In order to comply with our obligations pursuant to Art. 13 DSGVO, you are informed by means of this data protection declaration about the type and scope as well as the purpose of the processing of personal data (hereinafter referred to as "data"), which is incurred in the provision of our services and within our online offer. This online offer includes in particular the necessary websites and associated functions and content as well as external online presences, such as profiles of social networks and media.
With regard to the terms used, reference is made to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
We would like to point out at this point that this data protection declaration is based on prefabricated text modules and the generic masculine is used. Feminine and other gender identities are explicitly included as far as it is necessary for the statement.
The person responsible for data processing within the meaning of Art. 13 I DSGVO is:
Geschäftsführerin: Dr. Inez Kipfer-Didavi
The data protection officer of the controller is:
Dr. Alexander Löw
Tel.: +49 (0)89 660 393 – 0
Visitors and users of our online offer are affected by the data processing carried out by us.
Types of Data Processed
In the case of merely calling up our online offer, i.e. without registering or providing any other information, only the data transmitted to our server by the respective user's browser (so-called "server log files") are collected. The following data is affected by this:
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- IP address used (if applicable: in anonymised form)
- Usage data (e.g. so-called cookies, websites visited, interest in content, access times),
- Meta/communication data (e.g. software information, IP/MAC addresses, operating system used and browser).
If the respective user also submits a registration or other information, the following data will also be processed:
- Inventory data (e.g. personal master data, names or addresses),
- Contact details (e.g. email addresses, telephone numbers),
- Content data (e.g. text input, photo and video material)
Purpose of the Processing
The processing of the data takes place
- for the provision of the online offer including its functions and contents,
- to answer contact requests and communicate with users,
- to ensure security measures,
- for range measurement and
- for marketing purposes
"Personal data" are, according to Art. 4 No. 1 GDPR, "any information relating to an identified or identifiable natural person (hereinafter 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".
"Processing" is, according to Art. 4 No. 2 GDPR, "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".
According to Art. 4 No. 4 of the GDPR, "profiling" means "any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular with a view to analysing or predicting aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location".
According to Art. 4 No. 5 GDPR, "pseudonymisation" means "the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person".
A "filing system" is, according to Art. 4 No. 6 GDPR, "any structured collection of personal data accessible according to specified criteria, whether such collection is maintained on a centralised, decentralised or functional or geographical basis".
"Controller" means, in accordance with Article 4(7) of the GDPR, "the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law".
"Processor" means, according to Article 4(8), "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller".
"Recipient" means, in accordance with Article 4(9) of the GDPR, "a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party". However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing".
The IP address is a combination of numbers assigned to a device by an Internet Service Provider to give the device access to the Internet.
According to Art. 13 I c) DSGVO, we are obliged to inform you about the legal basis of our data processing. For users from the area of application of the Basic Data Protection Regulation (DSGVO), which extends to the European Union (EU) and the European Economic Community (EEC), the following applies with the proviso that no other legal basis is mentioned in the data protection declaration:
Art. 6 (1) lit. a and Art. 7 DSGVO are the legal basis for the processing of data covered by consent.
Art. 6 para. 1 lit. b DSGVO is the legal basis for the processing of data for the fulfilment of our owed services, for the implementation of pre-contractual measures as well as answering inquiries.
Art. 6 para. 1 lit. c DSGVO is the legal basis for the processing for the fulfilment of our legal obligations.
Article 6(1)(d) DSGVO is the legal basis for processing of personal data that is necessary due to vital interests of the data subject or another natural person.
Article 6(1)(e) DSGVO is the legal basis for processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, insofar as it is necessary for that purpose.
Art. 6 (1) lit. f DSGVO is the legal basis for processing to protect our legitimate interests.
Art. 6 (4) DSGVO concerns the processing of data for purposes other than those for which they were collected. Such processing is only possible under the conditions specified here.
Article 9(2) of the GDPR sets out specific requirements for the processing of special categories of data (corresponding to Article 9(1) of the GDPR).
In order to ensure a level of protection commensurate with the risk, we ensure, in accordance with the following
- the legal requirements, taking into account the state of the art,
- the implementation costs, the nature, scope, context and purposes of the processing, and
- the varying likelihood and severity of the risk to the rights and freedoms of natural persons
for appropriate technical and organisational measures.
These measures include, in particular, ensuring the confidentiality, integrity and availability of data through
- Control of physical access to data,
- Control of access to the data,
- Control of the input, transfer, assurance of availability and separation of data.
In addition, we have established procedures that guarantee the exercise of data subjects' rights, the deletion of data and the response to data compromise.
Cooperation with Processors, Joint Controllers and Third Parties
For certain services, it is necessary in the course of our processing of the data to disclose it to other persons (usually companies), i.e. to transmit data to them or otherwise grant them access to the data. These companies are, on the one hand, processors or jointly responsible parties, and on the other hand, third parties such as payment service providers. Such disclosure is only made on the basis of a legal permission or obligation, consent by the user or on the basis of our legitimate interests, which exist, for example, in the use of agents or web hosts. Such a legitimate interest also exists in particular in the processing of data for administrative purposes.
In the event that we make data accessible to other companies in our group of companies (through disclosure, transmission or granting access in any other form), this is done in particular for administrative purposes. This constitutes a legitimate interest within the meaning of Art. 6 (1) f DSGVO. In addition, making data accessible may also be based on a legal requirement.
Transfers of Data to Third Countries
A disclosure, transmission or other making available of the data to a person (this also includes a company) in a third country (i.e. outside the EU, EEA or the Swiss Confederation) takes place if the legal requirements are met. This is particularly the case when processing is carried out to fulfil our contractual or pre-contractual obligations. Otherwise, the processing must be based on your consent, a legal obligation or our legitimate interests. In addition, we are obliged to ensure the necessary minimum standards in this constellation as well. This includes, for example, that the respective third country has been officially granted a level of data protection equivalent to that of the EU (e.g. for the USA by the "Privacy Shield") or that officially recognised special contractual obligations are observed.
Rights of Data Subjects
You have the right, upon request, to obtain information about whether data concerning you is being processed. In addition, you have the right to receive further information and a copy of the data in accordance with the legal requirements.
You have the right to obtain the completion of data concerning you and the rectification of inaccurate data concerning you.
You have a right to the immediate deletion of the data concerning you in accordance with the legal requirements. Alternatively, you have the right to restrict the processing of the data within the framework of the legal requirements. (see also right of objection)
In accordance with the law, you have a right to be provided with the data relating to you that you have made available to us and you may also request that it be transferred to other data controllers.
You have the right to lodge a complaint with the competent supervisory authority.
Right of Withdrawal
You can revoke your consent at any time with effect for the future.
Right of Objection
You have the right to object to the future processing of data relating to you in accordance with the statutory provisions. The objection may in particular also be directed against the processing for purposes of direct advertising.
We offer the use of temporary and permanent cookies. If you do not agree with this use, we ask you to deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Cookies are small files that are stored on your computer. These files contain different information. Primarily, cookies are used to store information about a user of an online offer. In particular, for example, login data, the contents of a shopping cart and called articles in an online shop or also generally called websites are stored.
First of all, a distinction must be made between temporary and permanent cookies. Temporary cookies are also called "session cookies" or "transient cookies". These are cookies that are deleted after leaving the online offer. This usually happens when the browser is closed.
Permanent cookies (or "persistent cookies") are files that remain stored even after the browser is closed. In this way, the above-mentioned information can remain beyond the respective browser session.
This is particularly relevant for cookies that contain information about users' interests. This data is often used for reach measurement or marketing purposes.
Furthermore, a distinction must also be made between so-called "third-party cookies", which are offered by providers other than the person responsible for operating the online offer, and so-called "first-party cookies", which are present in all other cases.
Furthermore, the storage of cookies can also be prevented by deactivating them in the browser settings. However, this option may not allow the use of all functions of this online offer.
Deletion of Data
In accordance with the legal requirements, we delete the data we have collected or restrict its processing.
We delete the data stored by us as soon as the purpose on which the storage is based has ceased to exist and there are no legal storage obligations to the contrary and no deviating regulations have been made in this data protection declaration.
If the data is not deleted due to necessity for other, legally permissible purposes (e.g. storage for commercial or tax law reasons), its processing is restricted. In this case, the data is processed exclusively for this purpose and is otherwise blocked.
Legal innovations or changes to the data processing carried out by us may make it necessary to adapt this data protection declaration. For this reason, we ask you to regularly check the content of our data protection declaration. Should a change require an act of cooperation on your part (e.g. consent) or other individual notification, you will be informed by us in an appropriate form.
Processing for Commercial Purposes
In addition, we process contractual data (e.g. subject of the contract, term, date of conclusion) as well as payment data (e.g. account number) of our customers, prospective customers and business partners in order to provide contractual services and other services. This includes in particular services, customer care, marketing, advertising and market research.
Other Contractual Services
In order to fulfil our contractual and pre-contractual services, we process the data of our "contractual partners", which in particular shall also include interested parties as well as other clients, customers, clients or customers, in accordance with Art. 6 Para. 1 lit. b. DSGVO.
The data processed is determined by the underlying contractual relationship. This also applies to the type, scope and purpose as well as the necessity of their processing.
The data processed are primarily
- Inventory and master data of the contractual partners (e.g., name, address, etc.),
- Contact details (e.g., email address, phone, etc.),
- Contractual data (e.g., services used, products purchased, costs, names of contact persons) .
As a matter of principle, we do not process any special categories of personal data, unless these are components of a commissioned or contractual processing.
Furthermore, we process data that are necessary for the justification and fulfilment of the contractual services. In doing so, we point out the necessity of providing the data if this is not evident for the contractual partners.
We only disclose the processed data to external persons or companies if this is necessary on the occasion of a contract.
When processing data provided to us on the basis of an order, we act strictly in accordance with the instructions of the client and the legal requirements.
We store the IP address used by you during registration, during the subsequent logins as well as the IP address used when using our online services and the time of the respective user action. This storage takes place due to the perception of our legitimate interests, as to protect users from abuse and other unauthorized use. This data will not be passed on to third parties as a matter of principle. This does not apply if this is necessary for the pursuit of our legal claims as a legitimate interest or if there is a legal obligation to do so.
When using our online services, the IP address and the time of the respective user action are stored by us. The storage is based on our legitimate interests, as well as the interests of users in the protection against abuse and other unauthorized use. This data will not be passed on to third parties unless this is necessary for the prosecution of our claims in accordance with Art. 6 Para. 1 lit. f. DSGVO or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. DSGVO.
We delete the data when they are no longer required for the fulfilment of contractual or legal duties of care and handling of any warranty and comparable obligations. The necessity of keeping the data is reviewed by us every three years. Otherwise, the statutory retention obligations apply.
Provision of our Statutory and Business Services
The processing of the data of our members, supporters, interested parties, customers or other persons for the purpose of the offer or the fulfilment of contractual services is carried out in accordance with Art. 6 para. 1 lit. b. DSGVO. The same applies in the case of activity within the framework of an existing business relationship or the receipt of services and benefits.
Otherwise, the data of data subjects pursuant to Art. 6 para. 1 lit. f. DSGVO on the basis of our legitimate interests. This is particularly the case when it comes to administrative tasks or public relations.
The type, scope and purpose of the processed data as well as the necessity of their processing is determined by the underlying contractual relationship.
The data shall in principle include
- Inventory and master data of the persons (e.g., name, address, etc.),
- Contact details (e.g., email address, phone, etc.),
- Contract data (e.g., services used, content and information provided, names of contact persons).
We delete data that is no longer required to fulfil our statutory and business purposes.
The respective tasks and contractual relationships are decisive here.
Data that is relevant to business will be retained by us for as long as is necessary for the comprehensive processing of the business. Any warranty or liability obligations are also relevant here. We review the necessity of retaining the data every three years. Otherwise, the statutory retention obligations apply.
Administration, Financial Accounting, Office Organization, Contact Management
Within the performance of administrative tasks as well as the organization of our business, financial accounting and compliance with legal obligations, such as archiving, we process data.
This data is the same data that we process to provide our contractual services. This processing is carried out pursuant to Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO.
Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities.
In doing so, we disclose or transmit data to the tax authorities, advisors, such as tax consultants or auditors, as well as other fee offices and payment service providers.
Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.
Microsoft Cloud Services
We use the cloud provided by Microsoft and its cloud software services (known as "Software as a Service") in order to
- Exchange, store and manage documents,
- Sending e-mails,
- Organize calendar,
- Create spreadsheets and presentations,
- Share content, information and forms with specific recipients
- Publish web pages,
- hold conversations in the context of "chats" or
- conduct audio and video conferences.
The Microsoft Cloud Services are offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. Insofar as data is processed in the USA, we refer to Microsoft's certification in accordance with the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).
When using the service, personal data of the users are processed. This concerns all data that become part of the documents and content processed as part of the services listed. In addition, the processing also includes all data that form part of communication processes.
In particular, master and contact data of users, data on transactions, contracts, other processes and their contents are processed.
Microsoft also processes usage and metadata for security purposes and to improve the Service.
When you use publicly available documents, Web pages, or other content, Microsoft stores cookies on users' devices for purposes of Web analytics or to ensure that user preferences are available at the next session.
We use the Microsoft cloud services on the basis of the exercise of our legitimate interests in accordance with Art. 6 (1) lit. f DSGVO in efficient and secure management and collaboration processes. Furthermore, the processing is carried out on the basis of an order processing contract which we have concluded with Microsoft.
For more information, see the Microsoft Privacy Statement (https://privacy.microsoft.com/de-de/privacystatement) and the Microsoft Cloud Services Security Notice (https://www.microsoft.com/de-de/trustcenter).
Users may object to the processing of their data in the Microsoft Cloud in accordance with the legal requirements, which will result in the deletion of their data. In other cases, the deletion of data within the cloud services is determined by the other processing processes in the context of which the data are processed. For example, data that is no longer required for contractual purposes will be deleted if it is also no longer required for other purposes, such as taxation.
In the context of contacting us, which is possible via contact form, e-mail, telephone, fax or social media, the user's details are processed for the purpose of handling and processing the contact request. The legal basis with regard to contractual/pre-contractual relations results from Art. 6 para. 1 lit. b. DSGVO. With regard to other inquiries, Art. 6 para. 1 lit. f. DSGVO is relevant. The user's details are generally stored in a customer relationship management system ("CRM system") or comparable enquiry organisation.
We delete the data obtained with regard to the request, provided that they are no longer necessary. The review of the necessity takes place every two years. Otherwise, the statutory archiving obligations apply.
Newsletter - Newsletter2Go/ Sendinblue
The newsletter is sent using the dispatch service provider Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. You can view the data protection provisions of the dispatch service provider here: https://www.newsletter2go.de/datenschutz/. The shipping service provider is used on the basis of the exercise of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO and an order processing contract according to Art. 28 para. 3 p. 1 DSGVO.
The dispatch service provider Newsletter2Go may use the data of the recipients in pseudonymized form, i.e. without the possibility of assignment to a specific user, to improve its own services. As an example, the use for the technical optimization of the dispatch and the presentation of the newsletter or the use for statistical purposes.
However, Newsleter2Go does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.
Newsletter - Success Measurement
Our newsletters contain a so-called "web beacon". This is a pixel-sized file that is loaded from our server or, if we use a shipping service provider, from their server when the newsletter is opened.
Technical information, such as information on the browser and operating system of the respective user, as well as their IP address and the time of retrieval, is collected during retrieval.
This information is used for the technical improvement of the services. In doing so, the technical data can be evaluated with regard to the respective target groups and their reading behaviour, to the respective retrieval locations, which can be determined by the IP address, as well as to the access times.
The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked.
For technical reasons, it is possible that this information is assigned to individual newsletter recipients. However, we assure you that it is neither our intention nor that of the shipping service providers we may use to spy on individual users.
The evaluations are used much more to determine the reading habits of our users and to adapt our content to them or to distribute different content according to the interests of our users.
A separate revocation of the performance measurement is not possible. In the event that they do not agree with the evaluation, the entire newsletter subscription must be cancelled.
Hosting and E-mail Dispatch
We rely on external hosting services to operate our online services. This concerns:
- Infrastructure and platform services
- Computing capacity, storage space and database services,
- E-mail dispatch services and
- Security services and technical maintenance services.
In the context of the exercise of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with. Art. 28 DSGVO (conclusion of order processing contract), the following data in particular will be processed by us or our hosting provider:
- Inventory and Contact Information,
- Content data and contract data as well as
- Usage, meta and communication data.
This data processing concerns our customers as well as interested parties and visitors of our online offer.
Collection of Access Data and Log Files
On the basis of the exercise of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO, we or also our hosting provider collect data about each access to the server on which this service is located (so-called server log files). This data includes
- Name of the accessed website and, if applicable, certain files,
- Date and time of the retrieval,
- volume of data transferred,
- Message about successful retrieval,
- Browser type and version the operating system of the user,
- Referrer URL (the previously visited page),
- IP address and
- the requesting provider.
Log file information is stored for security reasons for up to seven days and then deleted. This serves in particular to clarify acts of abuse or fraud. If data is suitable as evidence for the clarification of a matter, it is excluded from deletion until the final clarification of the respective incident.
Reach Measurement with Matomo/PIWIK
Based on the perception of our legitimate interests in the analysis, optimization and economic operation of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO, we use the reach analysis service of Matomo.
The following data of the user are processed:
- the type and version of browser used,
- operating system used,
- Country of origin,
- Date and time of the server request,
- Number of visits,
- Time spent on the website as well as the external links clicked on.
The IP address of the user is anonymized before storage so that it can no longer be assigned to a person. Matomo is an open-source project, for which Matthieu Aubry is legally responsible according to his own information on the website. An official company headquarters is currently not known.
These cookies are stored for approximately one week. The information contained in the cookie about the use of our websites is stored exclusively on our server and is not passed on to third parties.
Users are entitled at any time to object to the anonymous collection of data by the Matomo program with effect for the future by clicking on the link below.
In this case, a so-called opt-out cookie is stored in the user's browser. This has the consequence that Matomo does not collect any further session data.
If the user deletes his cookies, this has the consequence that the opt-out cookie is also deleted. Consequently, this must be reactivated by the user if he wishes to maintain his objection.
Deactivation performed! Your visits to this website will no longer be collected by the web analytics. Please note that the Matomo deactivation cookie of this website will also be deleted if you remove the cookies stored in your browser. Also, if you are using a different computer or web browser, you will need to complete the deactivation procedure again.
You have the option to prevent actions you take here from being analyzed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving the usability for you and other users.
Start of form
Your visit to this website is currently collected by Matomo web analytics. Deselect this checkbox to opt-out. Your visit to this website is not currently being tracked by Matomo web analytics. Check this box to opt-in.
End of form
The tracking opt-out function requires cookies to be enabled.
The logs with the users' data are deleted after 6 months at the latest.
Integration of Services and Contents of Third Parties
Within the scope of our online offer, we use content or service offers of third party providers to integrate their content and services on the basis of our legitimate interests, which in this case primarily consist of the interest in the analysis, optimisation and economic operation of our online offer pursuant to Art. 6 Para. 1 lit. f. DSGVO, we use content or services offered by third-party providers in order to integrate their content and services. This concerns, for example, the integration of videos or fonts.
For an integration of contents and services of the third party providers, the IP address of the user must be known to them, otherwise no transmission to their browser can take place. The IP address is therefore essential for the presentation of this content and integration of services.
We endeavour to only include content and services whose respective providers use the IP address exclusively for the provision of the content and services. Third-party providers may also use so-called pixel tags for statistical or marketing purposes. A pixel tag, also known as a "web beacon", is an invisible pixel-sized graphic. They can be used to determine the visitor traffic on the individual websites of an online offer. The pseudonymised information can also be stored on the user's device in the form of so-called cookies. These contain, in particular, technical information on the browser and operating system, referring websites, time of visit and other information on the use of our online offer. In addition, this information can also be linked to such information from other sources. This is particularly the case if the users are logged in as members of the respective platforms on different devices.
We use Google Fonts. These are fonts which are downloaded by Google Ireland Limited when the website is called up. This is technically necessary, otherwise no characters could be displayed. During this process, data such as Ip address are forwarded to Google. The use of Google Fonts is based on our legitimate interests in a technically secure and maintenance-free use of fonts in accordance with Art. 6 para. 1 lit. f DSGVO.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://fonts.google.com/; data protection declaration: https://policies.google.com/privacy; Privacy Shield (guaranteeing the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active
To our knowledge, the data of the users is used by OpenStreetMap exclusively for the purpose of displaying the map functions and temporarily storing the selected settings. This data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually executed in the context of the settings of their mobile devices).
Registration for Events
On our website you can register for various events using registration forms created with Microsoft Forms. To process your application, we need your name, e-mail address, place of residence, etc.. The data is only used to process the registration. The data entered is processed for us by Microsoft on the basis of an order processing agreement. The legal basis is Art. 6 para. 1 lit. b DSGVO.
For more information about Microsoft Forms, visit https://support.office.com/de-de/forms, and for more information about how Microsoft processes personal data, visit https://privacy.microsoft.com/de-DE/privacystatement.
Using Zoom Videoconferencing Software
To conduct online meetings, video conferences and webinars (hereinafter: "online meetings"), we use the tool "Zoom".
Depending on the type and extent of use of "Zoom", various types of data are collected or processed. This includes in particular:
Personal information (e.g., first and last name, email address, profile picture), meeting metadata (e.g., date, time and duration of communication, meeting name, participant IP address), device/hardware data, text, audio and video data, connection data (e.g., phone numbers, country names, start and end times, IP addresses).
If you participate in an online meeting as an external participant, you will receive an access link by e-mail from the host. When you register for the online meeting, you must then enter your name and, if applicable, your e-mail address. In addition, the tool collects user data that is required for the provision of the service. This includes in particular technical data about your devices, your network and your Internet connection, such as IP address, device type, operating system type and version, client version, camera type, microphone or speaker, type of connection.
You can provide further information about yourself, but you do not have to. You are also free to use the chat function during the online meeting. You can also turn your camera and microphone on, off, or mute yourself. By default, the camera and microphone are disabled at the beginning of a meeting.
If you use the chat function, the text entries you make are processed in order to display them in the "online meeting". There is no logging of the chat. If you switch on your camera or microphone, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting.
Please note that any information you or others upload, provide, or create during an online meeting will be processed at least for the duration of the meeting. This includes, but is not limited to, chat/instant messages, files, whiteboards, and other information shared while using the service. No recordings are made.
Further information on the processing of your data when using "Zoom", a detailed list of the data collected and processed by "Zoom" as well as the "Zoom" data protection information can be found at: https://zoom.us/de-de/privacy.html.
If you participate in an online meeting as an external participant, your data will be processed on the basis of Art. 6 Para. 1 S. lit. b. DSGVO, insofar as your participation in the online meeting is necessary for the fulfilment of a contract concluded with you. The same applies if the implementation of the online meeting is necessary for the implementation of pre-contractual measures, which are carried out at your request. If the processing of data in connection with the use of "Zoom" is not necessary for the fulfilment of a contract concluded with you or for the implementation of pre-contractual measures, it is carried out on the basis of Art. 6 (1) sentence 1 lit. f DSGVO. Our legitimate interest here is to maintain location-independent communication, to maintain business contacts and to provide services owed. If you also voluntarily provide personal information when using the tool or voluntarily use functions that are not mandatory, the associated data processing is based on your revocable consent in accordance with Art. 6 (1) sentence 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. Please note that processing that took place before the revocation is not affected by this.
As a matter of principle, we do not transfer your data to third parties. Data is only passed on if it is intended to be passed on, if you have expressly consented to the transfer in advance or if we are obliged or entitled to do so by law.
When processing your data, Zoom Video Communications Inc. supports us as an external service provider and processor within the meaning of Art. 28 DSGVO. As a processor, Zoom Video Communications Inc. processes your data strictly in accordance with instructions and on the basis of a separately concluded order processing agreement. The data processing may also take place outside the EU or the EEA. With regard to Zoom Video Communications Inc., an adequate level of data protection pursuant to Art. 46 (2) lit. c DSGVO can be assumed through the use of EU standard contractual clauses as well as other suitable measures (establishment of end-to-end encryption and through the use of the data routing function; this is understood to mean the possibility of determining for oneself through which data centers the data should flow during meetings and webinars). We will gladly provide the concluded EU standard contractual clauses upon request.
As a matter of principle, we only process your data for as long as it is required for the purposes for which it was collected. We do not record anything. Your data is therefore not stored.
Photos and Lists of Participants