At DEPRAG SCHULZ GMBH & CO. KG (hereinafter named DEPRAG), your privacy is respected. All data gathered serves to improve our service to you. Data protection and data security for our customers and users is a high priority at DEPRAG. The protection of your personal data throughout our business processes is of particular importance to us.
1. Purposes and legal basis for processing
The purpose of processing your data is to plan and conduct online meetings, webinars or video conferences. Your data is gathered in order to identify you as a participant in the meeting.
For video conferences and webinars the legal basis is Article 6, Paragraph 1, Letter b) GDPR (initiation or implementation of a contractual relationship). In cases of legal obligation (e.g. if participation needs to be proven), processing is in accordance with Article 6, Paragraph 1, Letter c) GDPR.
Sessions are not generally recorded. If this should be different, you will be informed of this prior to the start of the session and asked for your consent, Article 6, Paragraph 1, lit. a) GDPR.
Finally, data may also be processed for legitimate interest, Article 6, Paragraph 1, Letter f) GDPR. Legitimate interest encompasses the efficient, timely and spatially flexible implementation of each session, statistical evaluation to improve the quality of DEPRAG products or to combat misuse or increase customer satisfaction.
The following categories of data are processed:
- User data (e.g. first and second name, email address, password)
- Meeting data (e.g. topic, data, time, meeting ID)
- Meeting meta data (e.g. device IDs, information about device hardware, type of connection)
- Text, audio or video files (depending on your input to the meeting, such as the chat box and when using the device camera or microphone)
Microsoft Teams is used to conduct the meetings and webinars. The application can be started partially via your browser or via an app. You can sign on and register or enter with guest access. In the case of webinars, detailed information may be required in order to execute these properly.
2. Receivers or categories of receivers of personal data
In principle, your data is only transferred to third parties if this has been contractually agreed or if it is required for the fulfillment of the contract if you have given your prior consent or if we are legally obliged to do so. Microsoft Corporation based in Redmond USA is the processor for the provision of Teams and any associated data processing.
3. Transfer of personal data to third countries
It is not planned to transfer your personal data to a third country / international organisation. However please note:
For Microsoft Teams, your personal data is usually processed within the EU as DEPRAG has defined a European data centre as the storage location. If data were to be transmitted to a service provider based in a third country, the transfer would be based on standard contractual clauses (SCC) as suitable guarantees. Further information on Microsoft data processing can be found here:
4. Duration of the storage of personal data
We process your data for as long as necessary to fulfill the processing purpose or in accordance with legal requirements.
In principle, data related to the virtual realisation of each session is deleted at the end of the session. If you have registered with one of the services used, other principles may apply. If consent has been given, data will be deleted with revocation, if there is no legally mandated retention period.
5. Security measures
DEPRAG utilises extensive technical and operational security precautions to protect your personal data which we manage against misuse, accidental or intentional manipulation or unauthorised access by third parties. Our security measures are continually improved in line with technological advancements.
6. Data subject rights
When processing your personal data, the EU General Data Protection Regulation grants you certain rights:
1. Right to information (Article 15 GDPR):
You have the right to request confirmation of whether personal data relating to you is being processed. If this is the case, you have a right to information about this personal data and to the information listed in detail in Article 15 GDPR.
2. Right to rectification (Article 16 GDPR):
You have the right to request the immediate correction of incorrect personal data relating to you and if necessary, the supplementation of any incomplete personal data.
3. Right to be forgotten (Article 17 GDPR):
You also have the right to request that personal data relating to you is deleted immediately if one of the reasons listed in Article 17 GDPR applies, e.g. if the data is no longer required for the purpose pursued.
4. Right to notification (Article 19):
If you have enforced the right to rectification, deletion or restriction of processing against the entity responsible, they are obligated to inform all recipients to whom the personal data relating to you has been disclosed, of the rectification, deletion or restriction of processing, unless this proves to be impossible or involves a disproportionate amount of effort.
You have the right to be informed about these recipients by the responsible entity.
5. Right to restriction of processing (Article 18 GDPR):
You have the right to request restriction of processing if one of the conditions of Article 18 GDPR is met, e.g. if you have lodged an objection to processing for the period of a particular examination.
6. Right to data portability (Article 20 GDPR):
In certain cases, which are listed in Article 20 GDPR, you have the right to receive personal data relating to you in a structured, standard, machine readable format or to request transfer of this data to a third party.
7. Right to withdraw consent (Article 7, Paragraph 3 GDPR):
You have the right to withdraw your consent at any time. As a result we will no longer continue the data processing previously carried out with your consent. Your revocation does not affect the legality of data processing which has already taken place prior to this.
8. Right to lodge a complaint with a supervisory authority (Article 77 GDPR):
You have the right in accordance with Article 77 GDPR, to lodge a complaint with a supervisory authority if you are of the opinion that the processing of the data relating to you violates data protection regulations. The right to lodge a complaint can particularly be enforced with a supervisory authority in the member state of your place of residence, your place of work or the location of the alleged infringement.
9. Right to object (Article 21):
You have the right, for reasons arising from your particular situation, to object to the processing of your personal data relating to Article 6, Paragraph 1, lit e) or Article 6, Paragraph 1, lit f) GDPR at any time in accordance with Article 21, Paragraph 2 GDPR.
The responsible entity will no longer process the personal data relating to you unless they can demonstrate legitimately compelling grounds for the processing which outweight your interests, rights and freedoms, or if the processing serves to enforce, exercise or defend legal claims.
If the personal data relating to you is processed for purposes of direct advertising, you have the right to withdraw your consent at any time to the processing of your data for the purpose of such advertising; this also applies to profiling insofar as it relates to direct advertising.
Entity responsible for data processing
DEPRAG SCHULZ GMBH u. CO. KG
Phone: +49 (0) 9621 / 371-0
Fax: +49 (0) 9621 / 317-120
Dr. Erik Hallmann / Dr.-Ing. Rolf Pfeiffer
Data protection officer of the responsible entity
Phone:: +49 (0) 9621 / 371-208