Privacy Policy

 

General Information

This policy informs you about the processing of your personal data while you are using our website.

  1. 1. The data controller according to the General Data Protection Regulation (GDPR) as well as other data protection laws and dispositions of individual EU Member States is:

    SMART DATA Deutschland GmbH
    Hilpertstraße 31
    64295 Darmstadt
    Deutschland
    datenschutz@smart-data-deutschland.de

  2. 2. The data protection officer according to the GDPR and other data protection laws and dispositions is:

    Mr. Sebastian Feik
    legitimis GmbH
    Ball 1
    51429 Bergisch Gladbach
    Deutschland

 

Introduction

This data protection policy aims to provide you, as a client or an interested party, with a detailed overview how and within which scope your personal data is collected, stored, processed, and transferred when visiting our website or using our services. Additionally, it aims to provide you with an overview of which data protection measures we use, and which options are available to you when visiting our website or using our services.
In order to continue protecting your personal data in the future, especially when adapting to new data protection regulation or technical developments, it is inevitable that we will occasionally adapt our data protection policy. We therefore advise to regularly check our information regarding data processing in order to remain up to date. 

 

  1. Object of protection

    The object of protection is your personal data. In the GDPR, personal data is defined in Art. 4, 1., as data regarding an identified or identifiable natural person. It is therefore all data in relation to you (regardless of direct or indirect), such as first name, surname, address, email address, user behaviour, etc. Data related to websites or online services which do not belong to us or which we do not control is not part of this data protection policy.

  2. When and within which scope do we process personal data?

    In following you will find an overview of all activities within which your personal data is processed:

    2.1 2.1. For the performance of contractual services / registration
    We process inventory data and contractual data to execute our contractual obligations and provide our services (Art. 6, 1., b)).

    2.2. Contact
    If you contact us per email or through our contact form, the information will be processed as necessary to answer your request.

    2.3 Visit of our website
    When you visit our website, we may use authorised cookies from service providers or other similar technology. Information is thereby sent automatically from your browser to our website’s servers. This server is then stored as so-called log-files for a short period. The information acquired through this process help us to adapt our services to the expectations of our clients as well as to improve them and their security. Additionally, they are used for advertisement purposes.

  3. Legal basis for the processing of personal data

    If we acquire your consent for the processing for personal data, the legal basis is Art. 6, 1., a) of the GDPR.
    If the processing of personal data is necessary to execute a contract to which the data subject is a party, the legal basis is Art. 6, 1., b). This legal basis also applies for processing within the scope of pre-contractual measures.
    If the processing is necessary to comply with a legal requirement, the legal basis is Art. 6, 1., c).
    If the processing is necessary to comply with the legitimate interest of our company or of a third party which is not overweighed by the rights and interests of the data subject, the legal basis is Art. 6, 1., f).

  4. Data deletion and storage duration

    The data which we store is deleted as soon as the purpose of the processing no longer exists, as long as no legal storage obligation prevents it. If the data is not deleted because it is required for legal purposes, the processing is restricted. This means the data is locked up and will not be processed for any other purposes. This applies for example to user data which must be stored due for financial or tax law purposes. Under German law, according to § 257 Abs. 1 HGB, the storage may be required for 6 years (Commercial books, inventory, opening reports, yearly reports, commercial letters, accounting receipts…) or for 10 years (books, records, storage reports, tax relevant information…).

  5. How do we protect personal data?

    We implement physical, technical, and administration security measures to properly protect your data from loss, misuse, unallowed access, transfer, or modification. These security measures include firewalls, data encryption, access rights for the access to data, and we carefully select our servers’ location. We are committed to the security of our systems and services.

  6. When do we transfer data?

    Our priority is to ensure that we do not sell or rent personal data. Data is only transferred when this is inevitable, for example for the execution of a contract, or we have a legitimate interest or your consent to do so. Each of our contractual partners is chosen carefully and has an obligation to protect data according to the legal dispositions. For this reason, we conclude data processing agreements with our service providers.


  7. Links

    There may be links on our website to third party websites, the content of which we are not responsible for and to which this data protection policy does not extend.

  8. Your rights

    As soon as your personal data is processed, you are considered a data subject according to the GDPR. As such, you have the following rights owed to you by the controller (therefore, us):

    • Right to access,
    • Right to rectification or erasure,
    • Right to restriction of processing,
    • Right to object,
    • Right to data portability.

    Additionally, you have the right to complain to the data protection authority about the processing of your personal data.

Provision of the website and creation of log files

  1. 1. Scope and duration of the data processing

    As soon as you visit our website, our system collects information and data about the computer system of the device visiting the page, regardless of registration. The following data is processed and stored for safety purposes for a short period:

    • As soon as you visit our website, our system collects information and data about the computer system of the device visiting the page, regardless of registration. The following data is processed and stored for safety purposes for a short period:
    • http-status code / access status
    • Time difference to Greenwich Mean Time (GMT)
    • The user’s operating system
    • The user’s IP address
    • Time and date of the visit
    • Duration of the visit
    • Websites from which the user’s system reached our page
    • The user’s service providers
    • Websites which are accessed by the user’s system through our page
    • Device type and brand

    As soon as you have left the session, the data is deleted. If the data is processed longer, it is anonymised and evaluated for optimisation purposes. The collection and storage of data is absolutely necessary for the provision of our website. As such, there is no possibility to object.

  2. Purpose and legal basis for the data processing

    The storage of the IP address on our system for a short period is necessary to provide access to our website for the user’s device. For this purpose, your IP address is stored for the duration of your visit to our website.
    The storage in so-called log file takes place in order to guarantee the functionality of our website. Furthermore, we require the data to optimise our website and to guarantee the safety of our information systems. As such, we have a legitimate interest under Art. 6, 1., f) GDPR. 

Cookies

  1. 1. Description and scope of the data processing

    Our website uses cookies which are text files which are stored either on the user’s browser or on their device. These cookies are composed of a singular series of symbols which permit the identification of the browser when returning to visit the website. Cookies cannot transmit programs or viruses.

    1.1 Temporary cookies
    Temporary cookies are so-called “session cookies” which store a session-ID to recognise the device when the website is revisited. Session cookies are automatically deleted when the browser is closed.

    1.2 Persistent cookies
    Persistent cookies are stored as long as they are not deleted from the device. Cookies are used to make our website more user friendly. Several elements of our website require that the browser be recognisable when switching pages. Those technically necessary cookies store and transfer following data:

    • Log ininformation
    • Language settings
    • Articles in the purchase basket

    1.3 Analysis cookies
    Furthermore, our website uses cookies which provide information about user behaviour. Those are cookies are in majority third party provider cookies (e.g. Google Analytics). The data is anonymised and exclusively evaluated by us. When you open a website, a cookie can be stored on your operating system and transfer the following data:

    • • Usage of website functions
    • User behaviour
    • Classification of the source of the website access
    • Classification of an affiliate / advertising partner
    • Frequency of the visits
    • Entered search terms

    When opening a website, you are informed about the use of cookies for analysis purposes and your consent is acquired for the ensuing processing of personal data. This also includes a reference to this data protection policy.

  2. Legal basis for the processing

    The legal basis of the data processing when using technically necessary cookies is Art. 6, 1., f) GDPR whereas it is your consent according to Art. 6, 1., a) GDPR for analysis cookies.

  3. Purpose of the processing

    The purpose of the technically necessary cookies is to simplify the use of our website. Several functions of our website cannot be offered without the use of cookies. It can be necessary to store the browser identification when changing pages on the website. For these purposes, following data is stored:

    • Language settings
    • Search terms

    The use of analysis cookies aims to improve the quality of our website and of its contents. Through analysis cookies, we can determine how our website is used and can therefore improve our offer.

  4. Storage duration and user rights

    Cookies are stored on your device and transferred to our website. As a user you therefore also have control over the use of cookies through the settings of your browser where you can deactivate or restrict the storage of cookies. You can delete stored cookies at any time or set up an automatic deletion. If cookies are deactivated on our website, some functions may not be completely accessible.

Contact form and email contact

  1. Scope of the data processing

    You can contact us both through email or through a contact form. If you use the contact form, the data which is indicated on the contact form page is transferred to us and stored. The following data is stored:

    • User’s email address
    • User’s name
    • User’s IP address
    • Time and date of the contact request

    Your consent is acquired before you can send the contact request with reference to this data protection policy. Furthermore, you may contact us directly through the provided email address. In this case, the personal data provide in the email will be stored. There is no transfer to thirds and the data is exclusively used for the purpose of managing your request.

  2. 2. Purpose and legal basis for the processing

    The process of your data occurs exclusively to manage your request. Further data transferred during through the contact form aims to prevent its misuse and to ensure the safety of our information systems.
    The legal basis for the data processing is the user’s consent according to Art. 6, 1., a) GDPR. If contact per email is part of a process to conclude a contract, the legal basis is Art. 6, 1., b).

Applications

We process the data which you have sent us along with your application in accordance with the legal requirements and exclusively on the basis of your consent (Art. 6, 1., a) GDPR) in order to check your suitability for the position and to conduct the recruitment process. The main legal basis for this is Art. 6, 1., b) GDPR (general contractual requirements) together with § 26, paragraph 1 BDSG (requirements of an employment contract).

If any special categories of personal data (especially health data, e.g. a disability) is sent, it will be processed in accordance with Art. 9, 2., b) GDPR. The processing within the frame of the recruitment process serves only to comply with duties under § 164 SGB IX.

If the data may be necessary for legal proceedings after the conclusion of the recruitment process, the storing of data will continue on the basis of Art. 6 GDPR, especially for our legitimate interest in accordance with Art. 6, 1., f) GDPR. Our interest lies in the execution of or defence against legal claims. In order to comply with this interest, we store your data for six (6) months.

The data which you have sent us will be processed further in the case of a successful recruitment process for the purposes of the employment. Access to your data will be exclusively restricted to personnel who need it for the proper conduction of the recruitment process.

eTracker

    1. Scope and duration of the processing

      We use etracker on our website, which is a software of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany, which is an analytics tool on our website through which data is collected and evaluated for website optimisation purposes, especially regarding its efficiency. Through the setting up of cookies on the users’ browser, etracker analyses user behaviour on our website (which pages are accessed, how long and how often it is visited) and processes IP-addresses, data about the user’s device and domain.
      Data is anonymised as quickly as possible in order to reduce identifiability.
      Should you object to this processing, you can prevent the storage of cookies through the settings of your browser.

    2. Legal basis and user rights

      etracker processes personal data exclusively on the basis of user consent according to Art. 6, 1., a) of the GDPR.
      As a data subject, you are allowed to object the processing of your personal data through etracker and are allowed to access your data or request its deletion. To exercise your rights as a data subject you can contact etracker in writing per email to privacy@etracker.com or per post to etracker GmbH, Datenschutzbeauftragter, Erste Brunnenstraße 1, 20459 Hamburg, Germany.

 

Google Ads

  1. Scope of the processing

    Google Ads is an advertisement tool through which targeted words in Google searches will give you a quicker access to our website.
    Following data is processed through Google:

    • Data about the apps, browsers, and devices used to access Google services.
    • Type and settings of the browser, type and settings of the device, operating system, information about the mobile network such as the mobile provider and the phone number as well as version number of the app.
    • Data about the interaction of the apps, browser, and device with Google services, including but not limited to IP-Address, error notifications, system activity such as the date, time, and the URL link of the request.
    • Location data: GPS, IP-Address, sensor data of the device, information about objects in proximity of the device, Wi-Fi connection points, Network devices and Bluetooth capabilities of devices.
    • Searches.
    • Content and ads which the user has viewed and interacted with.
    • Speaker and audio data in case of usage of the audio functions.
    • Purchases.
    • People with whom the user has communicated or shared content.
    • Activity on Google providers and on other websites and apps from third parties which use Google services.
    • If necessary, phone data such as phone number, caller number, number called, transfer number, date and time of calls and messages, duration of calls, routing information, and types of calls.
    • If necessary, google chrome history.
    • If necessary, name, email address, phone number, password, payment information.

    Data which is processed through Google may be transferred to thirds.

  2. Legal basis and data subject rights

    Your data is processed by Google with your consent according to Art. 6, 1., a) of the GDPR.
    As a data subject, you can object to the processing of your data through Google as well as request access or deletion of your data.
    You can find further information about the processing of your personal data through Google at: https://policies.google.com/privacy?hl=de

 

 

Google Adwords Conversion

With your consent, we use the tool Google Adwords through which we can use advertising methods (so-called Google Adwords) on third websites in order to attract attention to our offers. Based on the data of the advertising campaigns, we can determine how successful individual advertising methods were. Our interest is to provide you with ads which are of interest to you in order to present our website in a manner more interesting to you and to determine the advertising costs.
This means of advertising is provided through the so-called Google Ad Servers. For this, we use Ad server cookies with different settings to measure success, the blocking of ads or the number of clicks through users. Of you accessed our website by clicking on a Google ad, a cookie is stored on your device by Google Adwords. These cookies generally lose their validity after 30 days and are not used to identify you personally. Those cookies generally store analysis data about unique cookie IDs, number of ad impression per placement (frequency), last impression (relevant for post-view-conversions) as well as opt-out information (indication, that the user no longer wants to be contacted).
These cookies allow Google to recognise your browser. If a user has visited a specific page of an Adwords client and the cookie has not yet run out, both Google and the client can determine that the visitor has clicked on the ad and was directed to the webpage. Each Adwords client gets a specific cookie. As such, cookies cannot be tracked on the website of the client. We do not collect of process personal data when using these advertising methods. We only receive statistical evaluations from Google. On the basis of this evaluation, we can determine which method is particularly effective. We do not receive any further data from the advertising method and we cannot identify the user.
Due to the used marketing tools, your browser creates an automatic connection with the Google Server. We do not have any influence on the scope of processing or further processing of your data by Facebook which occurs through the use of this tool and are thus informing you within our level of knowledge. Through the use of Google AdWords Conversion, Google acquires information that you have accessed a specific page of our website or that you have clicked on one of our ads. If you are logged in on Google, your visit can be linked to your account. Even if you are not registered on Google or are not logged in, it is possible that your IP address and any further identifiable markers will be collected and stored.
The legal basis of the data processing is your consent according to Art. 6, 1., a) GDPR. You can find further information about data protection at Google under: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html
Alternatively, you can visit the website of the Network Advertising Initiative (NAI): http://www.networkadvertising.org.

Use of Social Media icons or internet links

No personal data is transferred automatically when using social media icons of Facebook, Twitter, YouTube, etc. on our website. To prevent the automatic transfer of data to the social media provider, the setting of those services occurs through a link. No social media plugins are used for data protection purposes. We do not have any joint control over the processing of your personal data for the purposes set out by these services. Our presence on social media is part of our publicity in order to inform and exchange with you.

Google reCAPTCHA

Google reCAPTCHA is used as a security feature on our website in order to protect our website as well as its users from spam and other security attacks. With your consent according to Art. 6, 1., a) of the GDPR following data is processed through Google:

• Data about the apps, browsers, and devices used to access Google services.
• Type and settings of the browser, type and settings of the device, operating system, information about the mobile network such as the mobile provider and the phone number as well as version number of the app.
• Data about the interaction of the apps, browser, and device with Google services, including but not limited to IP-Address, error notifications, system activity such as the date, time, and the URL link of the request.
• Location data: GPS, IP-Address, sensor data of the device, information about objects in proximity of the device, Wi-Fi connection points, Network devices and Bluetooth capabilities of devices.
• Searches.
• Content and ads which the user has viewed and interacted with.
• Speaker and audio data in case of usage of the audio functions.
• Purchases.
• People with whom the user has communicated or shared content.
• Activity on Google providers and on other websites and apps from third parties which use Google services.
• If necessary, phone data such as phone number, caller number, number called, transfer number, date and time of calls and messages, duration of calls, routing information, and types of calls.
• If necessary, google chrome history.
• If necessary, name, email address, phone number, password, payment information.

Data which is processed through Google may be transferred to thirds.
As a data subject, you can object to the processing of your data through Google as well as request access or deletion of your data.
You can find further information about the processing of your personal data through Google at: https://policies.google.com/privacy?hl=de

17 Embedding of YouTube videos

(1) In our online presence, we use YouTube. It is a video service provided by YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA (following: YouTube). YouTube is a subsidiary of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (following: Google).

(2) We use YouTube together with the setting “extended data protection mode” in order to show you videos. The legal basis is Art. 6, 1., f) GDPR. Our legitimate interest is the improvement of our online presence. According to YouTube, the setting “extended data protection mode” that the data described below is only processed when you actually start a video.

Without this setting a connection to the YouTube server in the US is created as soon as you visit a page on which a YouTube video is embedded.

This connection is necessary in order to show the video on our website through your browser. Through this, YouTube acquires and processes at least your IP-address, the time and date as well as the website you are visiting. Additionally, a connection is created by Google to the advertisement network “DoubleClick”.

Should you be logged into a YouTube at the time, the connection information will be linked to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our page or check the necessary settings in your YouTube account.

For the purpose of functionality as well as the analysis of user behaviour, YouTube stores permanent cookies on the browser of your device. If you do not consent to this processing, you have the possibility to prevent the storing of cookies in the settings of your browser.

(3) You can find further information about the collection and use of data as well as your rights and protection options under: https://policies.google.com/privacy

 

Data subject rights

  1. Right to access (Art. 15 GDPR)

    You can request a confirmation whether we process your personal data at any time. Unless exceedingly frequent, this request is free of cost. If data processing occurs, you have a right to the following information:

    • The purpose of the processing
    • The categories of processed data
    • The recipients or categories of recipients to whom the personal data is transferred, especially recipients in third countries or in international organisations
    • If possible, the duration of the processing or, if not possible, the criteria to determine that duration
    • The existence of a right to rectification and erasure of your personal data or restriction of the processing by the controller or to object the processing
    • The existence of a right to complain
    • If the data was not collected from the data subject, the origin of the data
    • The existence of automated decision-making, including profiling according to Art. 24, 1., and 4., and in those cases at least, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

  2. Right to rectification (Art. 16 GDPR)

    Should you processed data not be correct or complete, you have the right to rectification or completion. The modification is to be executed by us without delay.

  3. Right to restriction of the processing, Art. 18 GDPR

    In the following situations, you can request that the processing of your personal data be restricted:

    • • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
    • • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    • • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
    • • the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

    Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.

  4. Right to erasure

    Unless a legitimate interest prevents it, you have the right to request the deletion of your data at any time.

  5. Objection

    Any data processing based on the data subject’s consent can be ended upon the objection to the consent. The objection can be formulated at any time and is valid in the future. Due to our duty of accountability, we must store consent forms. As such, the objection must be done in writing. An email is sufficient for this purpose.

 

 

Data Protection Information for the Use of Social Media

 

  1. Online-Presence

    This is data protection information for the use of social media of the:

    SMART DATA Deutschland GmbH
    Hilpertstraße 31
    64295 Darmstadt
    datenschutz@smart-data-deutschland.de
    Deutschland

  2. 2. Data Protection Officer

    We have named a data protection officer whose contact information is:

    Mr. Sebastian Feik, Dipl.-WJur. (FH)
    legitimis GmbH
    Ball 1
    51429 Bergisch Gladbach
    dataprivacy-sdd@legitimis.com

  3. Purpose of the Data Processing:

    We are present on several social media platforms in order to show ourselves, to make information available, to get in contact with users and communicate with them.

  4. Processing of Personal Data:

    When visiting our various platforms of online-presence, we do not process any personal data directly. However, the platform provider processes personal data. Additionally, it is possible that, when using our social media platforms, we process personal data when the user actively provides it (e.g. when posting a comment). In particular, the data which is concerned is the username as well as information published on the user’s account.

    Furthermore, data on social media is usually processed for market studies and advertisement purposes. Thus, for example, through behaviour of the users and their interests, user profiles can be created. These user profiles can be used, for example, for advertisement purposes matching the users’ interests within the social media platform as well as outside of it. For these purposes, cookies are usually stored on the user’s device to store information about the users’ behaviour and interests. Additionally, data unrelated to the user’s device can be gathered from the user’s profile (especially if the user has an account on the platform and is logged in).
    For detailed information about the various processing activities and the objection possibilities, we advise you to verify the respective provider’s data protection policy.

    Please be advised:
    When visiting our social media, you are using the services and functionalities on your own responsibility. We do not have any influence on the art and scope of the respective data processing measures, type of processing, use of the data or the transfer of data to third parties.

  5. Legal Basis:

    The processing of personal data through us is based on our legitimate interest regarding the presentation of the company to third parties as well as communication with users on our online platforms (Art. 6, 1. (f) GDPR).

  6. Data transfers:

    We inform you that when using our social media platforms, personal data may be processed outside of the European Union. This can cause risks as, for example, the exercise of user rights may be more complicated. Details can be found in the data protection policies of the respective providers (see below). We do not transfer data to third countries outside of the EU and EEA or to an international organisation, unless appropriate guarantees are set out. This includes European Standard Contractual Clauses (ESCC) as well as adequacy decisions through the EU Commission.

  7. Our Presence in Overview

    LinkedIn:

    LinkedIn is made available by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
    The data protection policy is available under: https://www.linkedin.com/legal/privacy-policy.
    You can object the use of the LinkedIn advertisement cookie under: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

    XING:

    XING is a service of XING AG, Gänsemarkt 43, 20354 Hamburg – Germany.

    The data protection policy as well as opt-out options are available under: https://privacy.xing.com/de/datenschutzerklaerung

 

  1. Deletion of data:

    If we process personal data of users, we only store it as long as necessary to complete the purpose for which it was collected or as long as legally required. Afterwards, the data is only stored for the duration of the legal storage period.

  2. Your Rights as a Data Subject

    9.1 Right to Access
    At your request, you can have access without cost to the personal data we have stored about you.

    9.2 Your Rights to Rectification, Deletion, Restriction, and Objection
    If you no longer agree with the processing of your personal data or if the information is no longer correct, we will at your request, delete or block your data or have it corrected (within legal restrictions). The same applies if you wish for your data to only be processed in a restricted form.

    9.3 Your Right to Data Portability
    At your request, ye will transfer your personal data to a new controller in an accessible, structured and machine-readable format.

    9.4 Your Right to Lodge a Complaint with an Authority
    You have a right to lodge a complaint with any authority: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

    9.5 Your Right to withdraw your Consent with Future Impact
    If you have consented, you can object to any further future processing at any time. The prior processing on the basis of your consent is not affected.

  3. Restrictions

    Data that does not allow the identification of a person, for example anonymised for analysis purposes, is not impacted by these rights. Access, deletion, archiving, rectifying or transfer to another controller is also possible for this data is additional information is provide to allow identification.

 

Data protection information for Smart Data Deutschland GmbH’s online meetings, teleconferences, and webinars over “Zoom”


The following section informs you about the processing of personal data within the use of “Zoom.”„Zoom“

  1. Purpose of the processing

    We use the tool “Zoom” for teleconferences, online meetings, videoconferences, and/or webinars (following: online meetings). “Zoom” is a service of Zoom Video Communications, Inc. with seat in the USA.

  2. Controller

    The controller for the data processing directly linked to the online meetings is SMART DATA Deutschland GmbH, Hilpertstraße 31 in 64295 Darmstadt.

    Hint: if you visit Zoom’s website, Zoom is the data controller. Visiting the website is only necessary to use Zoom in order to download the software.

    You can also use Zoom by indicating the meeting-ID and any further necessary access IDs for the meeting directly in the Zoom App.


  3. Which data is processed?


    The following data is subject to be processed:

    Information about the user: first name, surname, phone (optional), email address, password (when “single sign on” is not being used), profile picture (optional), department (optional).

    Meeting metadata: topic, description (optional), IP-addresses of the users, device/hardware information.

    BFor recordings (optional): :MP4-file of all video, audio and presentation recordings, M4A-fle of all audio recordings, text file of the online meeting chat.

    In case of log in by phone: information about the incoming and outgoing phone numbers, country, beginning and end time. Eventually, further connection data such as the IP-address of the device may be stored.

    Text, audio and video data: you may have the possibility to use the chat, question or poll functions during online meetings. Your text contributions will be processed in order to display them in the online meeting and optionally, to log them. To allow the displaying of video and the audio playback, data from your device‘s microphone and came will be processed accordingly for the duration of the meeting. You can disable or mute the camera and microphone in the Zoom App at any time.

    To participate in an online meeting, specifically to access the meeting room, you will need to indicate at the very least your name.

  4. 4. Scope of processing

    We use Zoom to conduct online meeting. When we want to record online meetings, we will inform you ahead of time and, if necessary, request your consent. An indication will appear in the Zoom App while the meeting is being recorded.

    If it is necessary for the purpose of logging the results of an online meeting, contents of chats will be logged. However, this should generally not be the case.

    In case of webinars, we can also process questions from participants during the recording and reworking of the webinar.

    When you are registered by Zoom as a user, online meeting reports (meeting metadata, data about phone participation, questions and answers in webinars, poll function in webinars) can be stored for up to a month by Zoom

    There is no automated decision-making as defined in Art. 22 GDPR.

  5. Legal basis for the data processing

    If personal data of employees of Smart Data Deutschland GmbH is processed, the legal basis is § 26 BDSG. If personal data is processed during the use of Zoom which is not necessary for the beginning, execution, or ending of the employment but is a necessary element of the use of Zoom, the legal basis is Art. 6, 1., f) GDPR. Our interest lies in the effective conduction of online meetings.

    For further data processing, the legal basis is Art. 6, 1., b) GDPR if the online meetings are conducted within the frame of a contractual relationship.

    If there is no contractual relationship, the legal basis is Art. 6, 1., f) GDPR. Our interest again lies in the effective conduction of online meetings.

  6. 6. Recipients/Transfer of data

    Personal data which is processed within the frame of participation to an online meeting are not transferred unless explicitly determined as meant to be transferred. Please be aware that the content of online meetings along with meetings in person often aim to exchange information with clients, interested parties and third parties which constitutes transfer.

    Further recipients: the provider of Zoom receives information about the above mentioned data which is determined in our data protection agreement with Zoom.

  7. 7. Data processing outside of the European Union

    Zoom is a service which is provide by service provider in the USA. Data processing thus also occurs in a third country. We have concluded a data processing agreement with Zoom which complies with the requirements of Art. 28 GDPR. An adequate level of data protection is guaranteed through the conclusion of EU-Standard Contractual Clauses (ESCC).

  8. Data Protection Officer

    We have appointed a data protection officer. He can be reached under datenschutz@smart-data-deutschland.de

  9. Your rights as a data subject

    You have the right to access the personal data about yourself. You can request access at any time.

    In case of an access request which is not written, we ask for your understanding that we will require proof of identity.

    Furthermore, you have the right to rectification, deletion or restriction of the processing provided this is legally achievable.

    Finally, you have a right to object against the processing within the legal frame.

    You also have a right to data portability.

  10. Deletion of data

    We generally delete personal data when we no longer have a requirement to store it. A requirement can exist if the data is still necessary for the execution of a contract or to verify and guarantee or defend against legal claims. In the case of legal storage requirements, we only delete the data once the storage period has run out.

  11. 11. Right to complain

    You have the right to lodge a complaint about the processing of your personal data with a data protection authority.