Privacy Policy

The controller within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

DEPRAG SCHULZ GMBH u. CO. KG
Carl-Schulz-Platz 1 | 92224 Amberg
Phone: +49 9621 371-0
Fax: +49 9621 371-120
Email: info@deprag.de
Managing Directors: Dr. Erik Hallmann / Dr.-Ing. Rolf Pfeiffer

Your data subject rights

You may exercise the following rights at any time using the contact details of our Data Protection Officer provided below:

Information about your data stored by us and its processing,
Correction of inaccurate personal data,
Deletion of your data stored by us,
Restriction of processing, insofar as we are not yet permitted to delete your data due to statutory obligations,
Objection to the processing of your data by us, and
Data portability, provided that you have consented to the data processing or have concluded a contract with us.

If you have given us your consent, you may revoke it at any time with effect for the future.

You may lodge a complaint at any time with the supervisory authority responsible for you. The supervisory authority responsible for you depends on the federal state of your place of residence, your workplace, or the presumed infringement. A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_node.html

Purposes of data processing by the controller and third parties

We process your personal data only for the purposes stated in this Privacy Policy. Your personal data will not be transferred to third parties for purposes other than those stated. We only share your personal data with third parties if:

you have given your explicit consent,
processing is necessary for the performance of a contract with you,
processing is necessary to comply with a legal obligation,
processing is necessary to protect legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.

Deletion and blocking of data

We adhere to the principles of data minimization and data economy. We therefore store your personal data only as long as is necessary to achieve the purposes stated herein or as provided for by the retention periods stipulated by law. After the respective purpose no longer applies or these periods expire, the relevant data will be routinely blocked or deleted in accordance with statutory provisions.

1. Collection of general information when visiting our website

When you access our website, general information is automatically collected by means of a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, and similar data. This is exclusively information that does not allow any conclusions to be drawn about your person.

This information is technically necessary in order to correctly deliver the content of websites requested by you and is unavoidable when using the Internet. In particular, it is processed for the following purposes:

Ensuring a smooth connection setup to the website,
Ensuring smooth use of our website,
Evaluating system security and stability, and
Other administrative purposes.

The processing of your personal data is based on our legitimate interest in collecting data for the purposes described above. We do not use your data to draw conclusions about your person. Recipients of the data are only the controller and, if applicable, processors.

Anonymous information of this kind may be statistically evaluated by us in order to optimize our website and the underlying technology.

2. Cookies

Like many other websites, we use so-called “cookies”. Cookies are small text files that are transferred from a website server to your hard drive. This automatically provides us with certain data such as IP address, browser used, operating system, and your connection to the Internet.

Cookies cannot be used to start programs or transmit viruses to a computer. Using the information contained in cookies, we can make navigation easier for you and enable the correct display of our website.

Under no circumstances will the data collected by us be passed on to third parties or linked with personal data without your consent.

Of course, you can generally view our website without cookies. Internet browsers are usually set to accept cookies. In general, you can disable the use of cookies at any time via your browser settings. Please use the help functions of your Internet browser to learn how to change these settings. Please note that individual functions of our website may not work if you disable the use of cookies.

3. SSL encryption

To protect the security of your data during transmission, we use encryption methods that correspond to the current state of the art (e.g., SSL) via HTTPS.

4. Newsletter

Based on your explicit consent, we regularly send you our newsletter or comparable information by email to the email address you have provided.

To receive the newsletter, it is sufficient to provide your email address. When registering to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers may also be informed by email about circumstances relevant to the service or registration (e.g., changes to the newsletter offering or technical conditions).

For effective registration, we require a valid email address. To verify that a registration is actually made by the owner of an email address, we use the “double opt-in” procedure. For this purpose, we log the newsletter order, the sending of a confirmation email, and the receipt of the reply requested therein. No further data is collected. The data is used exclusively for sending the newsletter and is not passed on to third parties.

You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time. Each newsletter contains a corresponding link. You can also unsubscribe at any time directly on this website or inform us of your request using the contact option provided at the end of this Privacy Policy.

Brevo

This website uses Brevo for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is a service that can be used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of receiving the newsletter is stored on the servers of Sendinblue GmbH in Germany.

Data analysis by Brevo

With the help of Brevo, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links were clicked, if any. This allows us, among other things, to determine which links are clicked particularly often.

We can also see whether certain predefined actions were carried out after opening/clicking (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter.

Brevo also enables us to segment (“cluster”) newsletter recipients according to various categories. Newsletter recipients can, for example, be segmented by age, gender, or place of residence. This allows the newsletters to be better tailored to the respective target groups.

If you do not want analysis by Brevo, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter message.

For detailed information about Brevo’s functions, please see: https://www.brevo.com/de/newsletter-software/

Legal basis

Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.

Storage period

The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter with us or the newsletter service provider and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us and/or the newsletter service provider in a blacklist, insofar as this is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

For more information, please refer to Brevo’s privacy policies: https://www.brevo.com/de/datenschutz-uebersicht/ as well as https://www.brevo.com/de/legal/privacypolicy/

Data processing agreement

We have concluded a data processing agreement for the use of the above-mentioned service. This is a contract required under data protection law which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

5. Contact form

If you contact us by email or via the contact form with questions of any kind, you give us your voluntary consent for the purpose of contacting you. This requires providing a valid email address, your first and last name, and your postal code. This is used to assign the request and subsequently answer it. Providing further data is optional. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions. After your request has been processed, personal data will be deleted automatically.

6. Use of Matomo

This website uses the open-source web analytics service Matomo. With the help of Matomo, we can collect and analyze data about the use of our website by website visitors. This allows us, among other things, to find out when which pages were accessed and from which region they come. In addition, we record various log files (e.g., IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g., clicks, purchases, etc.).

The use of this analytics tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website offering and its advertising. If consent is requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

IP anonymization

When analyzing with Matomo, we use IP anonymization. Your IP address is shortened before analysis so that it can no longer be clearly assigned to you.

Hosting

We host Matomo exclusively on our own servers, so that all analytics data remains with us and is not disclosed to third parties.

7. Online presences on social media

We maintain online presences within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services.

Please note that user data may be processed outside the European Union. This may result in risks for users because, for example, enforcement of users’ rights could be more difficult. With regard to US providers that are certified under the Privacy Shield, we note that they thereby undertake to comply with EU data protection standards.

Furthermore, user data is generally processed for market research and advertising purposes. For example, usage profiles can be created from usage behavior and resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the users’ interests. For these purposes, cookies are generally stored on users’ computers, in which usage behavior and interests are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if users are members of the respective platforms and are logged in to them).

The processing of users’ personal data is based on our legitimate interests in effective user information and communication with users pursuant to Art. 6(1)(f) GDPR. If users are asked by the respective providers for consent to data processing (i.e., they declare their consent, for example, by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6(1)(a) and Art. 7 GDPR.

For a detailed presentation of the respective processing operations and the options to object (opt-out), we refer to the information provided by the providers linked below.

Also in the case of requests for information and the assertion of user rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you nevertheless need help, you can contact us.

Facebook

The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter “Meta”). According to Meta, the collected data is also transferred to the USA and other third countries.

You can adjust your advertising settings independently in your user account. To do so, click the following link and log in: https://www.facebook.com/settings?tab=ads

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

For details, please refer to Facebook’s Privacy Policy: https://www.facebook.com/about/privacy/

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider via: https://www.dataprivacyframework.gov/participant/4452

X (formerly Twitter)

The provider is the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The entity responsible for data processing for persons living outside the USA is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can adjust your X privacy settings independently in your user account. To do so, click the following link and log in: https://x.com/settings/account/personalization

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://gdpr.x.com/en/controller-to-controller-transfers.html

For details, please refer to X’s (formerly Twitter) Privacy Policy: https://x.com/de/privacy

Instagram

The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For details on how they handle your personal data, please refer to Instagram’s Privacy Policy: https://privacycenter.instagram.com/policy/

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information: https://www.dataprivacyframework.gov/participant/4452

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs

For details on how they handle your personal data, please refer to LinkedIn’s Privacy Policy: https://www.linkedin.com/legal/privacy-policy

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information: https://www.dataprivacyframework.gov/participant/5448

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube’s Privacy Policy: https://policies.google.com/privacy?hl=de

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information: https://www.dataprivacyframework.gov/participant/5780

8. Analytics tools

LinkedIn Insight Tag

We use the LinkedIn Insight Tag conversion tracking tool on our website. The service provider is the American company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection-related aspects in the European Economic Area (EEA), the EU and Switzerland, LinkedIn Ireland Unlimited, Wilton Place, Dublin 2, Ireland is responsible.

By embedding the tracking tool, data can be sent to LinkedIn, stored and processed there. In this Privacy Policy, we inform you which data is involved, how the network uses this data and how you can manage or prevent data storage.

If you click on a LinkedIn ad, a cookie may be stored on your computer or mobile device. LinkedIn processes data using cookies and server-side functions. If an action is completed on our website, LinkedIn recognizes the cookie as a conversion. While you browse our site, we and LinkedIn recognize that you came to us via the LinkedIn ad. The cookie is read and the conversion data is sent back to LinkedIn. Additional cookies may also be used to measure conversions. In addition to your IP address, URL, referrer URL, device and browser properties and the timestamp are stored, whereby the IP address is truncated or hashed at LinkedIn.

Conversions occur when you perform an action after clicking our ad, e.g., visit our website or purchase a product. The LinkedIn conversion tracking tool enables us to record behavior after the click, e.g., purchases, services or newsletter sign-ups. Demographic data from your LinkedIn profile, such as profession, geographic location and industry, may also be processed. LinkedIn provides us with a statistical report showing information about the total number of clicks and the success of different advertising measures.

If you have consented to the use of the LinkedIn Insight Tag, the legal basis for the corresponding data processing is this consent. Pursuant to Art. 6(1)(a) GDPR (consent), this consent is the legal basis for processing personal data as may occur when collected by the LinkedIn Insight Tag. Consent is obtained via our cookie manager and can be revoked at any time.

LinkedIn also processes your data in the USA, among other places. We note that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the lawfulness and security of data processing.

As a basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway—especially the USA) or for a transfer of data there, LinkedIn uses so-called Standard Contractual Clauses (Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are template clauses provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). By these clauses, LinkedIn undertakes to maintain the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information about LinkedIn’s Standard Contractual Clauses can be found at https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu-sccs

The company is also certified under the “EU-US Data Privacy Framework” (DPF). Further information can be obtained from the provider via: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000L0UZAA0&status=Active

You can learn more about the LinkedIn Insight Tag at: https://www.linkedin.com/help/linkedin/answer/a427660

More about the data processed through the LinkedIn Insight Tag can also be found in LinkedIn’s Privacy Policy: https://de.linkedin.com/legal/privacy-policy

Meta Pixel (formerly Facebook Pixel)

This website uses the visitor action pixel from Facebook/Meta for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

This allows the behavior of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This makes it possible to evaluate the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising measures.

The data collected is anonymous for us as the operator of this website; we cannot draw conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with Facebook’s data usage policy (https://de-de.facebook.com/about/privacy/). This allows Facebook to display ads on Facebook pages and outside of Facebook. As the website operator, we cannot influence this use of the data.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

We use the Enhanced Matching feature within the Meta Pixel.

Enhanced Matching enables us to transmit various types of data (e.g., place of residence, state, postal code, hashed email addresses, names, gender, date of birth or phone number) of our customers and prospects collected via our website to Meta (Facebook). This activation enables us to tailor our advertising campaigns on Facebook more precisely to people who are interested in our offers. In addition, Enhanced Matching improves the attribution of website conversions and expands Custom Audiences.

Insofar as personal data is collected on our website with the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data-protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Further information about protecting your privacy can be found in Facebook’s data protection notices: https://de-de.facebook.com/about/privacy/

You can also deactivate the “Custom Audiences” remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . To do so, you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information can be obtained from the provider via: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Google Tags

A Google Tag is a small code snippet that we use on our website to measure certain user activities or to transmit data to Google services such as Google Analytics, Google Ads or other marketing and analytics tools. A Google Tag (e.g., gtag.js) is a universal tracking code used for the centralized integration of Google products; this means that only a single tag is needed instead of many different ones for each individual Google tool.

Google conversion tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website are clicked how often and which products are viewed or purchased particularly frequently. This information is used to compile conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive information that could be used to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

More information about Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information: https://www.dataprivacyframework.gov/participant/5780

Google Ads Remarketing

This website uses Google Ads Remarketing functions. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads Remarketing allows us to assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked with Google’s cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you on one device (e.g., mobile phone) depending on your previous usage and browsing behavior can also be displayed on another of your devices (e.g., tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: https://adssettings.google.com/anonymous?hl=de

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

Further information and Google’s privacy policy can be found at: https://policies.google.com/technologies/ads?hl=de

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information: https://www.dataprivacyframework.gov/participant/5780

9. Google Web Fonts

This site uses so-called web fonts for uniform display of fonts, which are provided by Google. The Google Fonts are installed locally. No connection to Google servers takes place.

10. Use of Google Maps

This website uses the Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of the map functions by visitors. Further information about Google’s data processing can be found in Google’s privacy policy (http://www.google.com/privacypolicy.html). There you can also change your personal privacy settings in the privacy center.

Detailed instructions on managing your own data in connection with Google products can be found here: http://www.dataliberation.org/

11. Embedded YouTube videos

On some of our web pages we embed YouTube videos. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a page with the YouTube plug-in, a connection is established to YouTube servers. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can associate your browsing behavior with you personally. You can prevent this by logging out of your YouTube account beforehand.

If a YouTube video is started, the provider sets cookies that collect information about user behavior.

If you have disabled the storage of cookies for the Google ad program, you will not have to expect such cookies when watching YouTube videos either. However, YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in your browser.

Further information on data protection at “YouTube” can be found in the provider’s Privacy Policy at: https://www.google.de/intl/de/policies/privacy/

12. Data protection information for online meetings and other forms of digital collaboration via Microsoft Teams and other “Microsoft Office 365” applications

The controller uses Microsoft Teams and other cloud-based services of the “Microsoft Office 365” program suite to conduct telephone conferences, online meetings, video conferences and/or webinars as well as online trainings and online consultations and to enable digital collaboration during these activities (hereinafter: online meetings or digital collaboration).

Microsoft Teams and Microsoft Office 365

Microsoft Teams and Microsoft Office 365 are services of Microsoft Corp, One Microsoft Way, Redmond, WA 98052-6399.

Below you will find Microsoft’s privacy information:

Privacy statement: https://privacy.microsoft.com/de-de/privacystatement

Data protection information on the use of MS Teams: https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer/

Privacy topic page with FAQs and contact options: https://privacy.microsoft.com/de-DE/faq

Microsoft Teams and Microsoft Office 365 are used on the basis of Art. 6(1)(f) GDPR (lawfulness of processing).

The controller responsible for data processing in direct connection with conducting “online meetings or digital collaboration” is DEPRAG SCHULZ GMBH u. CO. KG.

The use of Microsoft depends on the use of the respective “Microsoft Office 365” service. For Microsoft Teams, it is only required to download the app. For other “Microsoft Office 365” services (with the exception of Microsoft Forms), an additional login and use of web apps in the browser is required.

With Microsoft Teams you can participate in conferences via the app using a link, the integrated calendar in Teams, or in the respective chats or Teams channels. If you do not want or cannot use the Microsoft Teams app, basic functions are also available via a browser version, which you can also find on the Microsoft Office 365 website. When using Microsoft Teams or Microsoft Office 365, various types of data are processed. The scope of the data also depends on what information you provide before or when participating in an online meeting.

The following personal data is processed: User information: first name, last name, phone (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional); online metadata: topic, description (optional), participant IP addresses, device/hardware information; in the case of recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat; in the case of dial-in by telephone: information on incoming and outgoing telephone number, country name, start and end time. Further connection data such as the IP address of the device may be stored; text, audio and video data: you may be able to use chat, Q&A or survey functions as well as other upload/download functions for files such as images, audio, video or Office documents. Insofar, the data you provide is processed to display it in the online meeting and to make it accessible to other participants during or after the meeting and, if applicable, to log it.

To enable video display and audio playback, the data from your end device’s microphone and any camera is processed for the duration of the meeting. You can switch off the camera or mute the microphone yourself at any time via the Microsoft Teams applications. To participate in an online meeting or enter the meeting room, you must at least provide your name.

The controller uses Microsoft Teams to conduct online meetings and Microsoft Office 365 to provide additional Microsoft cloud services for digital collaboration. If online meetings are to be recorded, you will be informed transparently in advance and, where necessary, asked for consent. The fact that a recording is taking place is also displayed in Microsoft Teams. If it is necessary for the purposes of documenting the results of an online meeting, chat content will be logged by those processing the meeting. However, this will generally not be the case. In the case of webinars, questions asked by webinar participants may also be processed for the purposes of recording and follow-up.

If you are registered with Microsoft as a user or participate as a guest in a conference, reports on online meetings (meeting metadata, telephone dial-in data, Q&A in webinars, survey function in webinars) may be stored in the corresponding Microsoft services until the end of the meeting or the respective training measure plus one month thereafter.

Personal data processed in connection with participation in online meetings or digital collaboration in Microsoft Teams and in “Microsoft Office 365” services provided by DEPRAG SCHULZ GMBH u. CO. KG will not be passed on to third parties unless it is intended for disclosure. Please note that content from online meetings or digital collaboration—just like in face-to-face meetings—often serves precisely to communicate information with customers, prospects or third parties and is therefore intended for disclosure. The provider of Microsoft Office 365 (MS Teams) necessarily obtains knowledge of the above data insofar as this is provided for within the scope of our data processing agreement with Microsoft.

Microsoft Teams and Microsoft Office 365 are services provided by a provider from the USA. The controller has concluded a data processing agreement with the provider that meets the requirements of Art. 28 GDPR. According to Microsoft Corporation, the processing of personal data takes place exclusively on servers within the European Union. An adequate level of data protection is guaranteed by concluding the so-called EU Standard Contractual Clauses with Microsoft Corporation.

13. Data protection provisions on the use of MS Forms

The controller regularly uses Microsoft Forms as part of Microsoft Office 365 for online surveys for the purpose of quality assurance of events. Surveys can be addressed in various ways (via hyperlink, QR code, embedding in a website or email dispatch). Participation in surveys is voluntary and possible without user registration with Microsoft. Based on the survey results, the processor produces anonymous evaluations that do not relate to the surveyed person. If personal data is specifically collected and further processed via surveys, we will inform you separately in advance and—where necessary—ask for your consent.

14. Data protection provisions on the use of GoTo Webinar

We use the tool GoTo Webinar to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). GoTo Webinar is a service of GoTo Technologies Ireland Unlimited Company. Further information on data protection and data security can be found here: https://www.goto.de/company/rechtliches/datenschutz

Note: If you access the GoTo Webinar website, the provider is responsible for data processing. Accessing the website is only necessary to download the software for using GoTo Webinar. If you do not want or cannot use the GoTo Webinar app, basic functions are also available via a browser version, which you can also find on the GoTo Webinar website: https://www.goto.de/webinar/teilnehmen

Which data is processed?

When using GoTo Webinar, various types of data are processed. The scope of the data also depends on what information you provide before or when participating in an “online meeting”. The following personal data is processed:

User information when registering:

First name, last name, email address, location (optional), company/organization (optional), job title (optional), meeting metadata: topic, description (optional), participant IP addresses, device/hardware information

In the case of recordings (optional):

MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

In the case of dial-in by telephone:

Information on incoming and outgoing telephone number, country name, start and end time. Further connection data such as the IP address of the device may be stored.

Text, audio and video data:

You may be able to use chat, Q&A or survey functions in an “online meeting”. Insofar, the text you enter is processed to display it in the “online meeting” and, if applicable, to log it. To enable video display and audio playback, data from your end device’s microphone and any camera is processed for the duration of the meeting. You can switch off the camera or mute the microphone yourself at any time via the GoTo Webinar application. To participate in an “online meeting” or enter the “meeting room”, you must at least provide your name. However, this can be pseudonymized in the settings.

Scope of processing

We use GoTo Webinar to conduct “online meetings”. If it is necessary for the purposes of documenting the results of an online meeting, we will log the chat content. In the case of online seminars, we may also process questions asked by online seminar participants for the purposes of recording and follow-up.

If you are registered with GoTo Webinar as a user, reports on “online meetings” (meeting metadata, telephone dial-in data, Q&A in webinars, survey function in webinars) may be stored by GoTo Technologies Ireland Unlimited Company for up to one month.

Legal bases for data processing

If meetings are conducted within the framework of contractual relationships, the legal basis for data processing in conducting “online meetings” is Art. 6(1)(b) GDPR. If there is no contractual relationship, the legal basis is Art. 6(1)(f) GDPR. Here, too, our interest lies in the effective conduct of “online meetings”.

Recipients / disclosure of data

Personal data processed in connection with participation in “online meetings” will not be passed on to third parties unless it is intended for disclosure.

Further recipients

The provider necessarily obtains knowledge of the above data insofar as this is provided for within the scope of our data processing agreement.

Data processing outside the European Union

GoTo Webinar is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded a data processing agreement with the provider that meets the requirements of Art. 28 GDPR and guarantees an adequate level of data protection by concluding the so-called EU Standard Contractual Clauses: https://www.goto.de/company/rechtliches/datenschutz

15. Data protection provisions on the use of Zammad

We use the email ticket system of Zammad GmbH, Marienstraße 11, 10117 Berlin (“Zammad”), to process customer inquiries. If users of our website contact us by email, these inquiries are stored and organized in the ticket system to enable chronological processing and improve the service experience. Users can always view the current status of processing their request using the individually assigned ticket number.

Personal data is collected, stored and read in Zammad exclusively for organizing and processing inquiries—provided within the inquiry, but in any case name, first name and email address. We ensure that internally only persons who absolutely need this access have access to this information. Personal data is treated confidentially and is not made available to the general public. This data is also not used for marketing or profiling within the meaning of the GDPR.

The legal basis for processing this data is our legitimate interest in efficiently organizing our customer service, responding to your request as quickly as possible, and optimizing our service offering pursuant to Art. 6(1)(f) GDPR.

Your data will be deleted after your inquiry has been conclusively processed. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified and insofar as no statutory retention obligations conflict with this.

Further information on Zammad’s data protection can be found at: https://zammad.com/de/unternehmen/datenschutz

Changes to our privacy policy

We reserve the right to adapt this Privacy Policy so that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy, e.g., when introducing new services. The new Privacy Policy will then apply to your next visit.

Questions to the Data Protection Officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization directly:

Bastian Blank
Carl-Schulz-Platz 1 | 92224 Amberg
Phone: +49 9621 371-208
Email: datenschutz@deprag.de