Data protection declaration of consent in accordance with the EU General Data Protection Regulation (GDPR) for webinar participants

At DEPRAG SCHULZ GMBH u. CO. KG (hereinafter referred to as DEPRAG) your privacy is respected. All data collected is used to improve our services. Data protection and data security for customers and users are a high priority for DEPRAG. The protection of your personal data throughout our business processes is therefore of particular concern to us.

In accordance with Art. 13 of the EU General Data Protection Regulation (GDPR), this privacy policy explains what information is collected when you participate in webinars and how it is used.

 

1. Purposes and legal bases of processing

The first purpose of processing your data is to plan and conduct webinars. Your data is collected to identify you as a participant in the session and to enable subsequent contact by one of our sales partners.

For webinars, the legal basis is Art. 6 (1) (b) GDPR (initiation or performance of a contractual relationship). In the event of a legal obligation (for example, if proof of participation must be provided), processing is also carried out in accordance with Art. 6 para. 1 letter c) GDPR. In principle, sessions are not recorded. If this is not the case, you will be informed of this before the start of the meeting and asked for your consent, Art. 6 para. 1 lit. a) GDPR.

Finally, data is also processed on the basis of legitimate interest, Art. 6 (1) (f) GDPR. The legitimate interest lies in the efficient, temporally and spatially flexible execution of the respective session, the statistical evaluation to improve the quality of DEPRAG products or to combat misuse and to increase customer satisfaction.

The following categories of data are processed:

  • User data (e.g. first and last name, email address, password)
  • Meeting data (e.g. topic, date, time, meeting ID)
  • Meeting metadata (e.g. device IDs, device hardware information, type of connection)
  • Text, audio and/or video files (depending on your entries in the meeting, for example in the chat and when using the camera and microphone of your end device)

If necessary, the organizer of the webinar will give you the opportunity to "share" your

screen so that your screen content is also visible to the other webinar participants and the organizer and any moderators/speakers. To enable this, as well as the display of video and the playback of audio, the data will be stored accordingly during the duration of the meeting, the data from the microphone of your end device and from any video camera any video camera on the end device as well as the video data displayed on your screen will be displayed on your screen. You can control the camera, mute the microphone and the sharing of your screen at any time via the webinar applications.

We use either Microsoft Teams or GoTo Webinar to conduct webinars.

Some of the applications can be started via your browser or via an app. You can register for this or use guest access. Webinars may require more detailed information to ensure that they are conducted properly.

If you access the GoTo Webinar website, its provider, GoTo Technologies Ireland Unlimited Company, is responsible for data processing. You can find the provider's data protection information on its website.

Accessing the GoTo Webinar website is necessary to use GoTo Webinar for the following two purposes:

  • to download the software to use GoTo Webinar
  • to register for a webinar

You can also use GoTo Webinar if you use the GoTo Webinar app and enter the access data for the webinar there. If you do not want to or cannot use the GoTo Webinar app, the functions can also be used via the browser version, which you can also find on the GoTo Webinar website.

The second purpose of the processing is the subsequent contact by one of our sales partners. The legal basis here is Article 6(1)(a) GDPR (consent). The following categories of data are processed:

  • First name & surname
  • e-mail address
  • Company name

 

2. Joint responsibility for data processing in accordance with Art. 26 GDPR

When processing personal data for contacting us, there is joint responsibility in accordance with Art. 26 GDPR, which exists between DEPRAG Amberg and the sales partner responsible for you. The assignment of the sales partner is based on your country:

Country

Sales partner

Information on joint responsibility

Czech Republic

DEPRAG CZ a.s.
T. G. Masaryka 113
CZ-50781 Lázně Bělohrad

joint responsibility document

United Kingdom

DEPRAG Ltd.
Unit B4, Pegasus Court
Ardglen Industrial Estate
Whitchurch
Hants
RG28 7BP
United Kingdom

joint responsibility document

France

DEPRAG SARL
ZI de la Vertonne
1 ter avenue de la Vertonne
F-44120 VERTOU

joint responsibility document

Scandinavia

DEPRAG Scandinavia AB
Gap Sundins väg 3
SE-633 46 ESKILSTUNA

joint controllership document

 

3. Recipients or categories of recipients of the personal data

In principle, your data will only be transferred to third parties if it has been contractually agreed to or if it is necessary for the fulfillment of the contract or if you have given your prior consent or if we are legally obliged to do so.

Microsoft Corporation, based in Redmond, USA, is the processor for the provision of the Teams service and the associated data processing.

For the provision of the GoTo Webinar service and the associated data processing, GoTo Technologies Ireland Unlimited Company, based in Ireland, is the processor. This provider also uses sub-processors. The company provides a current list of these sub-processors on its website.

 

4. Transfer of personal data to a third country

There are no plans to transfer your personal data to a third country/international organization. Please note, however:

For Microsoft Teams, processing of your data generally takes place within the EU, as DEPRAG has defined a European data center as the storage location. If data is transferred to a service provider based in a third country, the transfer is based on standard contractual clauses (SCC) as suitable guarantees. Further information on data processing by Microsoft can be found here:

https://privacy.microsoft.com/de-de/privacystatement

GoTo Webinar is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing contract with the provider that meets the requirements of Art. 28 GDPR and guarantees an adequate level of data protection by concluding the so-called EU- standard contractual clauses.

https://www.goto.de/company/rechtliches/datenschutz

 

5. Duration of the storage of personal data

We process your data for as long as is necessary to fulfill the purpose of processing or in accordance with legal requirements.

In principle, the data relating to the virtual execution of the respective session will be deleted after the end of the session. If you have registered with one of the services used, other principles may apply here. If you have given your consent, your data will be deleted upon revocation, provided that there are no legal retention periods to the contrary.

Data that we use to contact you will be stored in our CRM system for a period of four years and processed by the sales partner responsible for you. If there is no reason for further processing of this data after this period, we will delete it.

 

6. Security measures

DEPRAG uses extensive technical and operational security measures to protect the personal data we manage against misuse, accidental or deliberate manipulation and against access by unauthorized persons. Our security procedures are continuously improved in line with technological developments.

 

7. Rights of data subjects

When processing your personal data, the EU General Data Protection Regulation grants you certain rights:

1. Right of access (Art. 15 GDPR):

You have the right to request confirmation as to whether personal data concerning you is being processed. If this is the case, you have a right of access to this personal data and to the information listed in detail in Art. 15 GDPR.

2. Right to rectification (Art. 16 GDPR):

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data.

3. Right to erasure (Art. 17 GDPR):

You also have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.

4. Right to information (Art. 19 GDPR):

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients by the controller.

5. Right to restriction of processing (Art. 18 GDPR):

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have lodged an objection to the processing, for the duration of any verification.

6. Right to data portability (Art. 20 GDPR):

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

7. Revocation of consent (Art. 7 para. 3 GDPR):

You have the right to withdraw your consent at any time. This means that we will no longer continue the data processing that we previously carried out on the basis of your consent. Your revocation does not affect the legality of the data processing that has already taken place.

8. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR):

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of the data concerning you violates data protection regulations. The right to lodge a complaint can be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

9. Right to object (Art. 21 GDPR):

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e) or Art. 6 para. 1 lit. f) GDPR, in accordance with Art. 21 para. 2 GDPR.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

 

8. Controller for data processing

DEPRAG SCHULZ GMBH u. CO. KG
Carl-Schulz-Platz 1
92224 Amberg
Deutschland

Tel: +49 (0) 9621 / 371-0
Fax +49 (0) 9621 / 317-120

E-Mail: info@deprag.de
Internet: www.deprag.de

Managing Director:
Dr. Erik Hallmann / Dr.-Ing. Rolf Pfeiffer

 

9. Data protection officer of the controller

Bastian Blank
Carl-Schulz-Platz 1
92224 Amberg
Deutschland

Tel: +49 (0) 9621 / 371-208
E-Mail: datenschutz@deprag.de