Data protection information: Online meetings and webinars
In the following we inform you about the processing of personal data in connection with the use of our online meeting and webinar platforms.
If you provide your data via a Zoom registration form as part of our meetings or webinars, this data will be stored by F.Trenka for the purpose of processing the registration, for the event of follow-up questions and for advertising measures. This data is available to F.Trenka and F.Trenka's contractual partner, which co-organised the respective webinar. The data will not be passed on to other third parties without your consent.
Purpose of processing
We use the tool "Zoom" to conduct telephone conferences, online meetings, video conferences and/or webinars. In the following, we are mainly referring to “meetings”.
Zoom is a service of Zoom Video Communications, Inc. which is based in the USA.
More information on the data protection declaration of Zoom: https://zoom.us/privacy
Note: If you access the Zoom website (www.zoom.us), the provider of Zoom is responsible for data processing. However, accessing the website is only necessary for the use of Zoom in order to download the software for the use of Zoom.
You can also use Zoom if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the Zoom app.
If you do not want to or cannot use the Zoom app, the basic functions can also be used via a browser version, which you can also find on the Zoom website.
What data are processed?
Various types of data are processed when using Zoom. The scope of the data also depends on the data you provide before or during participation in a meeting.
The following personal data are subject to processing:
- User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department (optional)
- Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.
- Registration data: title, first name, last name, company, job title, country.
- For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
- When dialling in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
- Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in a webinar. In this respect, the text entries you make are processed in order to display them in the webinar and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom applications. In order to participate in a webinar or to enter the "meeting room", you must at least provide information about your name.
Scope of processing
We use Zoom to conduct online meetings or webinars. If we want to record them, we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed to you in the Zoom app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.
We may also process questions asked by participants for the purposes of recording and following up.
If you are registered as a user at Zoom, then reports on webinars (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored at Zoom for up to one month.
Legal basis of data processing
If, in connection with the use of Zoom, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of Zoom, the legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. In these cases, our interest lies in the effective implementation of meeting.
Otherwise, the legal basis for data processing when conducting meetings is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. In this case, our interest is in the effective conduct of meetings.
Recipients / disclosure of data
Personal data processed in connection with participation in meetings will generally not be passed on to third parties unless it is intended to be passed on. Please note that the content of meetings, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of Zoom necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing contract with Zoom.
Data processing outside the European Union
Zoom is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of Zoom that meets the requirements of Art. 28 GDPR.
An appropriate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses.
We would like to point out that the IP data of the connection owner are stored within the scope of cookies.
The registration data entered via the registration form on our homepage are processed by Zoom.
In addition, for the purpose of registration, contacting, as well as analysis and advertising measures, the following data will also be stored by F.Trenka: Name, e-mail address, organisation/company, country, job title, gender, age, participant status, user name, source of registration (web/mobile). The data you provide is necessary for successful registration. Without this data, we cannot complete the registration for the respective webinar with you.
No data will be transferred to third parties, with the exception of the transfer to the above-mentioned company partners who were directly involved in the creation of the respective webinar and for the purpose of web analysis and advertising measures.
After termination of the registration process, the data stored by us will be deleted. In the case of a registration termination, all data from the contractual relationship will be stored until the expiry of the retention period under tax law (7 years). The data processing is carried out on the basis of the legal provisions of § 96 para 3 TCG as well as Art 6 para 1 lit a (consent) and/or lit b (necessary for the fulfilment of the contract) of the GDPR.
As part of the meeting or webinar registration, one automatically qualifies for the newsletter, which informs about meeting-related topics (e.g. webinar dates, reminders). You will only be included in the newsletter distribution list after you have agreed to be contacted by F.Trenka via a double opt-in. The webinar certificates are sent once to all participants after the webinar. In order to provide you with targeted information, we also collect and process information voluntarily provided. Among other things, e-mails are sent via the e-mail software used by F.Trenka (Microsoft Outlook) in combination with the Word integration "Mail Merge Toolkit" by Mapilap.
You can cancel your subscription to the newsletter at any time. Please send your cancellation to the following e-mail address: firstname.lastname@example.org. We will then immediately delete your data in connection with the newsletter dispatch. This cancellation does not affect the lawfulness of the processing carried out on the basis of the consent until the cancellation.
As an addendum to the above-mentioned software, the following software will also be used for sending e-mails:
Mailchimp are authorised to fulfil the contract and is entitled to process data in accordance with ART 6 para. 1 lit. b GDPR or ART 6 para. 1 lit. a GDPR. Mailchimp make use of the standard contractual clauses in order to process the data in a legally compliant manner.
In the case of sending via Mailchimp, it is proven in accordance with the double opt-in (DOI) procedure that you, as the owner of the email address, have subscribed to your newsletter (obligation to prove, see Art. 7 para. 1 GDPR).
In the context of sending e-mails via Mailchimp, your e-mail address, first name and surname are also used for the purpose of personalising the newsletter. In addition, a performance measurement is carried out.
You can find more information in the data protection regulation of Mailchimp (https://mailchimp.com/help/about-the-general-data-protection-regulation/) and in the Mailchimp and European Data Transfers file (https://mailchimp.com/help/mailchimp-european-data-transfers/).
For the integration of various databases and tools, we use Zapier, a service of Zapier Inc, 548 Market St #62411, San Francisco, California 94104, USA. In this process, customer data may be transmitted with the exception of payment data. Zapier is used to automatically transfer registration data from Zoom to Mailchimp. In particular, this includes data entered as part of the Zoom registration form (first and last name, e-mail-address, country, profession). For more information on data protection at Zapier, please visit https://zapier.com/privacy/
“Microsoft Teams” meetings
Processing of personal data
As part of our online meetings using Microsoft Teams, we process the following personal data:
- Communication data (e. g. email address)
- Log files, log data
- Metadata (e. g. IP address, date of participation)
- Profile data (e. g. username)
Microsoft Office 365, Microsoft Teams Video Conference
The video conferencing function of Microsoft Teams allows to participate in our online events via video / audio. We use the Team Meetings function of Microsoft Teams. In Team Meetings, audio input and video recordings are prevented by our Microsoft Teams settings.
In exceptional cases, a recording may take place under the following conditions:
- In advance, participants shall be explicitly notified about the planned recording (firstly at invitation and secondly at the beginning of the event to be recorded)
- Participants shall be provided with the link to this general data protection information
- The following additional data protection information shall be made available to participants:
- Specific purpose of recording
- Recipients of the recording or addressee to whom the recording will be made available
- Location and duration of recording
We carry out the data processing in accordance with Article 6(1)(f) GDPR on the basis of a legitimate interest. Our legitimate interest in data processing is: organize online conferences to inform participants about relevant topics and our business activities.
Microsoft Teams is part of Microsoft Office 365. Microsoft Teams is a productivity, collaboration and exchange platform for individual users, as well as teams, communities and networks; it is used across our group of companies. This includes a video conferencing function.
Microsoft Office 365 is a software of:
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Microsoft Teams is part of the Cloud application Office 365, for which a user account must be created.
The Office 365 data processing is performed on servers in data centers in the European Union, Ireland and the Netherlands. We have concluded a data protection agreement with Microsoft in accordance with Art. 28 GDPR. Accordingly, we have agreed on extensive technical and organizational measures for Office 365 with Microsoft (https://docs.microsoft.com/en-us/microsoftteams/teams-privacy), which correspond to the current state of the art in IT security, for example regarding access authorization and end-to-end encryption concepts for data lines, databases and servers.
To guarantee an adequate level of data protection in the transfer of personal data to a third country such as the USA, we have concluded EU standard contractual clauses with Microsoft.
Microsoft reserves the right to process customer data for its own legitimate business purposes. We have no influence on these data processing operations of Microsoft. To the extent that Microsoft Teams processes personal data in connection with legitimate business purposes, Microsoft is an independent controller for these data processing activities and as such is responsible for compliance with all applicable data protection regulations. If you need information about Microsoft processing, please consult the Microsoft privacy statement (https://docs.microsoft.com/en-us/microsoftteams/teams-privacy) / (https://privacy.microsoft.com/en-us/data-privacy-notice).
As shown above, we use Microsoft for Office 365 as a processor acc. to Article 28 GDPR.