The protection of personal data of our contacts among our customers, sales partners, suppliers and partners (hereinafter referred to as "business partners") when using video conferencing tools is a matter of importance to EDAG Engineering GmbH (hereinafter referred to as "EDAG"). For this reason, EDAG processes personal data in accordance with the applicable legal provisions relating to the protection of personal data and for data security as described below.
In terms of the General Data Protection Regulation and other national data protection laws of the EU member states and other data protection-related regulations, the data controller is:
EDAG Engineering GmbH
Kreuzberger Ring 40
65205 Wiesbaden
Telephone.: +49 611 7375-0
Telefax: +49 611 7375-265
E-Mail: info[at]edag.com
Website: www.edag-engineering.de
The data controller's data protection officer is:
INTARGIA Managementberatung GmbH
Dreieich Plaza 2a
63303 Dreieich
E-Mail: datenschutz[at]edag.com
1. Extent to which personal data is processed
To carry out conference calls, online meetings, video conferences, etc., we use the following video conferencing tools of the providers listed below:
The use of video conferencing tools provides us with an uncomplicated means of holding online meetings and video conferences with our business partners and customers, and in this way not only complying with the social distancing rules, but also reducing travel expenses and travelling time for everyone concerned.
Personal data is collected when the the above-mentioned video conference tools are used: this includes the following data:
(1) Surname, first name
(2) Business e-mail address
When dialling in by telephone, the following data will be collected:
(1) Information on incoming and outgoing telephone number
(2) Name of country
(3) Start and end times
If necessary, further connection data such as the IP address of the device may also be saved.
You may be able to use the chat, question or survey functions in an online meeting. If this is the case, any text entries you make are processed so that they can be displayed in the online meeting and to log them, if desired. To enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone at any time using the video conference tool in use
2. Legal basis for data processing
If personal data of our employees is processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of video conference tools, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of their use, Art. 6 para. 1 p. 1 lit. f) of the GDPR is the legal basis for data processing. In these cases, our legitimate interest is in the effective conduct of online meetings and video conferences.
Insofar as online meetings and video conferences are conducted within the framework of contractual relationships, the legal basis for data processing is Art. 6 Sect. 1 p. 1 lit. b) of the GDPR.
If no contractual relationship exists, the legal basis is Art. 6 Sect. 1 p. 1 lit. f) of the GDPR. Here too, our legitimate interest is in the effective conduct of online meetings and video conferences.
Provided the user's consent has been obtained, the legal basis for the processing of data is Art. 6 para. 1 p. 1 point a of the GDPR. This can be the case if online meetings or video conferences are to be recorded. To this end, everyone scheduled to take part in the discussion is clearly informed in advance, and your express consent is obtained in text form or in writing.
3. Purpose of data processing
The providers of the video conference tools process any input personal data on our behalf to enable participation in and implementation of scheduled online meetings and discussions using the video conference tools.
Contract processing agreements have been concluded with the above-mentioned providers, so any necessary exchange of personal data within the framework of the contractual relationship is covered.
Your data will not be passed on or processed for other purposes unless specifically intended for transfer, or we have been authorised by you to do so. Contents of online meetings, video conferences, or personal meetings are often used to communicate information to customers, interested parties or third parties, and are therefore be intended to be transferred. However, this then results from the contractual relations of the participants concerned.
Further information concerning the purpose and scope of data acquisition and its processing by the provider of the video conference software can be found in the provider's data privacy statements.
Cisco WebEx processes your personal data in the USA. An appropriate level of data protection is guaranteed through the conclusion of the EU standard contract clauses: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Microsoft Teams also processes your personal data in the USA. More information regarding data privacy can be found here: https://docs.microsoft.com/en-gb/microsoftteams/security-compliance-overview
Skype for Business also processes your personal data in the USA. More information regarding data privacy can be found here: https://support.skype.com/en/skype/all/privacy-security/privacy-settings/ and https://privacy.microsoft.com/de-de/privacystatement .
4. Storage duration
If you are registered as a user with Cisco WebEx, reports on online meetings (including meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored by Cisco WebEx for up to one month.
If you are registered as a user with Microsoft Teams, reports on online meetings (including meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored by Microsoft for up to one year.
If you are registered as a user with Skype for Business, reports on online meetings (including meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored by Microsoft for up to one year.
5. Right to object and right of elimination
You can prevent the collection and processing of your data by refusing an invitation issued by the above-mentioned providers to a meeting carried out by means of video conference or online meeting. In such cases, we cannot conduct the planned meeting in this way.
If required, a (classic) telephone conference can then be held by entering dial-in data without the possibility of video participation and the use of functions for sharing content and documents.
Automated decision-making as defined in Art. 22 of the GDPR is not used.
If personal data are processed by you, you are the data subject within the meaning of the DSGVO and you are entitled to the following rights in relation to the person responsible:
1. right of information
You have the right to request information about your personal data that we process at any time in accordance with Art. 15 DSGVO.
2. right of correction and supplementation
If your personal data is incorrect or incomplete, you have the right to correct and supplement it in accordance with Art. 16 DSGVO.
3. right to restrict processing
If the legal requirements are met, you can demand a restriction of the processing of your personal data in accordance with Art. 18 DSGVO.
4. right of deletion
Within the scope of Art. 17 DSGVO, you can request the deletion of your personal data at any time, unless we are legally obliged or entitled to further process your data.
5. right to data transferability
If processing is carried out on the basis of your consent and with the aid of automated procedures, you have the right, within the scope of Art. 20 DSGVO, to transfer the data you have provided, provided that this does not affect the rights and freedoms of other persons.
6. right of objection
You have the right to object to processing within the scope of Art. 21 DSGVO if the data processing is carried out for the purpose of direct advertising or profiling. You may object to processing based on a weighing of interests by stating reasons arising from your particular situation.
7. right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.
8. right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA.
The supervisory authority to which the complaint has been submitted will inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.