Privacy Policy

Privacy policy GDPR
Maritimes Cluster Norddeutschland e. V.

 

Name and address of the controller

The controller for the purposes of the General Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law is:

Maritimes Cluster Norddeutschland e. V.
Wexstrasse 7
20355 Hamburg, Germany
Tel.: +49 40 227019-499
Email: info@maritimes-cluster.de
Website: www.maritimes-cluster.de

 

Name and address of the data protection officer:

The data protection officer of the controller is:

Lawyer Stefan Johannsen
Kanzlei Johannsen
Küterstrasse 1-3, 24103 Kiel
Germany
Tel.: +49 431 53030 -801
Email: datenschutzbeauftragter@maritimes-cluster.de
Website: www.rechtsanwalt-johannsen.de

The Maritimes Cluster Norddeutschland e. V. (below: “MCN e. V.” or “we”) takes the protection of your personal data seriously. The following declaration informs you of how we collect, process and use your personal data when you visit our website, www.maritimes-cluster.de (below collectively referred to as: “use”).

 

General information concerning data processing

1. The extent of processing of personal data

We process the personal data of our users only to the extent necessary to provide our content, our services and a functioning website. The processing of our users' personal data normally occurs after users have granted their consent. An exception occurs where it is not possible to obtain prior consent for actual reasons and the processing of the data is legally permitted.

2. Legal basis of data processing

To the extent that permission of the affected individual is obtained for the processing of personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data to fulfil a contract whose contractual party is the individual affected, Article 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing required to implement pre-contractual measures.
If processing is required to fulfil a legal obligation to which our company is subject, Article 6 (1) lit. c GDPR serves as the basis for such processing.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. Then the processing would be based on Art. 6 (1) lit. d GDPR.
If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, then Article 6 (1) lit. f GDPR is the legal basis for such processing.

3. Data deletion and storage duration

The affected individual's personal data are deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can also occur if provided for by European or national legislators in EU regulations, acts or other legislation to which the controller is subject. Blocking or deletion of data occurs if a storage period prescribed by one of the aforementioned norms expires, unless a necessity exists in relation to the further storage of the data for the arrangement of a contract or the fulfilment of a contract.

If you wish to view or update your personal data, or if you have questions regarding data protection on our website, please contact us via our e-mail address, info@maritimes-cluster.de, or by post at any time.

 

Provision of the website and creation of log files

1. Description and extent of data processing

Each time you visit our website, our system automatically records data and information from the computer system of the visiting computer. The following data are gathered temporarily:

  • (1) Information about the browser type and the version used
  • (2) The user's operating system
  • (3) The user's internet service provider
  • (4) The IP address of the user
  • (5) Date and time of access
  • (6) Websites from which the user's system accesses our website
  • (7) Websites accessed by the user's system through our website

These data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal basis for data processing

If the IP addresses are stored in log files:

The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the transmission of the website to the user's computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR.

4. Duration of storage

Personal data are deleted as soon as the purpose of the storage ceases to apply. In the case of data collection for the provision of the website, this applies when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. A longer storage period is possible. In this case, the IP addresses of the users are deleted or obfuscated so that it is no longer possible to identify the accessing client system.

5. Right to deletion and objection

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. The user has no right to objection.

 

Cookie usage

a) Description and extent of data processing

Our website uses cookies. Cookies are text files stored in the internet browser, or by the internet browser on the user's computer system. If a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a sequence of characters enabling the browser to be clearly identified when visiting the website again. We deploy cookies that make it possible to analyse the surfing behaviour of our users. This way, the following data can be transmitted:

  • I. Entered search queries
  • II. Frequency of page visits
  • III. Use of website functions

When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of personal data used in this context is obtained. In this context, a reference is also made to this privacy policy.

b) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) lit. a GDPR if the user has given his consent.

c) Purpose of data processing

The purpose of utilising technically necessary cookies is to simplify the utilization of websites for users. Some of our website's functions cannot be offered without the usage of cookies. For these cookies, it is necessary that the browser can also be re-identified following a change of page We require cookies for the following applications:

  • I.Google Analytics
  • II.Transferring the browser's language setting
  • III. Noting of search queries entered

User data gathered by technically necessary cookies are not used to prepare user profiles.
The analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies tell us how the website is used and enable us to constantly optimise our services.
These purposes also include our legitimate interest in personal data processing pursuant to Art. 6 (1) lit. f GDPR.

d) Duration of storage, right to deletion and objection

Cookies are stored on the user's computer, which transmits them to our site. For this reason, you, as the user, also have full control over the utilisation of cookies. You can deactivate or restrict the transmission of cookies by changing your internet browser settings. Cookies that have already been saved can be deleted at any time. This can also occur automatically. If cookies for our website are deactivated, you may find not all of the website's functions can continue to be utilised in full.

This website uses cookies. We use cookies to personalise content and ads, provide social media features and analyse traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected in the course of your use of the services.

Please include your consent ID and date when contacting us regarding your consent.

Your consent applies to the following domains: www.maritimes-cluster.de

Your current status: Accept all. 

Your consent ID: deqCZud5ndq4qgczJVRUZopEPhRfxgAvSNlo4SE1VYpN5lfFvzk+rA==consent date: Tuesday, 5 April 2022 14:08:35 CEST

Change consent  |  Revoke consent

Cookie statement was last updated on 25.03.22 by Cookiebot:

Matomo (statistics and analysis tool)

This website uses the open source web analytics service Matomo. Matomo uses cookies. Cookies are text files that are saved on your computer and allow us to analyse your use of the website. In addition, the information generated by the cookies about the usage of this website is stored on our server. Before being stored, the IP address is anonymised.

Matomo cookies remain on your end devices until you delete them.

Matomo cookies are stored on the basis of Article 6 (1) lit f, GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising.

Information generated by the cookies about the usage of this website is not passed on to third parties. You can prevent cookies being stored by setting your browser software accordingly. However, we wish to point out that if you do so, you may not be able to fully use all functions on this website.

If you do not consent to the storage and usage of your data, you can deactivate the storage and usage below. In this case, your browser stores an opt-out cookie, which prevents Matomo from storing usage data. If you delete your cookies, it means that the Matomo opt-out cookie will also be deleted. The opt-out cookie must be reactivated the next time you visit our website.

Matomo opt out

You have the option to prevent your actions here from being analysed and linked. This option will protect your privacy, but it will also prevent the owner from learning from your actions and improving the usability for you and other users.

Newsletter

1. Description and extent of data processing

On our website, there is an option to subscribe to a newsletter free of charge. When registering for the newsletter, data from the data entry form are transmitted to us.

To implement the registration and cancellation procedure for the newsletter and its delivery, we use the services of “Clever-Reach”, a service company that processes your personal data on our behalf solely in accordance with our instructions and for the above-named purpose. “Clever-Reach” also measures the resonance of our newsletter, and evaluates this in the form of so-called “reports”. In the reports sent to us, data relating to the opening and clicking recipients is anonymised and the collection and processing of full IP addresses is prevented by the data protection settings selected by us. The use of “Clever-Reach” is based on legitimate interest by MCN e. V. in accordance with Article 6, Section 1 f) GDPR.

When registering, the following data are collected:

  • I. IP address of the visiting computer
  • II. Date and time of registration

Your consent will be obtained for the processing of your data during the registration process and reference will be made to this privacy policy.

No data will be transmitted to third parties in relation with data processing for the delivery of newsletters. The data will be used exclusively for the delivery of the newsletter.

2. Legal basis for data processing

The legal basis for the processing of data following registration for the newsletter by the user is Art. 6 (1) lit. a GDPR if the user has given his consent.

3. Purpose of data processing

The collection of the user’s email address serves to dispatch the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

4. Duration of storage

The data are deleted as soon as they are no longer required for the purpose for which they were gathered. The user's email address is stored for as long as the newsletter subscription is active.

Other personal data gathered in the course of the registration process are normally deleted after a period of seven days.

5. Right to deletion and objection

The respective user can terminate the newsletter subscription at any time. For this purpose, there is a corresponding link in every newsletter. This will also allow you to revoke your consent to the storage of personal data gathered during the registration process.

 

Registration

1. Description and extent of data processing

On our website, we offer users the option to register, entailing the entry of personal data in a data entry form. The data is entered into an entry form and transmitted to us, and then stored. The data will not be passed on to third parties. The following data is collected as part of the registration process:

Title, first and last name, company, address, industry, email, telephone number

The following data will also be stored at the time of registration:

I.The IP address of the user
II.Date and time of registration

As part of the registration process, the user's consent to the processing of these data is obtained.

2. Legal basis for data processing

The legal basis for the processing of these data is Art. 6 (1) lit. a GDPR if the user has given his consent.

3. Purpose of data processing

Registration by the user is necessary for the provision of certain contents and services on our website.

If you contact us via the events registration form and have issued your declaration of consent shown below, we shall use your personal data as follows:

For processing the form, the personal data you entered in the corresponding input fields of the registration form shall be collected and stored. This data, depending on individual cases, includes the following personal data in particular:

Title
First name and surname
Company
Email
Full address as the billing address (only for paid events)

This personal data will be used solely for the purpose of organising and realising the event and for analysing resonance, in particular for invoicing purposes, the creation of name badges and lists of participants and the sending of additional information relating to the event via e-mail. Insofar as we offer the event in question in cooperation with third parties, we may forward the data given in the registration form to our designated cooperation partners for the above purposes. Insofar as the event is an offer subject to a fee, you must give your full address as the invoice address in the registration form. This is used by us or our cooperation partners when realising the event, and solely for the purpose of sending the invoice.

In order to document the submission of your declaration of consent, we also store your IP address and the point in time at which you submitted your consent.

If you have given your separate consent for us to do so, we shall include the information provided in the registration form in a list of participants, which is sent to the other participants.

In order to document the submission of this declaration of consent, we also store your IP address and the point in time at which you submitted your consent.

Should you wish to cancel your registration for the event by e-mail to info@maritimes-cluster.de, the transferred personal data will be used solely for the purpose of implementing your cancellation of registration.

4. Duration of storage

Personal data are deleted as soon as the purpose of the storage ceases to apply.

This is the case for data collected during the registration process if the registration is aborted or changed on our website.

5. Right to deletion and objection

As a user, you have the possibility to cancel the registration at any time. You can have the data stored about you changed at any time.

You can revoke the use of your personal data in the future at any time (Article 21 GDPR), delete the data partially or in full (Article 17 GDPR), restrict data processing or block data (Article 18 GDPR) or demand information (Article 15 GDPR) regarding the data stored by us about you as an individual or its correction (Article 16 GDPR). You also have the option of obtaining the personal data related to you in a structured, accessible format that can be read electronically (Article 20 GDPR). No particular form of request is required; simply send us an e-mail, for example, to info@maritimes-cluster.de.

 

Contact form and email contact

1. Description and extent of data processing

A contact form is available on our website for the purposes of making contact electronically. If a user opts for this, the data entered in the data entry form are transmitted to us, and we save the data. These data are:

Title, first and last name, company, address, industry, email, telephone number

The following data will also be stored at the time of sending the message:

I.The IP address of the user
II.Date and time of registration

Your consent will be obtained for the processing of your data during the sending process and reference will be made to this privacy policy.

Alternatively, you can contact us via the email address provided. In this case, the personal data of the user transmitted with the email will be stored.

This data will not be passed on to third parties in this context. The data will be used exclusively to process the conversation.

2. Legal basis for data processing

The legal basis for the processing of these data is Art. 6 (1) lit. a GDPR if the user has given his consent.

The legal basis for the processing of data that was transmitted when sending an email is Article 6 (1) lit. f GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for processing is Article 6 (1) lit. b GDPR.

3. Purpose of data processing

We employ the processing of personal data from the data entry form solely to process the initiation of the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.

Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

Personal data are deleted as soon as the purpose of the storage ceases to apply. For personal data from the entry form of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Other additional personal data gathered during the sending process are normally deleted after a period of seven days.

5. Right to deletion and objection

At any time, users can revoke their consent to the processing of personal data. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

Mail to datenschutz@maritmes-cluster.de

In this case, all personal data stored in the course of establishing contact will be deleted.

 

YouTube

I. General Information

The Maritime Cluster Norddeutschland e. V., Wexstraße 7, 20355 Hamburg, Germany, in short: "MCN" (hereinafter also referred to as we/us) is responsible under data protection law for the YouTube channel you visit, insofar as we ourselves exclusively process the personal data (in short: "data") provided by you via YouTube. Insofar as the data collected and/or transmitted via YouTube is also or exclusively processed by MCN, Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland may be the data controller within the meaning of the General Data Protection Regulation (GDPR) in addition to MCN. You can find further information at https://policies.google.com/privacy?hl=de&gl=en

To the extent that this is necessary for the administration and/or the legally compliant operation of the YouTube channel, data may be passed on to the companies affiliated with the MCN. If permitted or required by law, the data may be analysed for reporting purposes (e.g. statistics). Your data will be processed exclusively in accordance with the applicable data protection regulations.

In order to manage and/or operate the YouTube channel in compliance with the law, we also transmit data to the following service providers:

II. Collection / processing of personal data by social media service providers

If you provide personal data via a YouTube channel, please carefully consider what type of personal data you are sharing with MCN via YouTube.

MCN's intention is not to process sensitive personal data (e.g. data according to Art. 9 and 10 of the GDPR).

If you are logged in to your YouTube account and visit our YouTube channel, YouTube is able to associate the data you enter with your social media profile. We would like to expressly point out that YouTube stores the data of its users (e.g. personal information, IP address, etc.) and may also use this data for business purposes; YouTube has sole responsibility for this under data protection law. You can find more information on how YouTube processes data in YouTube's privacy policy at https://policies.google.com/privacy?hl=en&gl=en.

Please note that we have no influence on the data collection and further processing of your data by YouTube. We are also unable to identify to what extent, in what location and for how long the data is stored, to what extent YouTube complies with existing deletion obligations, what analyses and links are made with the data and to whom the data is passed on.

If you would like to avoid YouTube processing data about you, please contact us by other means, i.e. not through the YouTube channel.

III. Data processing by the MCN via YouTube

MCN only processes personal data on the basis of data protection law. This can be found below:

Data Processing (Purpose)

Legal Basis

Storage Period

Contact / interaction with the MCN

Art. 6 Para. 1 b) of the GDPR,

Art. 6 Para. 1 f) of the GDPR

Your data will be deleted after your enquiry has been processed, providing there is no legal obligation to retain it. We consider processing to be complete when the circumstances indicate that the matter in question has been conclusively resolved.

Posting on the YouTube channel

Art. 6 Para. 1 f) of the GDPR

Your data will be displayed on YouTube if you do not delete your post/comment on YouTube itself. MCN does not address posts and comments from outside the named service providers. As soon as you delete your comment, it is automatically deleted from the platforms by our service providers. Deleting your comment on YouTube will result in the comment being deleted from the service provider's platform.

IV. Use of YouTube embedding feature

We use the YouTube LLC’s video embedding feature on our website. (901 Cherry Ave., San Bruno, CA 94066, USA; “YouTube”).
YouTube is a service associated with Google Ireland Ltd. (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland; “Google”).
The function displays videos stored on YouTube in an iFrame on the website. The “Privacy-Enhanced Mode” option is enabled. This prevents YouTube from storing information about website visitors. Only when you watch a video will information be transmitted to YouTube and stored there.
For more information about YouTube's and Google’s collection and use of information, and your rights and options to protect your privacy, please see the privacy policy on YouTube (https://www.youtube.com/t/privacy).
 

 

Use of the short link generator t1p.de

Our website uses functions of the short link generator t1p.de of the responsible provider Gnu York IT-Dienstleistungen, Eisenstuckstrasse 43, 01069 Dresden, Germany T1p.de is a short URL service with which internet addresses can be significantly shortened, so that they can be accessed more easily by users of our website. When using the plug-in, no personal data within the meaning of the GDPR will be stored by the users of the plug-in. For more information about t1p.de's collection and use of information, your rights and options to protect your privacy, please see the Gnu York IT Data Policy at https://t1p.de/datenschutzerklaerung.

 

Google Maps

This website uses Google Maps, a product of Google Ireland Ltd. By using this website, you consent to the collection, processing and use of automatically collected data by Google Ireland Ltd., its agents and third parties. The Google Maps Terms of Use can be found at “Google Maps Terms of Use”.

 

Mentimeter

MCN (Maritime Cluster Norddeutschland) uses the software application "Mentimeter" to conduct surveys and questionnaires. Personal data (IP address) is processed by a service provider commissioned by MCN in the course of conducting the survey. No data transmission to the Federal Office of Consumer Protection and Food Safety (BVL) or to third parties takes place.

Your IP address is processed to enable you to participate in online surveys and data collection. In addition, we process free-text entries that may be assigned to you on a personal basis. The other information in surveys and polls is not personal.

The collection of data serves exclusively the purposes of the association. The legal basis for the collection is Art. 6 para. 1 lit. e) and para. 2 GDPR in conjunction with § 3 BDSG (German Federal Data Protection Act). Insofar as you have given us consent to the processing of personal data concerning the opening of your participation in a survey with regard to the IP address or free text field processing, the lawfulness of these processing operations is based on your consent pursuant to Article 6 para. 1 lit. a) GDPR.

The recipient of the personal data is the service provider commissioned by MCN, Mentimeter AB, Alströmergatan 22, SE-112 47 Stockholm, Sweden (order processor). Your data is stored by the service provider (order processor) for 14 days after collection.

 

SurveyMonkey

Sometimes we ask you to participate in surveys to give us feedback on our work. We process the surveys using SurveyMonkey, a service provided by SurveyMonkey Inc. in San Mateo, California, USA. We do not ask you for personally identifiable information in surveys, nor can we link your responses to your person. Therefore, no personal data is processed by SurveyMonkey via Maritimes Cluster Norddeutschland e.V. However, SurveyMonkey collects some data on its own responsibility and uses tracking services, for example, to statistically record the use of its services. For details, please refer to SurveyMonkey's Privacy Policy, which can be found here: https://de.surveymonkey.com/mp/legal/privacy-policy/.

 

Podigee Podcast Hosting

MCN uses the podcast hosting service Podigee of the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded from Podigee or transmitted via Podigee.

The use is based on the legitimate interest of MCN, i.e. interest in a secure and efficient provision, analysis and optimization of the podcast offer pursuant to Art. 6 para. 1 lit. f) GDPR.

Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to gather statistical data, such as view counts. This data is rendered anonymous or pseudonymous before it is stored in Podigee's database, unless it is required for providing the podcasts.

More information on this and regarding the right to object is available in Podigee's Privacy Policy: https://www.podigee.com/de/about/privacy/.

 

WeTransfer

We use WeTransfer to transfer large amounts of data. The provider is WeTransfer B.V., Oostelijke Handelskade 751, 1019 BW Amsterdam, the Netherlands – a company that offers tools and/or services for the transfer of large amounts of data. WeTransfer is used exclusively for the secure transfer of data to service providers and business partners when this is required by the order and agreed upon in advance. Generally, data is encrypted when transmitted to servers in the EU, and encrypted when stored. When the function is used, data is forwarded to the website https://agentur22.wetransfer.com. Data processing is based on Art. 6 (1) lit. a and b GDPR. The customer has given his consent to the use of this function and this consent is be used to fulfil the contract.

 

GotoMeeting

MCN uses the GoToMeeting product from LogMeIn Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogerson's Quay, Dublin 2, Ireland, to conduct webinars/webcasts and web meetings. Registration is provided by LogMeIn Ireland Ltd. to MCN via a registration link.

In the course of the registration and usage process this and other data are processed:

First name, Surname

Company

Address

Email address

If applicable Chat logs

MCN needs your data on a regular basis for the preparation of lists of participants and, if applicable, minutes, as well as your email address for the transmission of the minutes and presentations The legal basis for the data processing follows from Art. 6 (1) lit. b) GDPR. Your data are deleted when it is no longer needed for the purposes of its collection.

 

GoToWebinar

We offer web seminars/webcasts or web meetings with different topics at regular intervals. We use the GoToWebinar product from LogMeIn Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogerson's Quay, Dublin 2, Ireland, to conduct web seminars/webcasts and web meetings. Registration is provided by LogMeIn Ireland Ltd. to MCN via a registration link. In the course of the registration and usage process this and other data are processed:

First name, Surname

Company

Address

Email address

Chat logs, if applicable

We need your data on a regular basis for the preparation of lists of participants and, if applicable, minutes, as well as your email address for the transmission of the minutes and presentations. The legal basis for the data processing follows from Art. 6 (1) lit. b) GDPR. Your data are deleted when it is no longer needed for the purposes of its collection.

 

Microsoft Teams

MCN uses the "Microsoft Teams" tool to conduct conference calls, online meetings, video conferences and/or online seminars (hereinafter: "Online Meetings"). "Microsoft Teams" is a product of the Microsoft Corporation.

The data controller responsible for data processing directly related to the organisation of "online meetings" is MCN.

What type of data are processed?

Various types of data are processed when using “Microsoft Teams”. The scope of the data also depends on the information provided before or during participation in an "online meeting".

The following personal data are subject to processing:

User details: e.g. display name, email address (if applicable), profile picture (optional), preferred language

Meeting metadata: e.g. date, time, meeting ID, phone numbers, location

Text, audio and video data: There is the option of using the chat function in an "online meeting". In this respect, the text entries made by the respective user are processed in order to display them in the “online meeting". Data from your end device's microphone and any end device's video camera are processed during the meeting to enable the display of video and the playback of audio. The camera or microphone can be turned off or muted by the user at any time via the "Microsoft Teams" applications.

Scope of processing

MCN uses "Microsoft Teams" to conduct "online meetings." Should "online meetings" need to be recorded, then this is to be transparently communicated in advance and, where applicable obtain consent.

Chat content is logged when using Microsoft Teams. MCN records the chat content when applicable for the purposes of logging the results of an online meeting. This is, however, as a rule not required.

Automated decision-making within the meaning of Article 22 GDPR is not used.

Legal bases of data processing

Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for the processing of personal data of MCN employees. Should, in connection with the use of "Microsoft Teams", personal data not be required for the establishment, implementation or termination of the employment relationship, but nevertheless be an elementary component in the use of "Microsoft Teams", then Art. 6 (1) lit. f) GDPR is the legal basis for the data processing. In these cases our interest lies in the effective implementation of "online meetings".

In all other respects, the legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b) GDPR, in so far as the meetings are conducted within the framework of contractual relationships.

Should no contractual relationship exist, the legal basis is Art. 6 para. 1 lit. f) GDPR. Again, our interest is in the effective conduct of "online meetings".

Recipients/disclosure of data

Personal data processed in connection with the participation in "online meetings" are generally not passed on to third parties, unless they are specifically intended to be passed on. Please note that, as with face-to-face meetings, content from "online meetings" may well be used to communicate information to third parties and is therefore intended for disclosure.

Other recipients: The "Microsoft Teams" provider necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in the context of the order processing agreement with "Microsoft Teams"

Data processing outside the European Union

In principle, no data processing takes place outside the European Union (EU), as MCN has restricted its storage location to data centres in the European Union. However, we cannot exclude that the routing of data takes place via internet servers that are located outside the EU.

This may be the case in particular when participants in "online meetings" are located in a third country.

The data, however, is encrypted during transport over the Internet and as such protected against unauthorized access by third parties.

 

Webex

MCN processes personal data in connection with the conduct of telephone conferences, online meetings, video conferences and/or webinars (hereinafter: web meetings) using "Cisco Webex".

When using "Cisco Webex", various types of personal data are processed. The scope of data processing also depends on the information you provide before or during participation in a web meeting and the settings used.

The following personal data are subject to processing.

User details: Name, first name, email address

Meeting Metadata: Topic, description (optional), participant IP addresses, device/hardware information For recordings:MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

When dialing in by telephone: Details of incoming and outgoing telephone number, country name, start and end time.

It is possible that additional connection data such as the IP address of the device are stored, as required.

Text, audio and video data: You may have the option of using the chat, question or survey functions in a web meeting. In this regard, the text entries you make are processed in order to display them in the web meeting and if applicable, to record them. Data from your end device's microphone and any end device's video camera are processed during the meeting to enable the display of video and the playback of audio. You have the option of switching off or muting the camera or microphone yourself at any time via the "Cisco Webex" applications.

The default settings are made on the part of MCN in such a way that no text, audio or video data of yours are processed without you initiating this processing yourself.

Your personal data are processed by MCN for the purpose of fulfilling the articles of the association. The "Cisco Webex” tool is also used to enable these tasks to be performed digitally. The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR.

Personal data processed in connection with the participation in “web meetings" are generally not passed on to third parties, unless that is the specific intention. The Cisco Webex provider necessarily obtains knowledge of the aforementioned data in as far as this is provided for in the context of the order processing agreement with Cisco Webex.

"Cisco Webex" is a service of Cisco Systems, Inc. based in the USA. Nevertheless, a processing of personal data only takes place in a third country with regard to the contractual data. The other personal data, in particular that of the meeting participants, are processed exclusively on servers in the EU.

MCN has concluded an order processing contract with the provider of "Cisco Webex", which complies with the requirements of Art. 28 GDPR.

Any personal data relating to you are stored until the purpose of the data processing no longer applies or after the expiry of statutory or official retention obligations.

 

Supporting Service Providers for WELO (Data Processors)

We have commissioned the following service providers regarding the use and hosting of WELO Workspace:

1.   Google LLC (Google Cloud)
The region of Frankfurt, Germany (europe-west3) is used for Google Cloud hosting (Google Cloud Platform, GCP). The Google Cloud, however, operates on the principle of a multi-tenant environment, meaning that data is replicated across multiple geographically distributed data centres (data centre resilience). Personal data is only transferred to countries outside the EU as part of the hosting process (Google Cloud Platform, GCP). The legal basis for this is the relevant EU Standard Contractual Clauses. Further information on data protection in the Google Cloud can be found in the GCP model contractual clauses at https://cloud.google.com/security/gdpr/resource-center/contracts-and-terms?hl=en

2. Hosting with Amazon Web Services (AWS)
When WELO Workspace is used, hosting is provided by AWS (Amazon Web Services). The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter: AWS). When hosting is provided by AWS, your personal data will be processed on AWS's servers. This may involve the transfer of personal data to the parent company of AWS in the USA. Data transfer to the USA is based on the EU Standard Contractual Clauses. You can find the details here: https://aws.amazon.com/en/blogs/security/aws-gdpr-data-processing-addendum/

For more information, please see the AWS privacy notice: https://aws.amazon.com/en/privacy/?nc1=f_pr

AWS is used in accordance with Art. 6 Para. 1 f) of the GDPR. We have a legitimate interest in ensuring that the WELO Workspace is as reliable as possible. If the relevant consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 a) of the GDPR; the consent can be revoked at any time.

 

Wonder.me

MCN uses "Wonder" as a video conferencing system. "Wonder" is a software solution provided by Yotribe GmbH, Kommandantenstraße 77, 10117 Berlin, Germany. The current privacy policy of "Wonder" can be viewed here: www.wonder.me/privacy-policy

Different types of data are processed when using “Wonder”. The scope of the data also depends on the information you provide before or during participation in a "Wonder Room".

The following personal data are subject to processing:

User details: First and last nameEmail address

Meeting Metadata: Cookies and usage data

Data from your end device's microphone and any end device's video camera are processed during the meeting to enable the display of video and the playback of audio. No recordings are stored in "Wonder ".

Usage data

"Wonder" collects browser data while using the service. This includes, among other aspects, the IP address, browser type, pages viewed, duration and date of use, device ID and diagnostic data.

Analysis data and cookies

"Wonder" uses cookies and similar analytics (e.g. beacons, tags and scripts) to analyse the use of the web service and to enable improvements.

The browser can be set to refuse the use of cookies. Should this be the case, some elements of the "Wonder" service are not available for use.

Examples of cookies that "Wonder" uses:

Session cookies. Session cookies are necessary for usage of the service.

Preference cookies. Preference cookies are used to store settings and usage habits.

Security cookies. Security cookies are necessary for security settings.

Who receives the data transmitted?

It cannot be ruled out that your information, in particular personal data, is transmitted and stored outside Germany. By agreeing to the Conditions of Use, you also agree to the transfer of your data. "Wonder" ensures that your data are protected. 

Should you not agree to the data transfer, then use of the video conferencing system is not possible.

Other recipients / disclosure of data

Personal data processed in connection with participation in the online event are not disclosed to third parties as a matter of principle, unless they are specifically intended to be disclosed.

Other recipients: The provider of "Wonder" necessarily obtains knowledge of the aforementioned data.

 

ZOOM

MCN uses the Zoom.us provider for webinars and video conferencing for groups or in a 1:1 setting.

Attendance at such a meeting involves the transfer of your registration data to Zoom, where the data may be used to remind you of the event. In addition, personal data may also be accessible to MCN as organiser and the other participants in the context of a Zoom meeting, depending on how and with which activities you participate in the meeting.

It is possible during a Zoom webinar that your questions or comments are visible to MCN as organiser and/or other participants, or that you yourself are visible and/or your voice is audible. Please refer to the respective instructions in the context.

You agree by attending a webinar or Zoom meeting that the meeting or webinar is recorded by MCN and used within the scope of the purpose of the respective event.

MCN uses Zoom exclusively within the framework of the statutory purposes pursuant to Art. 6 para. 1 lit. b) GDPR and Art. 6 para. 1 lit. f) GDPR in certain cases for the purpose of contract fulfilment and, in addition, within the scope of our legitimate interest in modern and efficient communication with customers, interested parties and other users. Please refer to Zoom's privacy statement (https://zoom.us/de-de/privacy.html) and the special regulations within the framework of GDPR (https://zoom.us/de-de/gdpr.html) for further information.

Zoom is offered by Zoom.us, Zoom Video Communications Inc, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. We refer to Zoom's certification under the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TNkCAAW&status=Active) where processing of data takes place in the USA.

 

Rights of the data subject

If your personal data is processed, you are the data subject in the sense of GDPR and you have the following rights vis-à-vis us:

1. Right to information

You may request confirmation from us as to whether personal data relating to you are being processed by us.

In the event of such processing, you may request the following information from us:

  • (1) the purposes for which the personal data is being processed;
  • (2) the categories of personal data processed;
  • (3) the recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed;
  • (4) the planned retention duration of your personal data or, if it is not possible to provide specific information in this regard, criteria for determining the retention period;
  • (5) the existence of a right to rectify or delete personal data concerning you, a right to limit the processing by the controller or a right to object to such processing;
  • (6) the existence of a right of appeal to a supervisory authority;
  • (7) all available information on the origin of the data, if the personal data are not collected from the data subject;
  • (8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and/or completion against us if the personal data processed concerning you are inaccurate or incomplete. The controller must rectify the data without delay.

3. Right to limit the processing

Under the following conditions, you may request that the processing of your personal data be restricted:

  • (1) if you dispute the accuracy of the personal data concerning you for a period of time that allows us to verify the accuracy of the personal data;
  • (2) the processing is unlawful and you refuse the erasure of the personal data and instead request a restriction of the use of the personal data;
  • (3) the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
  • (4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing of your personal data has been restricted in accordance with the above requirements, we will immediately notify you before the restriction is lifted.

4. Right to erasure a) Obligation to erase personal data

You have the right to request from us that your personal data be erased without undue delay and the controller is obliged to erase this information without undue delay provided one of the following reasons applies:

  • (1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • (2) You revoke your consent on which the processing pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR was based and there is no other legal basis for processing.
  • (3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 (2) GDPR.
  • (4) The personal data concerning you have been processed unlawfully.
  • (5) The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • (6) The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b) Information to third parties

Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

C) Exceptions

The right to deletion shall not apply to the extent that processing is necessary

  • (1) for exercising the right of freedom of expression and information;
  • (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with Art. 9 (2) lit. h and i, and Art. 9 (3) GDPR;
  • (4) for archiving purposes the serving public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • (5) for the establishment, exercise or defence of legal claims.

5. Right to be informed

If you have asserted your right to rectification, erasure or restriction of processing against us, we are under obligation to notify all recipients to whom the personal data relating to yourself has been disclosed of the corresponding rectification or erasure of data or of the restriction of their processing with the exception of cases where such notification by us proves impossible or unreasonable.

You have the right to be informed of who these recipients are.

6. Right to data portability

You have the right to receive the personal data concerning yourself that you have provided to a controller in a structured, commonly used and machine-readable format. You are also entitled to transmit this data to another controller without the controller to whom you have provided the data hindering you from doing so and if

  • (1) you have consented to processing as per Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or processing is governed by a contract as per Art. 6 (1) lit. b GDPR and
  • (2) processing occurs using automated methods.

When exercising this right, you can further request controllers to send the personal data relating to yourself directly to another controller, provided this is technically feasible. This must not adversely affect the liberties and rights of others.

The right to data portability does not extend to the processing of personal data where such processing is necessary for fulfilling a duty in the public interest or for exercising executive duties appointed to us.

7. Right to object

You are entitled to object for reasons arising from your own personal situation at any time against processing of personal data relating to yourself where processing is legitimised by Art. 6 (1) lit. e or f GDPR; this applies in equal measure to profiling legitimised by these provisions.

The controller will cease to process your personal data unless they can prove compelling legitimate reasons for processing that override your interests, rights and liberties or processing pursues the assertion, exercise or defence of legal claims.

If personal data relating to yourself is processed for the purpose of direct advertising, you are entitled to object at any time to the processing of your personal data for this purpose; this applies equally to profiling where it occurs in connection with such direct advertising.

If you object to processing for direct advertising, the personal data relating to yourself will no longer be processed for this purpose.

You may, in connection with the use of information society services – Directive 2002/58/EC notwithstanding – exercise your right to object by means of automated methods that are subject to technical specifications.

8. Right to withdraw your consent under data protection law

You are entitled to withdraw your consent under data protection law at any time. Your withdrawing consent does not affect legitimacy of any processing that has occurred with your consent prior to withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to any decision that entails legal implications for yourself or that has similar, substantially adverse effects on yourself, if said decision is based solely on automated processing; this includes profiling. You do not have this right if the decision

  • (1) is necessary to allow conclusion or fulfilment of a contract between yourself and the controller,
  • (2) is legitimate under the legal provisions of the European Union or its member states to which the controller is subject and these legal provisions include appropriate measures safeguarding your rights, liberties and legitimate personal interests or
  • (3) is made with your express consent.

However, such decisions may have been made based on personal data of special categories as per Art. 9 (1) GDPR unless Art. 9 (2) lit. a or g GDPR also apply and appropriate measures have been taken to protect your rights, liberties and legitimate personal interests.

With respect to cases (1) and (3), the controller shall take appropriate precautions to protect your rights, liberties and legitimate interests; such precautions will include at least the right to enforce intervention by a human individual at the controller’s, and to put forward your own opinion and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if the you consider that the processing of personal data relating to your infringes the GDPR.

The supervisory authority receiving the complaint will keep the complainant up to date on status and results of the complaint, including on recourse to judicial remedies as per Art. 78 GDPR.