Updated: 08/25/2023
Data protection is a priority for us. With this privacy policy, we would like to inform you how we process your personal data when you use these websites and the services offered there.
Content
- Controller and data protection officer
- Purposes and legal basis for the processing of personal data
- Which personal data is being processed?
- Storage duration of your personal data
- Recipients of data
- Your rights
- Can the processing of personal data or this privacy policy change?
- Cookie policy
- Other special processing
- Contact form, contact via email
- Newsletter via email and email success measurement
- HubSpot
- Registration to events via doo.net
- Online meetings. Phone conferences and web-based seminars via “Zoom”
- Online meetings via video conference tool Microsoft Teams
- Applications
- Services via Microsoft Bookings
- Notes regarding data protection for external links
Controller and privacy officer
eviom GmbH, Schwanthalerstraße 11,80336 Munich (hereinafter “eviom”), is the controller for the processing of personal data within the scope of these websites and the services offered on these websites in accordance with the EU General Data Protection Regulation (“GDPR”).
For questions or comments on the topic of data protection, please contact eviom’s data protection officer (address: see above, email: datenschutz@vogel.de).
Purposes and legal basis for the processing of personal data
As part of our range of services we process your personal data in order to be able to offer customer-oriented services. Wherever possible, we give you the opportunity to decide for yourself, which data you would like to share with us.
We process your data for the purposes mentioned below on the legal basis provided for each case.
As we require your consent for certain processing purposes, we will expressly ask for it when necessary. In these cases, processing data will occur in accordance with art. 6 sec. 1, lit. a, GDPR. For example, this is the case when we use direct marketing via telephone or e-mail.
For analyses, statistical evaluations, targeting and re-targeting on these websites, e.g. in order to advertise to you, we use products from other providers, which are based on the so-called cookie technology and other things. This also occurs based on your consent. Information on data processing using cookie-based technologies and the tools used for this purpose, as well as on your rights to halt the use of these technical processes, can be found in the cookie policy section.
You can revoke your respective consent at will. Information on this can be found in the Your Rights section and the following sections, specifically detailing consent-based processing (e.g. in the cookie policy section).
If a contract is concluded between you and us, we will process your data for the purpose of fulfilling this contract on the basis of art. 6, sec. 1, lit. b, GDPR. In particular, this is necessary for the following purposes:
- Purchasing products or services on the basis of a contractual arrangement with you.
- Registration for events (on-/offline), e.g. public or non-public fairs or events. In this case, we process your personal data to support the participants of our events with planning, registration, participation, and the follow-up of an event, and to provide them with all necessary and useful information.
- Offer of special services, including consultation in the area of development and execution of marketing campaigns, consultation on how to better reach your marketing goals, including the improvement of your customer master data, market research, consultation and implementation of events for customers or employees, agency services and communication services.
- Processing and invoicing in case you use one of our charged offers.
For cases other than above, processing is based on the requirement to protect our legitimate interests in accordance with art. 6, sec. 1, lit. f, GDPR, specifically to offer customer-oriented services and to promote same or similar products of our product portfolio. In these cases, processing occurs for the following purposes:
- Advertising products and offers to better provide users or customers with information tailored to their interests and needs.
- Adequate design of our offers.
- Conducting advertisement success studies.
- Market research, e.g. online surveys.
- Acquisition of new customers
- Contacting for event advertising.
- Ensuring the security of our own IT systems, the optimization, and the functionality of our websites by saving technical usage data in log files
Generally, you have a corresponding right to object if the processing takes place on the basis of our legitimate interests (see Your rights section below). There is no right to object in the case of the collection of technical usage data for the display of our websites and the storage of this data in log files for the purposes listed in this section.
We are legally required to collect and process certain data. In this case, art. 6, sec. 1, lit. c, GDPR applies. This is the case, if, for example, we are obligated to transfer data, e.g. to law enforcement on the basis of a legal obligation or if we have to store data for a certain period of time on the basis of legal regulations such as commercial or tax regulations.
What personal data is processed?
We process the data that we need for the purposes stated in this privacy policy. If you are a registered user, we process your name, your function and position in the company, your job title, your field of activity, the industry of your company, the markets in which your company is active or wants to be active. In addition, your address and your electronic contact details, if necessary. If you are an existing customer, we store all accounting data that we need to invoice our services, potentially including your bank details, your conditions with us and tax-related data.
For the optimization of our offers, we may store additional data, e.g. publicly accessible data on your company, or compare the topicality of your data with data from suitable, openly available databases.
Additionally, we collect data regarding your interests, which we derive from your inquiries and the use of our online portals, in order to only provide you with offers that match your wishes and interests. If we use any technical methods for this, e.g. cookie-based technology, further information and your corresponding rights can be found in the cookie-disclaimer section.
Some data is also transmitted automatically (mainly technical usage data). Your computer automatically shares information with us, such as IP address, browser type, or access times for your use of our online portals. This data is vital for us to optimally present our offers in accordance with your hardware.
Storage duration of your personal data
We store your data as long as required in order to provide our services, meet contract obligations, or if we have a legitimate interest in longer storage.
If processing is based on your consent or on one of our legitimate interests, the data concerned will no longer be processed for the associated purpose after your revocation or objection has been receives and will be deleted if necessary, excluding legal grounds for data storage. Regardless, data stored on the basis of commercial or tax law will only be deleted after the statutory periods have expired. With the regular limitation period being three years, the duration of storage also depends on statutory limitation periods, which can be up to thirty years, for example according to §§ 195 ff. of the German Civil Code (BGB).
Under certain circumstances, your data must also be stored longer, e.g. if, in case of official or legal procedures, data deletion is prohibited for the duration of the procedure.
Information on the storage period of the cookies we use can be found in the cookie policy.
Recipients of data
Joint responsibility of the companies within the Vogel Group
For the company group Vogel, data is processed centrally at Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 79, 97082 Würzburg, and used in joint responsibility with the companies involved for the purposes stated in section Purposes and Legal basis A list of the companies in the Vogel Group can be found here. These companies are additionally bound by a separate data protection arrangement on joint responsibility (Art. 26 GDPR), and are limited in the processing of your personal data to the purposes stated in this privacy policy. Please address your rights mentioned in section Your Rights to Vogel Communications Group GmbH & Co KG using the contact details found in section Controller and Data protection officer. You are also free to address your rights to any other company within the Vogel Group.
Order processing
We sometimes hire service providers to help us process personal data on our behalf. We have bound these service providers to us by an order processing contract in such a way that they may only process the data for our business purposes and on our instructions. These service providers primarily include technical service providers (including affiliated companies) for the maintenance, hosting, and support of our IT infrastructure including this website, as well as service providers for mailings, lead campaigns, and other marketing measures.
Tracking and other cookie technology service providers
Tracking and other technical procedures based on cookie technology and implemented on our websites are provided by third parties and data is also passed on to them. For information on the cookie procedures in use and the corresponding third-party providers offering the technical tools, please refer to section Cookie policy.
Transfer of data to third countries
Generally, we do not transfer your data to other countries or third countries (countries that are neither members of the European Union nor of the European Economic Area) or to international organizations. Exceptionally, data may be transferred to third countries if this is necessary to provide services to you, if it is required by law, or if we have your consent. Some of the service providers that process personal data on our behalf are located in third countries that do not offer the same level of protection for your personal data as in the EU, due to – amongst others – the lack of laws, lack of rights, or lack of supervision in said countries. Some recipients, especially the providers of social media channels or registered users who process your data, are also located in said third countries. Personal data is only transferred to said third countries outside of the EU if the European Commission has adopted a so-called adequacy decision in this regard (art. 45, sec. 3, GDPR) (see here ) or if safeguards in accordance with article 46, GDPR are in place, in particular standard data protection clauses issued by the European Commission in accordance with article 46, sec. 2, lit. c, GDPR (see here). You can obtain a copy of these upon request (e.g. by e-mail) – for contact details see section joint controllers and data protection officer above.
Information on possible transfers of your data to third countries can also be found in the privacy policies of the recipients that make transfers to third countries. You can also find information on this under advanced settings of our cookie management tool, where our cookie-based processing is explained.
Your Rights
Provided that the legal requirements are met, you as a data subject are entitled to the following rights in accordance with articles 12 to 21, GDPR.
Information:
You have the right to request information about your personal data stored and the scope of our data processing and transfer and to receive a copy of your stored personal data.
Rectification:
You have the right to request without delay the rectification of personal data concerning you and stored about you, if this data is incomplete or incorrect.
Erasure:
You have the right to demand the immediate erasure of your personal data stored by us if the legal requirements are met.
This is particularly the case if
- your personal data are no longer needed for the purposes for which they were collected.
- the exclusive legal basis for data processing was consent which you since have revoked.
- you have objected to processing on the basis of legitimate interests (Art. 6, sec. 1, lit. f, GDPR) for personal reasons and we are unable to prove that there are overriding legitimate reasons for processing.
- your personal data have been processed unlawfully; or
- your personal data must be erased in order to comply with laws.
If we have passed on your data to third parties, we will inform them about the erasure, within the scope required by law.
Please note the restrictions regarding your right of erasure. For example, we are not allowed to erase data that we are required to retain by law. Data that we need to assert, exercise, or defend legal claims are also excluded from your right of erasure.
Restriction of processing:
You have the right to request restriction of processing if one of the following conditions is met:
- You dispute the accuracy of the personal data, and we need to verify the accuracy of the personal data.
- The processing is unlawful, you object to the erasure of personal data and instead demand the use of personal data be restricted.
- Whereas we no longer need your personal data for the purposes of processing, you need the data to assert, exercise, or defend legal claims.
- You have filed an objection to the processing, and it is yet to be determined whether our legitimate reasons override yours.
In the event of a restriction of processing, the data will be blocked centrally and – apart from your own copies – processed only with your consent or for the purpose of asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the EU or an EU Member State.
Data transferability:
If we automatically process the personal data you have provided to us on the basis of your consent or a contract with you (including your employment contract), you have the right to receive the data in a structured, common, and machine-readable format and to transfer this data to another controller without our interference. You also have the right to request direct transfer of personal data to another controller, given technical feasibility.
Objection:
If we process your personal data for legitimate interests or in the public interest, you have the right to object to the processing of your data for personal reasons. Furthermore, you have an unlimited objection right if we process your data for our direct advertising. Please see our separate note in the section “Your right of objection” below.
Revocation of consent:
If you have given your consent to the processing of your personal data, you can revoke this consent at any time. Please note that the revocation is only effective for the future. Processing prior to the revocation is not affected.
Specific information on how you may revoke your consent can be found in our online offers when your consent is specifically requested and in the relevant sections of this privacy policy regarding processing requiring consent (e.g. section cookie policy).
Complaints:
Additionally, you have the right of lodging a complaint with a supervisory authority in accordance with art. 77, GDPR, § 19 Bundesdatenschutzgesetz (BDSG), if you believe that your personal data is being processed unlawfully. The right of complaint is independent of any other administrative or judicial remedy.
Your right to object:
Based on your personal situation, you have the right to object to the processing of your personal data which is carried out on the basis of article 6, sec. 1, lit. f, GDPR at any time, including profiling based on these provisions.
We will no longer process your personal data unless we can provide compelling reasons worthy of protection for processing which outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If your personal data are processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of said marketing, including profiling related to said direct advertising.
If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
You may exercise your right to object in connection with the use of information society services by means of automated procedures involving technical specifications, regardless of directive 2002/58/EC.
To exercise your rights, you can contact the controller. The contact details can be found in section Controller and Privacy Officer.
Can the processing of personal data or this privacy policy change?
We constantly monitor the handling of personal data based on privacy regulations and make adjustments if necessary. Please take regular note of our privacy policy which presents the current status of our handling of personal data. Any changes will be announced here as well as in your user account. In the case of contractual changes, which affect e.g. the processing of your data for the fulfillment of the contract and the personalization of our offer, we will additionally inform you separately via e-mail.
Cookie policy
“Cookies” are files stored on your computer when you visit this website and which your browser “remembers”. A cookie file is saved in your web browser and allows the website or a third party provider to identify you and to better tailor the website to you on your next visit. Cookies and tracking pixels allow us to better and more efficiently provide our services to you, and to optimize your experience on our website.
Counting pixels are small graphics files that are connected to our servers and allow us to track your use of our website and its features. Additionally, we use tracking pixels or GIF files to support online advertising and to measure reach if necessary. Thus, we can evaluate the number of visitors to our website and the advertisements accessed by them. The information collected through cookies or GIF files does not contain your name, address, telephone number, or e-mail address.
How are cookies used?
When you access and use our websites, a number of cookie files are saved in your web browser which are essential to the operation and presentation of our websites. These cookies are absolutely technically necessary, e.g. session cookies or cookies that store certain settings for your device (e.g. language, resolution, volume, page transitions). Additionally, we use not absolutely technically necessary cookies which are mainly implemented by third parties in order to compile statistics on the use of the website and to make our marketing efforts more targeted.
Detailed information regarding cookie-based applications can be found in the advanced settings of our cookie management tool. You will find a list of cookies used on our websites under cookies in our cookie management tool.
Your options regarding cookies and the legal basis for cookie use
Each time you visit our websites, you can actively consent to the use of cookies that are not technically necessary for our websites to run (normally all third-party cookies) via the cookie management tool that is displayed. Cookies that are not necessary for our websites to run will not be set until you give consent. Once given, your consent to the use of cookies and the resulting processing can be revoked at any point using the cookie management tool. You can access the cookie management tool of our websites at any time via the symbol found in the lower left corner of your screen (overlay “data protection settings”), and via the “cookie manager” link found in the footer.
The legal basis for this permission-based cookie-based processing is § 25, sec. 1, s. 1, TTDSG, art. 6, sec. 1, lit. a, GDPR, otherwise art. 25, sec. 2, nr. 2, TTDSG, art. 6, sec.,1, lit. f, GDPR (our legitimate interest in the purposes described in detail in our cookie management tool).
In order to delete cookies yourself or to set up your web browser to delete or prevent cookies, access the help section of your web browser and choose the appropriate settings.
Other special processing
Contact form, contact via email
We provide a contact form on our websites which you can use to contact us and tell us your requests electronically and hassle-free. We collect your name and email address via the contact form. Our technology partner HubSpot provides the contact form on our websites (for more information see section HubSpot below).
Alternatively, contact using the email address provided is possible. In this case, the user’s personal data sent in the email is saved.
We only use your data to process your request and can use the provided contact data to contact you for this purpose. Such data are not used for advertisement purposes and are not transferred to third parties.
The legal basis for the processing of data collected using the contact form or any email received from you is art. 6, sec. 1, lit. f, GDPR. In case the purpose of the contact is to enter into a contract, the additional legal basis for processing is art. 6, sec.1, s. 1, lit. b, GDPR.
Processing personal data from the input form is solely used for processing the contact. For contacts via email, this also constitutes the required justified interest for data processing.
Data will be deleted as soon as the reason for their collection no longer exists. For personal data from the input form of the contact form and those provided via email, this is the case as soon as the conversation with the user is over. The conversation is over when it can be told that the issue at hand has been resolved.
Right of revocation
When contacting us via the contact form or via email, you can revoke your consent to the storing of your personal data at any point. The conversation cannot be continued in this case. In order to object to the use of your data, please send an email to datenschutz@vogel.de.
Any personal data collected during the contact will be deleted in this case.
Editorial newsletters via e-mail and e-mail success measurement
You have the option to receive vie e-mail (hereinafter “newsletter”) information on products from our portfolio (e.g. on feature articles, online articles and services, an on agency services) that are potentially of interest to you, sent to an e-mail address that you may have provided during a customer query, for example. You will be asked to consent to the processing of data and you will be referred to this privacy policy. The exact content of the declaration of consent and further information regarding your consent can be found in the form used to obtain said consent. We use services of our technology partner HubSpot for the mailing of the newsletter and the campaign management (for more information see section HubSpot below).
Legal basis for data processing is your consent (art. 6, sec. 1, lit. a, GDPR, art. 7, sec. 2, nr. 2, UWG).
Your e-mail address is collected in order to send the newsletter. Data will be deleted as soon as the reason for their collection no longer exists or if you exercise your right of revocation. Therefore, your e-mail address will be stored for the duration of your subscription to the newsletter.
Right of revocation
You can revoke your consent to receiving newsletters via email at any time. For this, every newsletter contains a corresponding link which can be used to un-subscribe. Revocation does not change the lawfulness of data processing that occurred up to the time of revocation.
In our newsletters, performance is measured by evaluating the access rate and the click through rate. We use this to determine the level of interest in certain topics and to measure the effectiveness of our communication measures. Herein lies our legitimate interest in performance measurement in accordance with art. 6, sec. 1, lit. f, GDPR.
Right to object with regard to performance measurement
When exercising your right to revoke consent granted in order to receive newsletters (see above), you can also object to the processing of your data for the purpose of performance measurement.
HubSpot
We use HubSpot for our online marketing activities on our websites. HubSpot is a comprehensive CRM solution of the software company HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA; HubSpot also have a subsidiary in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
The integrated software solution of HubSpot allows us to cover different aspects of our online marketing. This includes among others: E-mail marketing (automated mailings, e.g. to provide downloads), contact management (e.g. user segmentation & CRM), landing pages, and contact forms.
The features of our websites allow you as the visitor to learn more about our company, download content, and to provide contact information and other information. This information and the content of our websites is stored on the servers of HubSpot. They can be used by us to get in contact with you, and to determine which of our services are interesting to you. We use any collected information solely for the purpose of optimization of our marketing measures.
Within the scope of optimization of our marketing measures, the following data – among others – may be processed by HubSpot:
- Geographical position
- Browser type
- Navigation information
- Referral URL
- Performance data
- Information on how often the app is used
- Data displayed on location
- Domain name
- Viewed pages
- Aggregated usage
- Version of operating system
- Internet service provider
- IP-address
- Device ID
- Visit duration
- From where the app was downloaded
- Operating system
- Events that occurred in the app
- Access times
- Click stream data
- Device model and -version
Legal basis for processing via HubSpot is our legitimate interest in the purposes stated in this section, art. 6, sec. 1, lit. f, GDPR. Additionally, your consent serves as the legal basis for user tracking conducted via HubSpot, which we detail as part of our cookie management tool (see section cookie policy), for e-mail marketing (see section newsletter via e-mail and e-mail success measurement), and to provide contact forms on our websites (see section contact form, contact via email). Details regarding these processings can be found in the referenced sections.
We contractually bound HubSpot to comply with data protection regulation by entering into a corresponding data protection agreement. Since transmission of personal data to the USA via HubSpot cannot be ruled out, standardized contractual clauses of the European Commission apply to protect data transfer outside of the EU that impose additional measures for data protection regulations to protect the conducted data processing processes on HubSpot and us. The data protection agreement with HubSpot including the standardized contractual clauses can be found online at https://legal.hubspot.com/dpa.
Further data protection information regarding HubSpot can be found in HubSpot’s data protection declaration, found online at https://legal.hubspot.com/privacy-policy. Information to HubSpot’s general handling of EU data protection regulations can be found at https://legal.hubspot.com/data-privacy.
Registration for events via doo.net
You can register for events on our website. When you register for and participate in an event, we process your data that was either provided by you during the registration process or collected in the course of your participation in the respective event, for the purpose of carrying out the registration and participation in the event. We send information via mail or e-mail to the contact information you provide as part of the registration to and participation in an event.
Here, the legal basis is art. 6, sec. 1, lit. b, GDPR, meaning the fulfillment of the contract for participation in the respective event or the implementation of pre-contractual measures carried out at your request.
We use the service provider doo GmbH in Munich for the registration and management of events. Detailed information on data processing and data privacy at doo can be found in the doo privacy policy at https://doo.net/de/datenschutz.html.
Online meetings, conference calls, and web-based seminars via “Zoom”
Purpose:
We use the tool “Zoom” for conference calls, online meetings, video conferences, and/or web-based seminars (hereinafter: “online meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc., located in the USA.
Responsible party for processing data directly connected to “online meetings” is Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7/9, 97082 Würzburg.
If you access the “Zoom” website, the provider of “Zoom” is responsible for data processing. However, accessing the website in order to use “Zoom” is only necessary to download the software required to use “Zoom”. You can also use “Zoom” by entering the respective meeting ID and potential additional access data for the meeting directly in the “Zoom” app.
In case you do not wish to use the “Zoom” app, all basic functions are available using a browser version which can also be found at the “Zoom” website.
Different types of data are being processed when using “Zoom”. The range of data depends on your personal data preferences specified prior to or during your participation in an “online meeting”.
The following personal data are subject to processing:
User information: First name, last name, telephone (optional), email address, password (if “Single-Sign-On” is not being used), profile picture (optional), department (optional)
Meeting meta data: Topic, description (optional), participants’ IP addresses, device / hardware information
For recorded sessions (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
Joining via telephone: Information regarding Inbound and outbound phone number, country name, start and end time. Further connection data such as the device’s IP address can be saved where necessary.
Text, audio, and video data: You may have the option to use the chat, question, and survey features during an “online meeting”. In this case, your messages will be processed in order to display them in the “online meeting” and to log them if necessary. In order to allow video or audio to be played, the respective data of your device’s microphone and video camera will be processed for the duration of the meeting. Using the “Zoom” app, you can personally turn off or mute the camera or the microphone at any point.
In order to participate in an “online meeting” or to enter the “meeting room”, you need to at least provide information regarding your name.
Range of processing: We use “Zoom” to have “online meetings”. To ensure transparency, we will inform you ahead of time if we wish to record “online meetings” and will ask for your consent if needed. Additionally, the “Zoom” app will inform you of any recording taking place.
We will log chat files in case they are vital to protocol the outcomes of an online meeting. Usually, however, this will not be the case.
For web-based seminars, we can also process the questions asked by seminar participants for recording and post-processing purposes.
For registered “Zoom” users, “online meeting” reports (meeting meta data, telephone data, questions and answers in web-based seminars, survey feature in web-based seminars) can be stored for up to one month at “Zoom”.
An automated individual decision-making according to art. 22, GDPR is not used.
Legal basis of data processing: In case of Vogel Communications Group employees processing personal data, §26 BDSG (Federal Data Protection Act) is the legal basis of data processing. If, in connection with the use of “Zoom”, personal data is not required for the establishment, realization, or termination of the employment relationship, but is nevertheless an integral part of the use of “Zoom”, art. 6 sec. 1 lit. f GDPR constitutes the legal basis for data processing. We are focused on the effective conduct of “online meetings” in these cases.
Additionally, the legal basis for data processing in connection with “online meetings” is art. 6 sec. 1 lit. b GDPR for meetings held within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is art. 6 sec. 1 lit. f GDPR. Here too, we are focused on the effective conduct of “online meetings”.
Recipient / transfer of data: Personal data processed in connection with participation in “online meetings” will strictly not be shared with third parties, unless they are explicitly intended to be shared. Please note that contents from “online meetings” – as is the case with personal meetings – are often used to share information with customers, interested parties, or third parties and are therefore intended to be shared.
Other recipients: The provider of “Zoom” necessarily obtains knowledge of the above-mentioned data, within the scope of our data processing agreement with “Zoom”.
Data processing outside of the European Union: “Zoom” is a service offered by a provider from the USA. Thus, personal data is also processed in a third country. We have formed a data processing contract with the provider of “Zoom” which meets the requirements of art. 28 GDPR and is based on the standard EU contract clauses.
Online meetings via video conference tool Microsoft Teams
Purpose of processing: We use the online tool “Teams” for conference calls, online meetings, and video conferences (hereinafter: “online meetings”). As part of Microsoft Office, “Teams” is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA („Microsoft“).
Controller: We are the responsible controllers for the execution of online meetings via Teams and the data processing processes occurring in this context.
Note: If you access the Teams website, the provider of Teams is responsible for data processing. However, accessing the website is only necessary to download the software required to use Teams. Entering the respective meeting-ID and potentially additional access data for the meeting directly in the Teams app represents another form of use.
Basic features are also usable via a browser version which can also be found on the Teams website.
Collection and storage of personal data: Different types of data are being processed when using Teams. The scope of data depends, among others, on your data preferences specified prior to or during participation in an online meeting.
As cloud-based service, Teams processes different types of personal data upon providing the service. These personal data include:
- Content: Your meetings, chats, voice mails, shared data, recordings, and transcripts.
- Profile data: Data related to you and made available by your company. Examples for this are your e-mail address, your profile picture, and your phone number.
- Call history: A detailed history of phone calls you make allows you to search your own recorded calls at a later point in time.
- Data on call quality: Your system admins have access to details regarding your meetings and call data. Your admins can use this to diagnose problems related to poor call quality and the use of the service.
- Support/ feedback data: Information related to troubleshooting tickets or feedback sent to Microsoft.
- Diagnostic and service data: Diagnostic data related to use of the service. This personal data allows Microsoft to provide the service (troubleshooting, backup and activation of the product, and performance monitoring), and to run some internal business processes, e.g.
- Development of metrics
- Identification of service usage
- Execution of product and capacity planning
To the extent that Teams processes personal data in connection to the legitimate business processes of Microsoft, Microsoft is the independent data controller for this use, and, as such, responsible for compliance with all applicable laws and obligations of a data controller.
In order to participate in an online meeting or to enter a meeting room, you need to at least provide information regarding your name.
Information on type and scope of further data processing by Microsoft can be found in their data protection declaration. This can be found here: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.
Legal basis for data collection: In case of our employees processing personal data, §26 BDSG (Federal Data Protection Act) is the legal basis of data processing. If, in connection with the use of Teams, personal data is not required for the establishment, realization, or termination of the employment relationship, but is nevertheless an integral part of the use of Teams, art. 6, sec. 1, lit. f, GDPR is the legal basis for data processing. For these cases, our legitimate interest is the effective conduct of online meetings in these cases.
Additionally, the legal basis for data processing in connection with online meetings is art. 6, sec. 1, lit. b, GDPR for meetings held within the framework of existing or potential contractual relationships.
If no contractual relationship exists, the legal basis is art. 6, sec. 1, lit. f, GDPR. Here, too, our legitimate interest is the effective conduct of “online meetings”.
Data transfer to third parties, other recipients: As a rule, personal data processed in connection with participation in online meetings will not be transferred to third parties, unless you explicitly consented to such a transfer.
Other recipients: If it is provided for within the scope of our data processing contract with Microsoft, the provider by necessity obtains knowledge of above-mentioned data.
Data processing outside of the European Union: Teams is a service offered by a provider from the USA. Thus, personal data is also processed in a third country. We have formed a data processing contract with Microsoft which meets the requirements of art. 28, GDPR. An appropriate level of data protection is guaranteed by concluding the so-called EU standardized contractual clauses.
Applications
Our websites may include forms which you can use to apply online for job offers advertised by us or by other companies in the Vogel Group. Via the application form, you can provide your relevant personal data and upload your application documents to share with us.
Purpose of processing
We process the data you provide when sending the application form in order to assess your suitability for the position (or potentially for other vacant positions in our companies) and to run the application procedure.
We only process information that is essential to application at hand and its processing.
Data categories in the application process
The categories of processed personal data include data that you voluntarily share with us via the application, e.g. first name, last name, and your contact information (home address, (mobile) telephone number, e-mail address). This may also include special categories of personal data such as your religious affiliation, if you have indicated this, for example, in your CV.
Legal basis of the processing
The primary purpose of processing is to handle the application process and to potentially initiate an employment relationship, without this constituting a claim to the conclusion of such an employment relationship. The primary legal basis for processing is art. 6, sec. 1, lit. b, GDPR, in conjunction with art. 26, sec. 1, BDSG.
If special categories of personal data are processed in accordance with art. 9, sec. 1, GDPR, this serves exclusively to process your application and the subsequent selection procedure within the framework of the application process. Here, the legal basis is art. 9, sec. 2, lit. b, GDPR.
We will inform you ahead of time if we would like to process your personal data for a purpose other than the ones stated above.
Recipients of data
Upon sending your application for a vacant position, only the human resources department and the department that advertised the position will have access to your data, unless you have expressly consented to the transfer of your data to other recipients. If you have submitted an unsolicited application, your data will be made available to departments where vacancies clearly match your profile.
We use a specialized technology partner for the application process that provides the online form for integration into our websites and supports the internal administration of applications electronically. We have expressly committed the technology partner to conform to the data privacy regulations.
Storage duration and deletion In the event of employment, all data will be transferred to your personnel file or to our personnel information system. If your application does not result in employment, all of your data will be deleted after six months, or stored in our candidate pool for a period of two years given your express consent.
Services via Microsoft Bookings
You can book an appointment with us online, book a room, or use other app solutions if this feature is part of respective websites or services. Additionally, we have generally implemented central organization management with different servers (also for internal use). For this, we us the tool Microsoft Bookings (“MS Bookings”), a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland („Microsoft”).
When using a MS Bookings app, the IP-address and other technical information of your device (incl. the browser and operating system used) is automatically processed by Microsoft in addition to the information that you willingly provide us with upon filling out the respective application form:
We have obliged Microsoft to comply with data protection regulations via an agreement on commissioned processing; in this, Microsoft has guaranteed us, among other things, that all data are stored in Germany (server location: Frankfurt).
We use Microsoft Bookings to fulfill our contractual obligations to you when you use or have booked certain services on our websites, or when you are interested in services offered by us and would for example like us to provide further information on this. Thus, the legal basis is the performance of the contract or the entering into a contract, art. 6, sec. 1, lit. b, GDPR. Microsoft may conduct further processing on their own responsibility. On this, you can find information in Microsoft’s privacy policy linked below. Further information on Microsoft’s services, details of data processing via these services, and Microsoft’s privacy policy can be found at https://privacy.microsoft.com/de-de/.
Note on data protection for external links
Our websites may include links to own content (interior links) or to other websites. Links to other websites or external sources featuring third-party content are the responsibility of the respective website provider and are not our responsibility. These third-party websites usually have their own privacy policies that specifically inform of the processing processes taking place on the respective websites. We advise you to carefully check these privacy policies before transferring personal data to these websites.
Only when clicking on an external link, is data transferred to the target of the link. The transferred data includes in particular your IP-address, the time you clicked on the link, and other technical usage data of your device, the browser used, etc.
Please note that clicking a link to websites of providers located outside of the EU or the European Economic Area (EEA) may come with special risks. For countries outside of the EU/ the EEA, a data protection level comparable to that of the EU may not exist, and authorities, intelligence agencies, or other government agencies may potentially access the data transferred by you based on special security legislation. This is for example the case in the US. Do not click the external link if you have concerns regarding the security of you data in this context.