to ensure that this is the case:

The EU Commission has determined in a decision that the country is well positioned in terms of data protection. This is the case, for example, in the United Kingdom, Switzerland, Canada and Japan. Click here for a current list of countries.
Or we conclude a standard data protection agreement with our service provider. Click here for the EU model document or contact datenschutz@goethe.de, if you would like a copy of this agreement.

10. Data security

We secure our websites and other systems through technical and organisational security measures. It is important to us that your data is protected against loss or unauthorised access, alteration or distribution. An example of a technical security measure is encrypted data transmission when you use your Mein Goethe.de account.

11. Your rights

You have the right to:

Request information about your data (Art. 15 GDPR);
Request the correction of inaccurate or incomplete data (Art. 16 GDPR);
request the deletion of your data (Art. 17 GDPR). However, we may store your data despite your request for deletion if this is necessary:
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation;
- for reasons of public interest.
Restriction of processing of your data (Art. 18 GDPR) if
- you dispute the accuracy of the data while we are verifying its accuracy;
- the processing is unlawful, but you refuse to have the data deleted;
- we no longer need the data, but you need the data to pursue legal claims or
- you have objected to the processing while we are reviewing your objection;
to request data portability, i.e. the right to receive the data you have provided to us in a common and machine-readable format or to request its transfer to another controller (Art. 20 GDPR);
to lodge a complaint with a supervisory authority (Art. 77 GDPR). As a rule, you can contact the supervisory authority of your usual place of residence or workplace for this purpose. The supervisory authority responsible for us is:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
poststelle@bfdi.bund.de

12. Right to object

If we use your data on the basis of legitimate interest, you may object to this. You can recognise these cases by the fact that we point out your right to object or cite Art. 6 para 1 sentence 1 f) GDPR as the legal basis.

If we use your data for advertising purposes, it is sufficient for you to simply object to this. We will then no longer use the data for advertising purposes.

If we use your data for other legitimate interests, please provide reasons for your objection that arise from your particular situation. This is provided for in the GDPR so that we can review your objection and weigh your personal interests against ours.

If the assessment shows that your interests outweigh ours, we will not process your data any further. If we can demonstrate that there are compelling legitimate interests that outweigh your interests, or if we use the data to pursue legal claims, we will inform you accordingly. In this case, we will continue to process your data until we are required to delete it.

13. Data protection contact

Please contact us with any questions or concerns regarding data protection and your rights.
The Data Protection Officer
Goethe-Institut e.V.
Oskar-von-Miller-Ring 18
80333 München
datenschutz@goethe.de

14. Data protection information for specific countries

Additional data protection regulations may apply in the country where you are located. For example, regulations that extend your data protection rights or impose special requirements on us. Click on one of the following countries to access the data protection information[

Goethe-Institut Peru