With the following information, we provide you as participants (m/f/d) of our online events with an overview of how we process your personal data and your rights.
Notice: Only for reasons of better readability, the simultaneous use of the language forms male, female and diverse will be omitted in the following. All personal designations apply equally to all genders.
1. Responsible body / supervisory authority
CONTURA MTC Ltd.
Hämmerstraße 6
Competent supervisory authority:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
You can reach our data protection officer as follows:
Mr. Dipl.-Inform. Olaf Tenti
GDI Gesellschaft für Datenschutz und Informationssicherheit mbH
Körnerstr. 45
58095 Hagen
Email:
datenschutz@gdi-mbh.eu
2. What sources and data do we use?
We process data that you provide to us or that we have received from third parties under existing contracts or with your permission.
In particular, the following personal data and categories of data are processed for the purposes mentioned in section 3:
– Data about you as a user:
First name, last name, or the selected display name, company, address, phone number, email address, optional: your profile picture.
– Event Data:
Desired online event: online training, online meeting or video conference, date, time, meeting ID, phone numbers, location.
– Attendance at the appropriate event:
Text, audio and video data. It may be possible to use the chat function in an “online meeting”. In this respect, the text entries made there are processed in order to display them in the “Online Meeting”.
To enable the display of video and the playback of audio, the data from the microphone of the terminal device as well as from any video camera of the terminal device are processed accordingly during the duration of the meeting. The camera or microphone can be switched off or muted by the user at any time.
– IP address
3. What do we process your data for (purpose of processing) and on what legal basis?
In the following, we inform you about what we process your data for and on what legal basis.
3.1 For the fulfillment of contractual obligations (Art. 6 para. 1 letter b DS-GVO)
If you yourself are our employee or customer and wish to participate in one of the events named under No. 2, the processing of personal data is carried out for the fulfillment of the contract concluded with you and is also necessary for this purpose.
3.2 In the context of the balancing of interests (Art. 6 para. 1 lit. f DS-GVO)
If your employer is our customer and has registered you for the training or had you registered, we process your data on the basis of a balancing of interests. We have an interest in processing in order to be able to fulfill the contract vis-à-vis your employer and also process only the data necessary for this purpose (see above under 3.1.)
We may also use your data on the basis of a balance of interests to protect other legitimate interests of us or of third parties. This may be done in particular for the following purposes:
– General business management
– Assertion of legal claims and defense in the event of
legal disputes
– Prevention and investigation of criminal acts
– Ensuring IT security and IT operations
– Fulfillment of contracts with your employer, in which you participate due to your position and duties
Our interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient task fulfillment, sales, avoidance of legal risks).
4. Who GETS my data?
Your data will only be passed on if a legal basis permits this. The data mentioned under point 2 will be transferred to government agencies if there is a legal obligation to do so or if you have given your consent to this transfer. Such state authorities may be, in particular, the tax authorities, the customs administration, but also the trade supervisory authorities.
Within our company, your data is only received by those departments that require it to fulfill our contractual and legal obligations or to perform their respective tasks (so-called “need-to-know” principle). We ensure that our employees and any service providers have been instructed in and committed to confidentiality.
Within the aforementioned limits, we reserve the right to involve third party service providers who act on our behalf and according to our instructions within the scope of the provision of services (order processors). These service providers may receive personal data or come into contact with personal data in the course of providing the service and constitute third parties or recipients within the meaning of the GDPR. In such a case, we shall ensure that our service providers provide sufficient guarantees that appropriate technical and organizational measures are in place and that processing operations are carried out in such a way that they comply with the requirements of the GDPR and ensure the protection of the rights of the data subject (cf. Art. 28 GDPR).
Such a processor is, for example, the
Teams:
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA
Teamviewer:
TeamViewer Germany GmbH
Station square 2
73033 Goeppingen
4.1 NOTICE OF THE PROCESSING OF YOUR DATA IN THE USA
The U.S. is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities, for control and for monitoring purposes, possibly also without any means of redress
In the context of the use of the services named under 4, it cannot be ruled out that personal data will be transferred to the USA. By your voluntary participation in the online event and a use of the application you granted a corresponding consent, you are not obliged to do so (see under 8.).
Insofar as personal data is transferred to third parties and/or recipients outside of commissioned processing, we ensure that this is done exclusively in accordance with the legal requirements and only if there is a corresponding legal basis or, if applicable, a
Teams: When using the chat function: The chat contents are logged when using Microsoft Teams. Files that users share in chats are stored in the OneDrive for Business account of the user who shared the file. The files that team members share in a channel are stored on the team’s SharePoint site.
Teamviewer ‘s headquarters are located in Germany. For subcontractors with potential overlaps with non-EU countries, Teamviewer has included the standard contractual clauses in the data processing agreements: https://www.teamviewer.com/de/eula/
5. How long will my data be stored?
As far as necessary, we process your personal data for the duration of the contract. After that, deletion generally takes place after 2 years. We are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage or documentation are two to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which are generally three years, for example, according to Sections 195 et seq. of the German Civil Code (BGB).
6. What other data protection rights do I have AS AFFECTED / AFFECTED PARTY?
You have the right to information under the respective legal conditions (Art. 15 DS-GVO, § 34 Bundesdatenschutzgesetz (BDSG), to correction (Art. 16 DS-GVO), to deletion (Art. 17 DS-GVO, § 35 BDSG), to restriction of processing (Art. 18 DS-GVO), to objection (Art. 21 DS-GVO) as well as to data portability (Art. 20 DS-GVO). You also have a right of appeal to a data protection supervisory authority (Art. 77 DS-GVO, § 19 BDSG).
7. To what extent will my data be used for profiling?
We do not process your data with the aim of evaluating certain personal aspects (so-called “profiling”).
8. Am I obliged to provide the data?
You are not required by law to provide us with personal data. However, if you do not provide us with the data necessary for the registration and implementation of the online event or do not provide this data, participation in the respective online event cannot take place.
It may then also not be possible to conclude or execute a contract.
9. Information about your right to object according to Art. 21 DS-GVO
|
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para. 1 letter f DS-GVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 Para. 4 DSGVO as well as for direct marketing within the meaning of Art. 21 para. 2 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. The objection can be made without any formalities and should preferably be addressed to the contact options mentioned under point 1.
|