Privacy

8. use of video conferencing tools

When you communicate with us via video conferencing, we and the provider of the respective video conferencing platform (hereinafter referred to as “platform(s)”) process your personal data. With the following specific privacy policy, we inform you about the processing of your personal data within the scope of use.

8.1. Purposes and legal bases

We use platforms, for example, to offer certain services (e.g., conducting webinars or training courses, etc.) or simply to enable communication (both internal and external). The use of the platforms and other related purposes is therefore necessary for the provision of our services and, in principle, for the provision of our products and services. necessary for the performance of contracts (cf. Art. 6 para. 1 lit. b DS-GVO, § 26 para. 1 BDSG).

In addition, the use of the platforms is regularly in our legitimate interest (cf. Art. 6 para. 1 lit. f DS-GVO), as it simplifies the implementation or provision of our services and accelerates communication (both internal and external) or even makes it possible in the first place, especially if face-to-face events should not be possible. In the context of the provision of use, it may also be in our legitimate interest to carry out troubleshooting and generate evaluations.

Furthermore, the platforms may also be used on the basis of consent (cf. Art. 6 para. 1 lit. a DS-GVO), in particular in connection with any recording within the scope of use. We will inform you of this separately in advance in each case, in particular with regard to the personal data processed in connection with the recording (e.g. recording of image and spoken contributions or transcription of these).

8.2. The processed (personal) data

When using the platforms, we process (personal) data. Which (personal) data is processed and to what extent depends in particular on the service offered, the platform used, the technical functions used and the information you provide before, during or after participating in a meeting, e.g. a webinar. During a meeting, content can therefore also be exchanged, uploaded or otherwise made available. Typically, we process the following (personal) data in particular:

Meeting participant details: In order to participate in a meeting or enter the meeting room, at least the first and last name must usually be entered (depending on the platform used). Under certain circumstances, it is also possible to enter only a pseudonym. In addition to first and last name, we process the e-mail address and the access password to the meeting, optionally the profile picture and the telephone number.

If necessary, the information will be processed after the meeting for further purposes (e.g. issuance of participation confirmations). As a rule (depending on the platform and configuration used), the information is deleted 30 days after the end of the meeting. More information about the duration of personal data storage and deletion can be found below under No. 5.

Metadata: The following metadata may be generated as part of a meeting: Time and date of meeting, duration of meeting, interruptions of meeting, log-in and log-out time(s), measurement of behavior in the meeting, e.g. share of speech (optional), participant IP addresses, information on hardware and software used.

If necessary, metadata is used after the meeting for troubleshooting or evaluation, among other things. Metadata is usually deleted 30 days after the meeting ends (depending on the platform and configuration used). More information about the duration of personal data storage and deletion can be found below under No. 5.

Text, audio and video data: It is possible (if the function is enabled) to use the chat, question or poll function in a meeting. Text entries made are processed in order to display them in the meeting and log them if necessary. In addition, to enable the display of video and the playback of audio, (personal) data from the video camera and the microphone of the terminal device are processed during the duration of the meeting. The video camera and/or microphone can be switched off or muted by the user at any time.

Text, audio and video data will only be processed for specific purposes after the meeting (e.g. providing a link to view the webinar afterwards). After the purpose ceases to apply (e.g. expiry of the validity of the link), the data is deleted as a matter of principle, insofar as no further purpose justifies the processing. More information about the duration of personal data storage and deletion can be found below under No. 5.

Recording, storage: Optionally, video, audio and presentation recordings are made or, if necessary, a transcription of the spoken word. Recordings require that the camera and microphone are switched on, the screen is shared if necessary and the resulting functions are also used. If necessary, the transcription can also be used anonymously (depending on the platform and configuration used) by setting.

If the chat function is also used, the information you provide will be stored in the meeting chat text file. This also applies to sent files.

Recordings or other stored data are generally only processed after the meeting to the extent that this is necessary to achieve the purpose (e.g. subsequent provision of a link to view the webinar). If the purpose ceases to apply (e.g. expiry of the validity of the link), the records or other stored data are deleted as a matter of principle, insofar as no further purpose justifies the processing. More information about the duration of personal data storage and deletion can be found below under No. 5.

Dialing in with the telephone: As a rule, the phone number and country are processed, optionally location and connection data.

Where necessary, dial-in data is used after the meeting, e.g. for troubleshooting or evaluation. They are usually deleted 30 days after the end of the meeting (depending on the platform and configuration used). More information on the subject of the duration of storage of personal data and deletion can be found below under No. 5.

8.3. Platforms used, recipients of the (personal) data

To fulfill the aforementioned purposes, we currently use the following platforms in particular: Teams and Skype from Microsoft, GoToMeeting from LogMeIn, WebEx from Cisco and Zoom from Zoom Video Communications.

The data protection declarations of the platform providers (hereinafter “Providers”), with each of which we have concluded a commissioned processing agreement pursuant to Art. 28 DS-GVO, can be found here:

Teams and Skype from Microsoft:
https://docs.microsoft.com/de-de/microsoftteams/teams-privacy

GoToMeeting from LogMein:
LogMeIn (USA) Privacy Policy

WebEx from Cisco:
Cisco Online Privacy Statement – Cisco

Zoom from Zoom Video Communications:
Privacy | Zoom

Within our company, (only) those internal departments or employees receive personal data insofar as they need it to fulfill the aforementioned purposes in particular (enabling communication via a platform by creating a meeting). However, the data recipients are each required to use personal data only to the extent necessary.

If we transfer personal data to other (external) persons, companies or other third parties (e.g. downstream transfer of the recording of the meeting to participants) or grant them other access to personal data, this will only be done on the basis of legal permission or appropriate consent. If we commission third parties with the processing of personal data on the basis of a so-called “order processing agreement” and thereby secure the necessary powers of influence or control with regard to the processing and use of personal data, among other things, this is done on the basis of Art. 28 DS-GVO. However, we remain responsible to you for the lawfulness of the data processing. In this context, we also ensure that the providers maintain appropriate technical and organizational measures to protect personal data.

In addition, providers may also process personal data for their own purposes. Please note that in this case, the providers themselves are responsible and must fulfill the obligations arising from the GDPR (e.g. obligation to inform, obligation to delete after the purpose has been achieved, etc.). You can find more information in the privacy statements of the providers (see above).

8.4. Processing of personal data in a third country

As far as possible, we will carry out the processing of personal data on the territory of the Federal Republic of Germany, in another member state of the European Union or in another state party to the Agreement on the European Economic Area (e.g., we will store (have stored) the data generated in the course of use in an “EU cluster”).

However, if processing of personal data in third countries (e.g. USA) is necessary, in particular in connection with the commissioning of providers, we will ensure that the specific legal requirements for such processing operations are met and thus that an adequate level of data protection prevails in the respective third country. This includes, in particular, checking whether the European Commission has decided that an adequate level of protection exists in a third country (cf. Art. 45 GDPR) or whether suitable or adequate safeguards (e.g. standard contractual clauses) are in place and the enforcement of your rights is guaranteed, as well as whether sufficient technical and organizational measures are in place to protect the personal data.

For information on the appropriate or adequate safeguards and how and where to obtain a copy of them, please contact [email protected].

8.5. Duration of storage of personal data, deletion

In principle, we process or store personal data for the duration of a meeting or webinar and any subsequent services/processes (e.g. issuing certificates of attendance, providing the link to a webinar or transcription, etc.). In addition, we may also process or store personal data for other purposes, such as troubleshooting and evaluation purposes.

If the processing or storage is no longer necessary, we delete the personal data. This does not apply if, among other things, legally prescribed retention periods prevent deletion (cf. Art. 17 (3) DS-GVO) and/or another case of Art. 17 (3) DS-GVO applies. 3 GDPR exists and/or a new purpose justifies further processing.

Incorrect and/or incomplete data will be deleted according to. Art. 5 par. 1 lit. d) DS-GVO deleted or – as far as possible – corrected without delay.

8.6. Technical and organizational measures

To ensure that personal data is protected, the following technical and organizational measures are taken in particular:

• User authentication;
• Possibility for two-factor authentication (e.g. with Zoom and MS Teams);
• Transport / end-to-end encryption;
• Possibility to pixelate backgrounds after activating camera;
• Possibility participation with video/sound by default;
• Participation without creating account (guest account);
• Participation without installing application (web client);
• Recording and storage turned off by default, only after consent recording is started.

8.7. Further data protection information

Further information on the processing of your personal data, in particular on your rights, can be found in the privacy policy applicable to you as a customer, supplier, etc. (cf. privacy policies available above) or in this privacy policy.

9. contact

When contacting us (via contact form, telephone, fax, mail or e-mail), your personal data will be used to process your request and handle it in accordance with the German Data Protection Act. Art. 6 par. 1 lit. b and lit. f GDPR is processed. The information marked as mandatory in the contact form is required for the processing of your request.

As a rule, we delete requests 3 months after their receipt, at the latest, however, if they have been answered. In the case of legal storage obligations that must be observed, the deletion takes place after their expiration.

10. newsletter

With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Content of a newsletter: We send e-mails and other (electronic) notifications with advertising information (hereinafter “newsletter”) only with your consent or on the basis of legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for consent. Our newsletters also contain information about our products, offers, promotions and our company.

The newsletter is sent by us or, if applicable, by a service provider commissioned by us.

Logging double opt-in and changes: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can log in with other people’s e-mail addresses. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your (personal) data stored with the shipping service provider are also logged.

According to its own information, the mailing service provider may use your (personal) data in pseudonymous form, i.e. without assignment to a user, to optimize and improve its own services, e.g. for the technical optimization of the mailing and presentation of the newsletter or for statistical purposes in order to determine from which countries the recipients come. However, the shipping service provider does not use your (personal) data to write to you itself or to pass on your (personal) data to third parties.

Registration data: To subscribe to the newsletter, simply enter your e-mail address. Optionally, we ask you to enter your first and last name so that we can address you personally.

Performance measurement: The newsletters contain a so-called “web-beacon”. This is a pixel-sized file that is retrieved from the mailing service provider’s server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used in particular for the technical improvement of the services and to determine your reading habits. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. This information can be assigned to you for technical reasons.

The newsletter is sent and its success is measured on the basis of your consent in accordance with. Art. 6 par. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG. The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 par. 1 lit. f GDPR and serves as proof of consent to receive the newsletter.

Revocation: You can revoke the receipt of our newsletter at any time. You will find a link to unsubscribe from the newsletter at the end of each newsletter. Your (personal) data will be deleted in the event of a revocation.

11. integration of third-party services and content Reiter

We use content or service offerings from third-party providers within our online offering. This is done on the basis of our legitimate interests (interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR) or on the basis of your consent in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 par. 1 lit. a GDPR. This means that we integrate content and services from third-party providers, such as videos or fonts (hereinafter uniformly referred to as “content”). The prerequisite for this is that the third-party providers are aware of your IP address, as they would not be able to send the content to your browser without the IP address. The IP address is therefore required for the display of content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the website. The pseudonymous information may also be stored in cookies on your device and contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as being linked to such information from other sources.

In the following presentation, we have compiled an overview of third-party providers together with the content they offer and the links to their data protection declarations, which may contain further information on the processing of data and information on how to object. Please note that we have listed other third-party providers and further information on the third-party providers mentioned here in our cookie policy.

– Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacypolicy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
We use the “LinkedIn Insight Tag” conversion tool within our online offering. This tool creates a cookie in your web browser, which enables the collection of data. Based on the data collected, LinkedIn creates anonymized reports about the website target group and makes them available to us. LinkedIn also shows us the display performance. LinkedIn also offers the option of retargeting via the Insight Tag. We can use this data to display targeted advertising outside our online offering without identifying you.

– Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy policy: https://www.xing.com/app/share?op=data_protection

– Provider: (Instagram) Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://help.instagram.com/519522125107875

– Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/about/privacy/
With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of the partners cooperating with Facebook (so-called “Audience Network”). https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion measurement”).

Provider: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data protection provisions: https://policies.google.com/privacy?hl=de
Terms and conditions: https://marketingplatform.google.com/about/analytics/terms/us/
Opt-out: http://tools.google.com/dlpage/gaoptout?hl=de
Further information about Google Analytics: If you have given your consent, our website (we) may use Google Analytics 4, a web analytics service. For users in the EU/EEA and Switzerland, the executing party is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Scope of processing: Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
We can use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data), and ads can be delivered to these users in cross-device remarketing campaigns.

Please note the following with regard to the Google functions mentioned above: IP address anonymization is activated by default in Google Analytics 4. IP anonymization means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

When you visit your website, your user behavior is recorded in the form of “events”. Events can be:

– Page views
– First visit to the website
– Start of the session
– Your “click path”, the interaction with the website
– Scrolls (when a user scrolls to the bottom of the page (90%))
– Clicks on external links
– internal search queries
– Interaction with videos
– File downloads
– Viewed/clicked ads
– Language settings

Also included:

– Your approximate location (region)
– Your IP address (in abbreviated form)
– technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
– Your Internet service provider
– the referrer URL (via which website/advertising media you came to this website)
Purposes of processing: Google will use this information on our behalf to evaluate your pseudonymous use of our website and to compile reports on website activity. The reports generated by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Recipients of the data are/may be in particular
– Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
– Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
– Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities will access the data stored by Google.

Transfer to third countries: If data is processed outside the EU/EEA and there is no adequate level of data protection there that corresponds to the European standard under the GDPR, we have concluded EU standard contractual clauses in order to establish an adequate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of personal data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against (in particular unlawful) access by authorities.

Duration of storage: The data sent by us and linked to cookies is automatically deleted after 2 or 14 months. Data whose retention period has expired is automatically deleted once a month.

Legal basis: The legal basis for this data processing is your consent in accordance with Art. 6 (1) a) GDPR.

Revocation: You can revoke your consent at any time with effect for the future by calling up the cookie settings/administration and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected by this.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functions on our and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the (further) processing of this data by Google by clicking

a. do not give your consent to the setting of the cookie or
b. Download and install the browser add-on to deactivate Google Analytics here.