PRIVACY STATEMENT
1. Data protection at a glance
Personal data
In this declaration you will learn how we process your personal data. Personal data is all information relating to an identified or identifiable person.
Data Collection
Responsible (“we”) in the sense of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations:
COLLENDA GmbH
Robert-Bosch-Straße 1
40668 Meerbusch
Phone: +49 211 83869-0
E-mail: info@collenda.com
How do we collect your data?
On the one hand, your data is collected by you communicating it to us. This may be data that you enter in a contact form, for example.
Other data is automatically collected by our IT systems when you visit the website. This is primarily technical data (e.g. Internet browser, operating system or time of page call). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure that the website is error-free. Other data can be used to analyse your user behaviour.
What rights do you have with regard to your data?
You have the right at any time and free of charge to obtain information about the origin, recipient and purpose of your stored personal data. You also have the right to request that this data be corrected, blocked or deleted. You can contact us at any time at datenschutzbeauftragter@collenda.com or +49 2150 9153-0 if you have any further questions on the subject of data protection. Furthermore, you have the right to appeal to the responsible supervisory authority.
Analysis Tools and Tools from Third-Party Providers
When you visit our website, your surfing behaviour can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information on this can be found in the following privacy statement.
2. General information and mandatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this data protection explanation.
If you use this website, various personal data will be collected. Personal data is data with which you can be personally identified. This Privacy Policy explains what information we collect and how we use it. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e. g. communication by e-mail) can be subject to security gaps. A complete protection of the data against access by third parties is not possible.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right of appeal to the responsible supervisory authority
In the event of breaches of data protection law, the data subject shall have the right to lodge a complaint with the competent supervisory authority. The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data transferability
You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
3. Data protection officer
Statutory data protection officer
We have appointed a data protection officer for our company.
Tim Deipenbrock
Robert-Bosch-Straße 1
40668 Meerbusch
Phone: +49 2150 9153-0
E-mail: datenschutzbeauftragter@collenda.com
4. Data collection on our website
Cookies
Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognize your browser during your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Cookies which are necessary for the electronic communication process or for the provision of certain functions requested by you are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a justified interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are dealt with separately in this data protection declaration.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- used operating system
- Referrer URL
- Websites accessed by the user’s system through our website
- Hostname of the accessing computer
- Internet service provider of the user
- Date and time of the server request
- IP address of the user
- Transferred amount of data
- Access Status/HTTP Status Code
This data will not be merged with other data sources.
The basis for data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
The processing of the data entered in the contact form is carried out in accordance with Art. 6 Para. 1 lit. b) DSGVO, within the framework of (pre-)contractual measures which are necessary to provide the services offered and to process your requests. These measures are selected depending on the nature of your request in order to carry out the contract initiation or the contract that has been created. The processing of your data may, for example, be used to prepare an offer tailored to your needs, which will be made available to you on request, or to process your delivery address.
If the contact does not relate to a (pre-)contractual measure of your own or to a contract that you have already concluded or intend to conclude with COLLENDA GmbH, we process your personal data on the basis of Art. 6 Para. 1 letter f) DSGVO in the context of our justified interest in processing your request in this way. The data will then be deleted unless the data is still required for the above-mentioned purposes.
If we are obliged to archive your personal data due to legal obligations, e.g. compliance with the storage obligations according to the German Commercial Code and the German Fiscal Code, the data will be blocked for further processing. After expiry of the retention periods, the data will be deleted without any problems and in accordance with data protection regulations. The legality of the data processing operations carried out until revocation remains unaffected by revocation.
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data relating to the use of our Internet pages (usage data) only to the extent necessary to enable the user to make use of the service or to bill the user.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
5. Analysis tools and advertising
Google Analytics
This website uses functions of the web analysis service Google Analytics. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.
Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The data sent by us and linked to cookies, user identifications (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. The website operator has a justified interest in analysing user behaviour in order to optimise both his website and his advertising.
IP anonymisation
We have activated the IP anonymization function on this website. This will cause Google to shorten your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area before it is transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Browser Plugin
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objection to data collection
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to prevent your information from being collected on future visits to this website: Disable Google Analytics.
For more information on how Google Analytics uses user data, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.
Order data processing
We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics of Google Analytics
This website uses the function “demographic features” of Google Analytics. This allows reports to be generated that contain information about the age, gender and interests of site visitors. This data comes from interest-related advertising by Google and visitor data from third parties. This information cannot be associated with any specific individual. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit Google Analytics from collecting your data as described under “Objection to data collection”.
Google Analytics Remarketing
Our sites use Google Analytics Remarketing features in conjunction with the cross-device features of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This feature allows Google Analytics Remarketing to link advertising target groups with the cross-device capabilities of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been customized to you based on your past usage and browsing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e. g., tablet or PC).
If you have given your consent, Google will link your web and app browser history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on any device on which you sign in with your Google Account.
To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising.
You can permanently opt out of cross-device remarketing/targeting by opting out of personalized advertising in your Google Account by following this link: https://www.google.com/settings/ads/onweb/.
The data collected in your Google Account will only be aggregated on the basis of your consent, which you may give or revoke to Google (Art. 6 para. 1 lit. a DSGVO). In the case of data collection processes that are not merged into your Google Account (e.g. because you do not have a Google Account or have objected to the merging), the data collection is based on Art. 6 para. 1 lit. f DSGVO. The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of website visitors for advertising purposes.
Further information and the data protection regulations can be found in Google’s data protection declaration at: https://www.google.com/policies/technologies/ads/.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use what is known as conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not expired, Google and we may recognize that the user clicked on the ad and was directed to that page.
Each Google AdWords customer receives a different cookie. Cookies cannot be tracked through AdWords customer websites. The information collected from the Conversion cookie is used to generate conversion statistics for AdWords customers who have opted for Conversion Tracking. Customers will know the total number of users who clicked on their ad and were directed to a page with a conversion tracking tag. However, they will not receive information that personally identifies users. If you do not wish to participate in tracking, you can opt out of this use by easily turning off the Google Conversion Tracking cookie in your Internet browser under User Preferences. You will then not be included in the conversion tracking statistics.
Conversion cookies” are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
More information about Google AdWords and Google Conversion Tracking can be found in Google’s privacy policy: https://www.google.de/policies/privacy/.
You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies for specific cases or generally exclude them and activate the automatic deletion of cookies when you close your browser. If cookies are deactivated, the functionality of this website may be restricted.
Google Ads Remarketing
We use the remarketing function within the Google Ads service. With the remarketing function, we can present users of our website with advertisements based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, so-called “Google Ads” or on other websites). For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other sites even after they have visited our website. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google display network. These cookies are used to record the visits of these users. The cookies are used to uniquely identify a web browser on a particular end device and not to identify a person.
Recipients:
You can find more information about Google’s privacy policy here: http://www.google.com/intl/de/policies/privacy and here https://services.google.com/sitestats/de.html.
Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.
Transfers to third countries are possible. So-called standard contractual clauses pursuant to Art. 46 GDPR have been concluded as suitable guarantees. Further information can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.
Cancellation/revocation:
You can prevent participation in this tracking procedure in various ways: a) by adjusting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving ads from third-party providers; b) by installing the plug-in provided by Google at the following link: https://www.google.com/settings/ads/plugin; c) by deactivating the interest-based ads of the providers that are part of the self-regulation campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies; d) by permanent deactivation in your browsers Firefox, Internetexplorer or Google Chrome under the link http://www.google.com/settings/ads/plugin, e) by means of the corresponding cookie setting. Please note that in this case you may not be able to use all the functions of this website to their full extent.
Lifetime of cookies: up to 180 days (this only applies to cookies set via this website).
Legal basis:
Art. 6 (1) f GDPR (Legitimate Interest).
Snoobi Analytics Cookies
Cookies are placed on our website by Snoobi as part of the analysis service. We use this service to track visitor behavior and receive reports on how visitors use our website. On this basis, we can then improve the website. It is not a matter of remembering personal data, but of keeping track of your actions on the website. The information received from Snoobi Analytics is stored within the European Union. In its cookie statement, Snoobi explains what they do with your data about the cookies.
Objection to data collection
You can prevent Snoobi Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to prevent your information from being collected on future visits to this site: Disable Snoobi Analytics
LinkedIn Insight Tag
DATA COLLECTED:
We use LinkedIn’s Insight Tag of the LinkedIn Corporation, Gardner House, Wilton Plaza, Wilton Place, Dublin 2, Ireland on this website. The LinkedIn Insight Tag generates a LinkedIn “browser cookie” that collects the following data:
- IP address,
- Timestamp,
- Page activities,
- demographic data from LinkedIn if the user is an active LinkedIn member.
This technology enables us to monitor the performance of our ads and read information regarding user interaction on our website. The LinkedIn Insight Tag is embedded on our website in order to connect to the LinkedIn Server if and when you visit our site and are logged into your LinkedIn Account while doing so.
PURPOSES FOR WHICH THE DATA IS PROCESSED:
We process your data in order to evaluate campaigns and collect information about users who might have reached our website via our LinkedIn campaigns.
LEGAL BASIS:
We have a legitimate interest in processing your data, Art. 6 (1) (f) EU GDPR.
STORAGE PERIOD AND CONTROL OPTIONS:
We store your data for as long as we need it for the respective purpose (evaluation of campaigns) and/or as long as you haven’t objected to the storage. The collected data is encrypted. Find more information here. Have a look at LinkedIn’s privacy policy and the LinkedIn Opt-Out.
Pardot Marketing Automation System
We use the Pardot Marketing Automation System (“Pardot MAS”) from Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot”). Pardot is specialist software for gathering and evaluating information about how a website is used by its visitors. Pardot participates in the Safe Harbor Program of the US Department of Commerce.Further information about how personal data collected in the European Union is handled by Pardot can be found in the Safe Harbor Notice: www.pardot.com/company/legal/safe-harbor-notice. General information about the Safe Harbor Program can be found at www.export.gov/safeharbor. Pardot’s current Safe Harbor certification can also be seen there.
When you visit our website, Pardot MAS records your click path through the site and creates an individual usage profile under a pseudonym. Cookies are used for this purpose in order for your browser to be recognised. By clicking accept on the cookie acceptance banner when first using our website or by continuing to use our website that makes use of cookies, you agree to the use of cookies by Pardot.
You may withdraw your acceptance at any time with effect for the future. Please use the contact information provided at the end of this data protection policy to do this. You can also deactivate the creation of usage profiles stored under pseudonyms at any time by configuring your web browser to not accept cookies from the domain “pardot.com”. This may, however, result in certain limitations to the functionality and user-friendliness of our offering.
Taboola
Our website uses Recommendation Technology provided by Taboola Inc., 1115 Broadway, 7th Floor, New York, New York 10010, USA (“Taboola“). Taboola uses cookies to determine which content you use and which of our webpages you visit. Through the collection of device-related data and protocol data, the cookies enable us to create pseudonym user profiles and recommend content which reflects your personal interests. This way we can personalize our service to you. These user profiles do not allow any conclusions to be drawn about your person.
Taboola collects the following user information using cookies:
- Operating system of the user, accessed web pages/contents on our websites,
- Referrer/Link which brought you to our website,
- Time and number of website visits,
- Calls from error pages,
- Location information (city and state) and
- the IP address in abbreviated form.
Disagreement with data collection:
Further information about Taboola can be found at https://www.taboola.com/privacy-policy. There you can deactivate tracking at any time in the “User Choices” section. Once you have opted out, no more personalised content/advertising will be played out to you.
6. Social media
Share content via plugins (Facebook, Google+1, Twitter & Co.)
Facebook plugins (Like & Share button)
On our pages are plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, integrated. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our page. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/.
When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate visiting our pages with your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the data transmitted or its use by Facebook. Further information on this can be found in Facebook’s privacy policy at: https://de-de.facebook.com/policy.php.
If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account.
Google+ Plugin
Our pages use Google+ functions. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Collection and dissemination of information: You can use the Google+ button to publish information worldwide. The Google+ button gives you and other users personalized content from Google and our partners. Google stores both information that you gave +1 for an item and information about the page you viewed when you clicked +1. Your +1 may appear as clues along with your profile name and photo in Google services, such as search results or your Google profile, or elsewhere on websites and ads on the Internet.
Google records information about your +1 activity to improve Google services for you and others. To use the Google+ button, you need a globally visible, public Google profile that includes at least the name you choose for the profile. This name is used in all Google services. In some cases, this name may also replace another name you used when sharing content through your Google Account. The identity of your Google profile may be displayed to users who know your email address or have other identifying information about you.
Use of Information Collected: In addition to the uses described above, the information you provide will be used in accordance with applicable Google privacy policies. Google may publish or share aggregated statistics about users’ +1 activity with users and partners, such as publishers, advertisers, or affiliates.
Instagram Plugin
On our pages functions of the service Instagram are integrated. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate visiting our pages with your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Instagram.
For more information, please refer to Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.
LinkedIn Plugin
Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time you visit one of our pages that contains LinkedIn features, a connection is established to LinkedIn servers. LinkedIn will be notified that you have visited our web pages with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to our site with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.
Further information on this can be found in LinkedIn’s data protection declaration at: https://www.linkedin.com/legal/privacy-policy.
XING plugin
Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Each time you access one of our pages that contains XING functions, a connection is established to XING servers. To the best of our knowledge, personal data is not stored. In particular, no IP addresses are stored or the usage behavior evaluated.
Further information on data protection and the XING Share button can be found in XING’s Privacy Policy at: https://www.xing.com/app/share?op=data_protection.
7. Plugins and tools
Google Web Fonts
This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This enables Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
If your browser does not support web fonts, a standard font will be used by your computer.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.
Google Maps
This page uses the Google Maps map service via an API. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the features of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy retrievability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
You can find more information on the handling of user data in Google’s data protection declaration: https://www.google.de/intl/de/policies/privacy/.
(As of December 2018)
8. Privacy notice for video recordings
Here we inform you about the processing of personal data required to use Microsoft Teams.
For what purpose is my data to be processed?
The processing is necessary to use Microsoft Teams, a communication and training platform with the possibility of audio and video conferencing and to conduct company presentations and customer meetings.
What is the legal basis for the processing?
The processing is based on your/your consent. (Art. 6 para. 1 lit f DSGVO).
What personal data is processed when using MS Teams?
Processed are data for the creation of a user account (email address, password, membership in teams, roles and rights), for the display of a user status and read receipts (chat), created chat messages, voice memos, image and sound data in video and audio conferences, content of screen shares, files shared by uploading, calendar items created, status of tasks (assigned, submitted, due, feedback), content created and edited in Word, Excel, PowerPoint, and OneNote, survey submissions, technical usage data used to provide MS Teams functionality and security, and features built into Teams.
Who has access to my personal data?
All files, content, and comments posted to Teams by users are accessed by the individuals with whom they are shared. This can be individuals or members of a team or channels within a team. All participants in a video conference have access in the sense of seeing, hearing, and reading content in the video conference, chats, shared files, and screen shares. In a chat, all participants have access to entered content and shared files. The provider has access to the data generated during the use of Teams to the extent necessary to fulfill its obligation under the contract for commissioned processing concluded with Collenda GmbH. US investigative authorities have access in accordance with US law (see below).
To whom is the data transferred?
We use Microsoft Teams as part of an order processing contract. Microsoft processes your personal data exclusively on our behalf. Accordingly, Microsoft may only use it in accordance with our instructions and for our purposes and not for its own purposes, i.e. neither for advertising nor to pass it on to third parties.
How long will my data be stored?
The storage of data processed to provide the user account, as well as created and shared content, comments, chat messages, voice messages assigned, edited and submitted content and calendar entries, ends as soon as the user, revokes his consent in whole or in part or objects to processing. The deletion takes place as soon as the purpose of the collection has expired. Sound and image data from video and audio conferences are recorded and stored by Collenda only after consent and for the specified purposes. No further processing takes place.
Data protection when processing personal data in the USA
When using MS Teams, data may also be processed on servers in the USA. This is less about the content of chats, video conferences, appointments and set tasks, user accounts and team memberships, but rather about data that serves to ensure and improve the security and function of the platform. According to the current legal situation in the U.S., U.S. investigative authorities have almost unrestricted access to all data on servers in the U.S.. Users are not informed of this and have no legal means of defending themselves against it. The risks arising from this access by US investigative authorities are likely to be rather low.
CLOUD Act
Under the CLOUD Act, U.S. investigative authorities also have the option of demanding that Microsoft hand over personal data stored on servers in the EU. This is where most of the data that is generated when using Microsoft/ Office 365 and Teams is stored. According to Microsoft, the number of these requests is quite small, moreover, Microsoft can go to court against it. Microsoft states a total of 3,310 requests from investigative authorities for July – December 2019. Of these, the majority came from Germany.
Where is my personal data processed?
Personal data in Microsoft Teams and connected products is predominantly processed on servers located in Germany. It is possible that so-called telemetry data, a type of diagnostic data, is processed in the USA.
How secure is Microsoft Teams?
The platform meets all common security standards for cloud platforms.
Where can I learn more about the data protection of Microsoft Teams?
Topic Security at Microsoft – https://docs.microsoft.com/de-de/microsoftteams/security-compliance-overview
Microsoft’s current privacy policy can be viewed here:
https://privacy.microsoft.com/de-de/privacystatement
9. Privacy policy for webinars
Privacy Policy for Webinar Participants (GoToWebinar)
With this data protection declaration we would like to inform you about the processing of personal data when participating in webinars using the software “GoToWebinar”.
1. Responsible party
Collenda GmbH is responsible for data collection and processing in the context of webinars.
2. Use of your personal data
For the organisation, implementation and follow-up of webinars, Collenda GmbH uses the software GoToWebinar of the provider LogMeIn Ireland Limited. LogMeIn Ireland Limited acts as our processor in this context, with whom we have also concluded a commissioned processing agreement (pursuant to Art. 28 GDPR). We collect or process the following personal data from persons who register for or participate in our webinars:
- Webinar participant information: first name, last name, email address, time of registration for the webinar, company/organisation.
- Webinar metadata: Topic, description if applicable, , device/hardware information.
- Text data: If a webinar participant uses the chat, question or survey functions, the text entries made by the respective participant are processed in order to display and log them in the webinar. The webinar participant can decide to ask questions only of the presenters or of the auditorium. If questions are asked that are answered as part of the follow-up to a webinar, the questions and the e-mail addresses of the webinar participants are processed in order to be able to answer them afterwards.
- When recording a webinar: Our webinars are recorded in order to make them available on-demand at a later date. MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat. Since cameras and microphones of the webinar participants are deactivated, any questions asked by webinar participants are saved in text form as part of the recording.
- Attention factor: During the webinar, the software registers whether the webinar window is open as the primary window for webinar participants. This information is collected during a webinar (e.g. “attention factor 80%”). This allows presenters to see if webinar participants are losing attention.
3. Legal basis of the processing
The processing of personal data in the context of GoToWebinar is based on the legal ground of legitimate interest pursuant to Article 6(1)(f) GDPR, which consists in the organisation and implementation of webinars as well as the follow-up (e.g. downstream question answering) and further development of webinars (e.g. compilation of participant statistics on webinars over time, effectiveness of and interest in webinars).
4. Processing of data
As part of the data processing when using GoToWebinar, personal data is transferred to the United States of America for the provision of technical services. This is based on standard contractual clauses pursuant to Article 46 (2) (c) in conjunction with (5) GDPR. In order to ensure the security of the personal data, it is transmitted in encrypted form. In connection with GoToWebinar, personal data may be passed on within Collenda GmbH. Please note that a transfer to third parties is not intended in principle, but may occur insofar as a recorded webinar is made available on our website. If we conduct webinars together with other webinar organisers, who are identified in the respective invitations, the names and e-mail addresses (if indicated also position and company affiliation) of webinar participants will be passed on to the respective webinar organisers based on their legitimate interest. The respective webinar organisers are solely responsible for any further processing.
5. Data subject rights
Data subjects (webinar participants) have the right to obtain information from the controller about the personal data concerning them and to have inaccurate data corrected. In addition, there is a right to erasure, provided that one of the reasons listed in Article 17 of the GDPR applies, e.g. if the data is no longer required for the purposes pursued. There is also the right to restriction of processing if one of the conditions set out in Article 18 of the GDPR applies and, in cases covered by Article 20 of the GDPR, the right to data portability. If data is collected on the basis of Article 6 (1) (f) (data processing for the protection of legitimate interests), the data subject has the right to object to the processing at any time for reasons arising from his or her particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of asserting, exercising or defending legal claims. Please address any enquiries to datenschutzbeauftragter@collenda.com .
6. Storage period
Personal data processed in connection with webinars will be stored for as long as necessary for the defined purposes, taking into account any statutory retention periods. Subject to statutory retention periods, which may be applicable in the case of paid webinars, personal data will generally be stored for a period of two years after the respective webinar has been held.
If you are registered as a user with GoToWebinar, then reports on webinars (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored at GoToWebinar, with LogMeIn Ireland Limited being responsible for this.